
群智网络中基于区块链的有序聚合签名认证方案
A Sequential Aggregate Signature Authentication Scheme Based on Blockchain for Crowdsensing System
传统的中心化认证机制存在单点故障和证书签发不透明等问题,难以适用具有高度自治性和动态多变性的群智网络,因此本文提出了一个基于区块链的轻量级认证机制和一个有序聚合签名方案,二者结合实现了点对点的去中心认证.在认证机制中,区块链作为一个去中心化的底层存储数据库,用来记录密钥、证书、签名和所有其他相关信息,通过对用户节点的公钥证书进行有序签名可以证明其身份的真实性,同时形成一条具有公信力的证书链.针对现有有序聚合签名方案公钥长度较长、验证效率低下的问题,基于BLS签名提出了一个新的有序聚合签名方案,并在有序聚合认证密钥模型下证明了方案的不可伪造性,分析了该方案所具有的公开验证性等安全属性.与现有方案相比较,本文方案的公钥和签名长度更短,且签名长度与用户数无关,更适用于带宽较低的群智网络环境.
Due to the single point failure and opacity of certificate issuance in traditional centralized authentication mechanism, it is difficult to apply to crowdsensing system with high autonomy and dynamic variability. In order to solve this problem, a lightweight authentication mechanism based on blockchain and a new sequential aggregate signature scheme is proposed in this paper. The combination of the two can implements a peer-to-peer de-centralization authentication. In our authentication mechanism, the blockchain acts as a de-centralized underlying storage database for recording keys, certificates, signatures and all other related information. Users can prove the authenticity of their identity with the sequential aggregate signature in the public key certificates of other nodes and establish creditable certificate chains. To solve the problem of long public key length and low verification efficiency in the existing sequential aggregate signature scheme, a new scheme for sequential aggregate signature is proposed based on BLS short signature scheme and its unforgeability is proven under the sequential aggregate certified-key model. This paper also discusses such security properties of the schemes as public verifiability. Compared with other existing sequential aggregate signature schemes in the computationally complexity, the new scheme is more acceptable to the low bandwidth environment of crowdsensing system in that the length of public key and signature is independent of the number of users.
群智网络 / 有序聚合签名 / 区块链 / 公开验证 / 身份认证 {{custom_keyword}} /
crowdsensing system / sequential aggregate signatures / blockchain technology / public verifiability / authentication mechanism {{custom_keyword}} /
表1 符号描述 |
符号 | 描述 |
---|---|
ID | 表示事务标识符 |
Attributes | 节点身份属性信息 |
PK | 节点公钥 |
SK | 节点私钥 |
| 事务信息 |
Timestamp | 时间戳 |
| 签名信息 |
Cert | 公钥证书 |
|
---|
输入: ● ● ● ● Attributes: 证书节点身份属性信息. 具体过程: 1. 调用验证合约SC.Validation校验公钥 2. 建立节点 3. 对证书进行签名,得到 4. 通过证书事务发布至区块链 输出:证书事务 |
|
---|
输入: ● ● ● ● 具体过程: 1. 通过区块链获取到相关签名元组 2. 通过有序聚合签名算法AggS(·)计算得到聚合签名 3. 通过签名事务发布至区块链 输出:签名事务 |
|
---|
输入: ● ● 具体过程: 1. 通过区块链获取到相关证书的聚合签名 2. 通过调用身份认证合约SC.Authentication的聚合验证算法AggV判定证书签名的有效性. 输出:AggV验证通过输出1,否则输出0. |
1 |
中国人工智能2.0发展战略研究项目组. 中国人工智能2.0发展战略研究[M]. 杭州: 浙江大学出版社, 2019.
{{custom_citation.content}}
{{custom_citation.annotation}}
|
2 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
3 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
4 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
5 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
6 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
7 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
8 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
9 |
马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案[J]. 电子学报, 2018, 46(11): 2571-2579.
{{custom_citation.content}}
{{custom_citation.annotation}}
|
10 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
11 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
12 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
13 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
14 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
15 |
赵慧艳, 于佳, 李朦, 等. 并行密钥隔离聚合签名[J]. 电子学报, 2015, 43(5): 1035-1040.
{{custom_citation.content}}
{{custom_citation.annotation}}
|
16 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
17 |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
{{custom_ref.label}} |
{{custom_citation.content}}
{{custom_citation.annotation}}
|
/
〈 |
|
〉 |