摘要: 在传统的互联网环境下,服务商的用户系统相互独立。为了使用在各种场景下的应用服务,人们需注册大量的账号,面临不可控的信息泄露风险和繁杂的信息更新流程。为解决数字身份之间相互隔离的问题,使用户更好地掌控自己的数字身份,具有去中心化身份(DID)的认证机制被提出,然而现有DID方案给用户带来密钥管理的负担,且这些方案都假设已经存在由一组凭证发行者组成的生态系统,不能与现有的互联网生态兼容。提出一种基于智能合约和非同质化代币的数字身份认证方案,通过阐述数字身份和数字账户的概念,说明两者的区别及其关联,使用分层确定性钱包技术生成并管理用户的数字身份和数字账户的密钥,充分兼容现有互联网服务商的用户系统和认证机制,将数字账户以非同质化代币的形式保存在区块链上,通过零知识的手段隐藏用户账户的真实信息。在此基础上,将单点登录(SSO)中的认证方由可信的第三方替换为区块链上的智能合约,实现类似SSO的“一次认证,处处登录”机制。在以太坊测试链上的实验结果证明,该方案能够有效实现去中心化场景下的SSO功能,且具有良好的可用性、匿名性和安全性。
Abstract: Service providers are separated in a traditional Internet environment. In various scenarios, people have to register a large number of accounts to use application services, which leads to uncontrollable information leakage risks and complicated information update processes. Many Decentralized Identity(DID) authentication mechanisms have been proposed to break down the barriers around isolated digital identities to give users greater control over their private data. However, existing approaches burden users with the management of private keys and presume spontaneous availability of a credential-issuance ecosystem. This study proposes a decentralized digital identity authentication scheme based on smart contracts and non-fungible tokens. It elaborates on the concepts of digital identities and accounts, and illustrates their differences and associations. Hierarchical deterministic wallet technology is applied to generate and manage cryptographic key pairs as digital identities and digital accounts which are stored on a blockchain as Non-Fungible Tokens(NFT). Moreover, zero-knowledge proofs are incorporated to protect personal information. Traditional trusted third parties are replaced with smart contracts on the blockchain to achieve Single Sign-On(SSO) mechanism, which enables "authentication once, login everywhere" and is compatible with legacy web accounts. The proposed scheme was then tested on a private Ethereum blockchain. The experimental results show that the scheme implements SSO in a decentralized method and satisfies the requirements of availability, anonymity, and security.
Key words:
Single Sign-On(SSO),
smart contracts,
Decentralized Identity(DID),
Non-Fungible Token(NFT),
黄金荣, 刘百祥, 张亮, 张展鹏. 基于智能合约和非同质化代币的去中心化匿名身份认证模型[J]. 计算机工程, 2023, 49(4): 14-22.
HUANG Jinrong, LIU Baixiang, ZHANG Liang, ZHANG Zhanpeng. Decentralized Anonymous Identity Authentication Model Based on Smart Contracts and Non-Fungible Tokens[J]. Computer Engineering, 2023, 49(4): 14-22.