基于智能合约和非同质化代币的去中心化匿名身份认证模型

doi:10.19678/j.issn.1000-3428.0064244

计算机工程 ›› 2023, Vol. 49 ›› Issue (4): 14-22. doi: 10.19678/j.issn.1000-3428.0064244

基于智能合约和非同质化代币的去中心化匿名身份认证模型

黄金荣^1,2, 刘百祥^1,2, 张亮^1,2, 张展鹏^1,2

1. 复旦大学计算机科学技术学院, 上海 200433;
2. 上海市区块链工程技术研究中心, 上海 200433

收稿日期:2022-03-21 修回日期:2022-06-09 发布日期:2023-04-07
作者简介:黄金荣(1999-),男,硕士研究生,主研方向为区块链应用;刘百祥,博士;张亮,博士研究生;张展鹏,硕士研究生。
基金资助:
国家重点研发计划（2019YFB2101703）；国家自然科学基金重点项目（U19A2066）；上海市科技创新行动计划（20511102200，20222420800）；广东省重点领域研发计划（2020B0101090001）；复旦大学义乌研究院项目。

Decentralized Anonymous Identity Authentication Model Based on Smart Contracts and Non-Fungible Tokens

HUANG Jinrong^1,2, LIU Baixiang^1,2, ZHANG Liang^1,2, ZHANG Zhanpeng^1,2

1. School of Computer Science, Fudan University, Shanghai 200433, China;
2. Shanghai Engineering Research Center of Blockchain, Shanghai 200433, China

Received:2022-03-21 Revised:2022-06-09 Published:2023-04-07

摘要/Abstract

摘要： 在传统的互联网环境下，服务商的用户系统相互独立。为了使用在各种场景下的应用服务，人们需注册大量的账号，面临不可控的信息泄露风险和繁杂的信息更新流程。为解决数字身份之间相互隔离的问题，使用户更好地掌控自己的数字身份，具有去中心化身份（DID）的认证机制被提出，然而现有DID方案给用户带来密钥管理的负担，且这些方案都假设已经存在由一组凭证发行者组成的生态系统，不能与现有的互联网生态兼容。提出一种基于智能合约和非同质化代币的数字身份认证方案，通过阐述数字身份和数字账户的概念，说明两者的区别及其关联，使用分层确定性钱包技术生成并管理用户的数字身份和数字账户的密钥，充分兼容现有互联网服务商的用户系统和认证机制，将数字账户以非同质化代币的形式保存在区块链上，通过零知识的手段隐藏用户账户的真实信息。在此基础上，将单点登录（SSO）中的认证方由可信的第三方替换为区块链上的智能合约，实现类似SSO的“一次认证，处处登录”机制。在以太坊测试链上的实验结果证明，该方案能够有效实现去中心化场景下的SSO功能，且具有良好的可用性、匿名性和安全性。

关键词: 单点登录, 智能合约, 去中心化身份, 非同质化代币, 区块链

Abstract: Service providers are separated in a traditional Internet environment. In various scenarios, people have to register a large number of accounts to use application services, which leads to uncontrollable information leakage risks and complicated information update processes. Many Decentralized Identity(DID) authentication mechanisms have been proposed to break down the barriers around isolated digital identities to give users greater control over their private data. However, existing approaches burden users with the management of private keys and presume spontaneous availability of a credential-issuance ecosystem. This study proposes a decentralized digital identity authentication scheme based on smart contracts and non-fungible tokens. It elaborates on the concepts of digital identities and accounts, and illustrates their differences and associations. Hierarchical deterministic wallet technology is applied to generate and manage cryptographic key pairs as digital identities and digital accounts which are stored on a blockchain as Non-Fungible Tokens(NFT). Moreover, zero-knowledge proofs are incorporated to protect personal information. Traditional trusted third parties are replaced with smart contracts on the blockchain to achieve Single Sign-On(SSO) mechanism, which enables "authentication once, login everywhere" and is compatible with legacy web accounts. The proposed scheme was then tested on a private Ethereum blockchain. The experimental results show that the scheme implements SSO in a decentralized method and satisfies the requirements of availability, anonymity, and security.

