基于身份代理重加密的跨链身份管理方案  

作　　者：张鑫 张金全 刘德渊[1,2,3] 万武南 张仕斌 秦智[1,2,3] ZHANG Xin;ZHANG Jinquan;LIU Deyuan;WAN Wunan;ZHANG Shibin;QIN Zhi(School of Cybersecurity,Chengdu University of Information Technology,Chengdu Sichuan 610225,China;Advanced Cryptography System Security Key Laboratory of Sichuan Province(Chengdu University of Information Technology),Chengdu Sichuan 610225,China;Industrial College of Cyberspace Security,Chengdu University of Information Technology,Chengdu Sichuan 610203,China)

机构地区：[1]成都信息工程大学网络空间安全学院,成都610225 [2]先进密码技术与系统安全四川省重点实验室(成都信息工程大学),成都610225 [3]成都信息工程大学网络空间安全产业学院,成都610203

出　　处：《计算机应用》2024年第12期3723-3730,共8页journal of Computer Applications

基　　金：国家重点研发计划“网络空间安全治理”重点专项(2022YFB3103103);四川省重点研发计划项目(2022YFS0571,2021YFSY0012);成都市科技局重点研发支撑计划项目(2023-XT00-00002-GX,2022-YF05-00115-SN)。

摘　　要：针对目前跨链身份管理中存在的认证效率低、安全性能不足和可扩展性差的问题,提出一种基于身份代理重加密(IBPRE)的跨链身份管理方案。首先,结合分布式数字身份(DID)构建身份链,并为用户提供DID标识作为跨链身份标识以及可验证凭证作为访问凭证构建基于凭证信息的访问控制策略;其次,使用中继链结合密码累加器实现用户身份认证;最后,通过结合IBPRE和签名算法,构建IBPRE基础上的跨链通信模型。实验分析和评估结果表明,所提方案在认证耗时方面相较于RSA和椭圆曲线加密算法(ECC)分别减少了66.9%和4.8%。可见,中继链和身份链能实现身份管理,提升去中心化程度和扩展性,构建跨链通信模型和基于凭证信息的访问策略,并保障跨链身份管理中的安全性。In view of the current problems of low authentication efficiency,insufficient security performance and poor scalability in cross-chain identity management,a cross-chain identity management scheme based on Identity-Based Proxy Re-Encryption(IBPRE)was proposed.Firstly,an identity chain was built combining Decentralized IDentifier(DID),and DIDs were provided as cross-chain identity identifiers and verifiable certificates were provided as access certificates to the users to build an access control policy based on certificate information.Secondly,the relay chain was combined with the cryptographic accumulator to achieve user identity authentication.Finally,by combining IBPRE and signature algorithm,a cross-chain communication model based on IBPRE was constructed.Experimental analysis and evaluation results show that compared with RSA(Rivest-Shamir-Adleman algorithm)and Elliptic Curve Cryptosystem(ECC),the proposed scheme has the authentication time reduced by 66.9%and 4.8%respectively.It can be seen that relay chain and identity chain can realize identity management,improve decentralization and scalability,build cross-chain communication models and access policies based on certificate information,and ensure security in cross-chain identity management.

关 键 词：跨链 身份管理 分布式数字身份 基于身份的代理重加密 密码累加器 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]