Key words: Single Sign-On(SSO), smart contracts, Decentralized Identity(DID), Non-Fungible Token(NFT), blockchain

中图分类号:

TP309

黄金荣, 刘百祥, 张亮, 张展鹏. 基于智能合约和非同质化代币的去中心化匿名身份认证模型[J]. 计算机工程, 2023, 49(4): 14-22.

HUANG Jinrong, LIU Baixiang, ZHANG Liang, ZHANG Zhanpeng. Decentralized Anonymous Identity Authentication Model Based on Smart Contracts and Non-Fungible Tokens[J]. Computer Engineering, 2023, 49(4): 14-22.

http://www.ecice06.com/CN/Y2023/V49/I4/14

图/表 13

20230415182632

20230415182635

20230415182638

20230415182641

20230415182644

20230415182647

20230415182651

20230415182654

20230415182658

20230415182702

20230415182705

20230415182708

20230415182711

参考文献

[1] MARAM D, MALVAI H, ZHANG F, et al.CanDID:can-do decentralized identity with legacy compatibility, sybil-resistance, and accountability[C]//Proceedings of IEEE Symposium on Security and Privacy.Washington D.C., USA:IEEE Press, 2021:1348-1366.
[2] DELL'AMICO M, MICHIARDI P, ROUDIER Y.Password strength:an empirical analysis[C]//Proceedings IEEE INFOCOMʼ10.Washington D.C., USA:IEEE Press, 2010:1-9.
[3] DAS A, BONNEAU J, CAESAR M, et al.The tangled Web of password reuse[EB/OL].[2022-02-10].https://www.researchgate.net/publication/269197028.
[4] HARDJONO T.Security Assertion Markup Language (SAML) v2.0 technical overview[EB/OL].[2022-02-10].http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security.
[5] GLOUD G.Overview of Google identity management[EB/OL].[2022-02-10].https://cloud.google.com/architecture/identity/overview-google-authentication.
[6] AZURE M.Single sign-on SAML protocol[EB/OL].[2022-02-10].https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol.
[7] HARDT D.The OAuth 2.0 authorization framework[EB/OL].[2022-02-10].https://www.hjp.at/doc/rfc/rfc6749.html.
[8] DAVID R, REED D.Welcome to OpenID connect[EB/OL].[2022-02-10].https://openid.net/connect/.
[9] MALER E, REED D.The Venn of identity:options and issues in federated identity management[J].IEEE Security & Privacy, 2008, 6(2):16-23.
[10] AVELLANEDA O, BACHMANN A, BARBIR A, et al.Decentralized identity:where did it come from and where is it going?[J].IEEE Communications Standards Magazine, 2019, 3(4):10-13.
[11] CONFESSORE N.Cambridge analytica and facebook:the scandal and the fallout so far[EB/OL].[2022-02-10].https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html.
[12] TORRES J, NOGUEIRA M, PUJOLLE G.A survey on identity management for the future network[J].IEEE Communications Surveys & Tutorials, 2013, 15(2):787-802.
[13] ALEXANDER M.What is azure active directory?[EB/OL].[2022-02-10].https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis.
[14] AZURE M.Digital identity for data sharing on open consortium chain[EB/OL].[2022-02-10].https://fintech.webank.com/en/weidentity/.
[15] Hyperledger indy:distributed ledger purpose-built for decentralized identity[EB/OL].[2022-02-10].https://www.hyperledger.org/use/hyperledger-indy.
[16] DUNPHY P, PETITCOLAS F A P.A first look at identity management schemes on the blockchain[J].IEEE Security & Privacy, 2018, 16(4):20-29.
[17] DUNPH Y P.ID token and access token:what's the difference[EB/OL].[2022-02-10].https://auth0.com/blog/id-token-access-token-what-is-the-difference/.
[18] CHIARELLI A.Decentralized identifiers v0.11:data model and syntaxes for decentralized identifiers[EB/OL].[2022-02-10].https://w3c-ccg.github.io/did-ISPec/.
[19] W3C.Verifiable credentials data model implementation report 1.0[EB/OL].[2022-02-10].https://www.w3.org/TR/vc-data-model/.
[20] W3C.Verifiable credentials data model v1.1[EB/OL].[2022-02-10].https://www.w3.org/TR/vc-data-model/.
[21] W3C.Decentralized Identifiers(DIDs) v1.0 core architecture, data model, and representations[EB/OL].[2022-02-10].https://www.w3.org/TR/did-core/.
[22] W3C.Rebooting the Web of trust[EB/OL].[2022-02-10].http://www.weboftrust.info/.
[23] ENTRIKEN W, SHIRLEY D, EVANS J, et al.ERC-721 non-fungible token standard[EB/OL].[2022-02-10].https://eips.ethereum.org/EIPS/eip-721.
[24] 张展鹏, 张亮, 彭凌祺, 等.基于区块链非同质化代币的软件订阅模型[J.计算机工程, 2022, 48(1):24-32. ZHANG Z P, ZHANG L, PENG L Q, et al.Software subscription model based on non-fungible tokens in blockchain[J].Computer Engineering, 2022, 48(1):24-32.(in Chinese)
[25] WUILLE P.Hierarchical deterministic wallets[EB/OL].[2022-02-10].https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki.
[26] OpenZeppelin.ERC721 non-fungible token standard.ERC721URIStorage[EB/OL].[2022-02-10].https://docs.openzeppelin.com/contracts/4.x/api/token/erc721#ERC721URIStorage.

选择文件类型/文献管理软件名称

选择包含的内容

基于智能合约和非同质化代币的去中心化匿名身份认证模型

Decentralized Anonymous Identity Authentication Model Based on Smart Contracts and Non-Fungible Tokens

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	王群, 李馥娟, 倪雪莉, 夏玲玲, 梁广俊. 区块链数据形成与隐私威胁[J]. 计算机工程, 2023, 49(8): 1-12.
[2]	陈福安, 柳毅. 基于区块链的V2G无证书环签密隐私保护方案[J]. 计算机工程, 2023, 49(6): 34-41,52.
[3]	潘雪, 袁凌云, 黄敏敏. 基于区块链和域信任度的物联网跨域信任评估模型[J]. 计算机工程, 2023, 49(5): 181-190.
[4]	高健博, 张家硕, 李青山, 陈钟. RegLang监管合约规则冲突检测方法[J]. 计算机工程, 2023, 49(5): 12-21,28.
[5]	王群, 李馥娟, 倪雪莉, 夏玲玲, 梁广俊. 区块链隐私保护机制研究[J]. 计算机工程, 2023, 49(4): 1-13.
[6]	白首圳, 陈美娟. 面向工业互联网的区块链分层分片研究[J]. 计算机工程, 2023, 49(3): 58-66,79.
[7]	杨俊明, 尹超, 杨铮. 基于激励驱动的轻量级隐私保护位置证明协议[J]. 计算机工程, 2023, 49(3): 151-160.
[8]	田秀霞, 杨明夷. 家庭物联网中基于智能合约的访问控制机制[J]. 计算机工程, 2023, 49(3): 18-28.
[9]	苏瑞国, 阳建, 秦继伟, 武晓雄, 贾振红. 基于物联网区块链的轻量级共识算法研究[J]. 计算机工程, 2023, 49(2): 175-180.
[10]	孙林昆, 蒋文保, 郭阳楠, 李春强. 基于密码累加器的无状态区块链性能优化[J]. 计算机工程, 2023, 49(2): 46-53.
[11]	刘泽坤, 王峰, 贾海蓉. 结合动态信用机制的PBFT算法优化方案[J]. 计算机工程, 2023, 49(2): 191-198.
[12]	冉玲琴, 彭长根, 许德权, 吴宁博. 基于区块链技术架构的隐私泄露风险评估方法[J]. 计算机工程, 2023, 49(1): 146-153.
[13]	李尤慧子, 俞海涛, 殷昱煜, 高洪皓. 基于超级账本的集群联邦优化模型[J]. 计算机工程, 2023, 49(1): 22-30.
[14]	陈凯, 徐成, 刘宏哲, 代松银. 基于区块链的危险驾驶地图数据评估模型[J]. 计算机工程, 2022, 48(8): 160-165,172.
[15]	张亮, 刘百祥. 区块链与秘密分享融合技术综述[J]. 计算机工程, 2022, 48(8): 1-11.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于智能合约和非同质化代币的去中心化匿名身份认证模型

Decentralized Anonymous Identity Authentication Model Based on Smart Contracts and Non-Fungible Tokens

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献

相关文章 15

编辑推荐

Metrics

本文评价