支持黑名单的去中心化<i>k</i>次匿名属性认证

doi:10.19678/j.issn.1000-3428.0069422

摘要/Abstract

摘要：

随着云计算和数据服务的普及, 人们对隐私保护和数据安全的需求日益迫切。传统的匿名认证方案可以保护用户的隐私, 但是在对用户的访问控制方面存在不足, 而现有的k次匿名属性认证方案无法对恶意用户问责。为了在保护用户隐私的同时对用户进行访问控制和问责, 提出一种支持黑名单的去中心化k次匿名属性认证方案, 旨在使服务提供商能够对用户进行细粒度访问控制并限制其访问次数, 同时能够阻止黑名单中的恶意用户再次访问服务。该方案利用去中心化属性加密与非交互式零知识证明技术, 使得用户能够以匿名的方式认证其属性, 同时还能证明其访问服务的次数没有超过阈值。为了在实现匿名性的同时对恶意用户问责, 设计黑名单机制, 利用无陷门累加器技术加快了黑名单管理和认证的过程, 提高了方案的效率。此外, 通过结合去中心化属性密码和区块链技术, 该方案还具有去中心化的特性。实验结果表明, 该方案的安全模型满足抗误验证性和匿名性, 在实际应用中具有一定的可行性和实用性。

关键词: 区块链, 属性密码, 零知识证明, 黑名单, 匿名认证, 累加器

Abstract:

As cloud computing and data services become increasingly prevalent, the demand for privacy protection and data security has increased. Traditional anonymous authentication schemes can safeguard user privacy but often lack effective user access control. Existing k-times anonymous attribute-based authentication schemes also lack mechanisms for holding malicious users accountable. To address these issues while protecting user privacy, this study proposes a decentralized, blacklistable k-times attribute-based anonymous authentication scheme. This scheme enables service providers to implement fine-grained access control and restrict the number of times users can access the service. It also prevents blacklisted malicious users from regaining access. The scheme utilizes decentralized attribute-based encryption and non-interactive zero-knowledge proofs to enable users to authenticate their attributes anonymously while ensuring that their access frequency does not exceed a specified limit. To ensure anonymity and accountability for malicious users, the scheme incorporates a blacklisting mechanism. The use of the trapdoorless accumulator technique enhances the efficiency of both blacklist management and authentication processes. In addition, by integrating decentralized attribute-based cryptography with blockchain technology, the scheme achieves decentralized characteristics. Experimental results show that the security model of this scheme effectively resists misauthentication and preserves anonymity, and has certain feasibility and practicality in practical applications.

Key words: blockchain, attributed-based encryption, zero-knowledge proof, blacklist, anonymous authentication, accumulator

陶静怡, 彭凌祺, 阚海斌. 支持黑名单的去中心化k次匿名属性认证[J]. 计算机工程, 2025, 51(2): 159-169.

TAO Jingyi, PENG Lingqi, KAN Haibin. Decentralized k-Times Anonymous Attribute Authentication Supporting Blacklist[J]. Computer Engineering, 2025, 51(2): 159-169.

https://www.ecice06.com/CN/Y2025/V51/I2/159

图/表 4

图1 本文方案流程

Fig.1 Procedure of the scheme in this paper

图2 属性数量对生成和验证认证开销的影响

Fig.2 Impact of the number of attributes on the overhead of generating and verifying authentication

图3 黑名单大小对生成和验证认证开销的影响

Fig.3 Impact of blacklist size on the overhead of generating and verifying authentication

参考文献 50

1	刘英军, 罗洋, 杨钰均, 等. 面向医疗物联网的匿名认证协议. 计算机科学, 2023, 50 (8): 359- 364. doi: 10.11896/jsjkx.220700151
	LIU Y J , LUO Y , YANG Y J , et al. Anonymous authentication protocol for medical Internet of Things. Computer Science, 2023, 50 (8): 359- 364. doi: 10.11896/jsjkx.220700151
2	宋靖文, 张大伟, 韩旭, 等. 区块链中可监管的身份隐私保护方案. 软件学报, 2023, 34 (7): 3292- 3312. doi: 10.13328/j.cnki.jos.006517
	SONG J W , ZHANG D W , HAN X , et al. Supervised identity privacy protection scheme in blockchain. Journal of Software, 2023, 34 (7): 3292- 3312. doi: 10.13328/j.cnki.jos.006517
3	杨小东, 李沐紫, 马国祖, 等. 车联网中支持非法签名定位的无证书匿名认证方案. 计算机工程, 2024, 50 (6): 157- 165. doi: 10.19678/j.issn.1000-3428.0067902
	YANG X D , LI M Z , MA G Z , et al. Certificateless anonymous authentication scheme supporting illegal signatures localization for Internet of vehicles. Computer Engineering, 2024, 50 (6): 157- 165. doi: 10.19678/j.issn.1000-3428.0067902
4	CHAUM D. Blind signatures for untraceable payments[C]//Proceedings of Advances in Cryptology. Berlin, Germany: Springer, 1983: 199-203.10.1007/978-1-4757-0602-4_18
5	CAMENISCH J, LYSYANSKAYA A. An efficient system for non-transferable anonymous credentials with optional anonymity revocation[C]//Proceedings of International Conference on the Theory and Application of Cryptographic Techniques Innsbruck. Berlin, Germany: Springer, 2001: 93-118.10.1007/3-540-44987-6_7
6	TERANISHI I, FURUKAWA J, SAKO K. K-times anonymous authentication[C]//Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin, Germany: Springer, 2004: 308-322.10.1007/978-3-540-30539-2_22
7	NGUYEN L. Efficient dynamic k-times anonymous authentication[C]//Proceedings of International Conference on Cryptology in Vietnam. Berlin, Germany: Springer, 2006: 81-98.10.1007/11958239_6
8	AU M H, SUSILO W, MU Y. Constant-size dynamic k-TAA[C]//Proceedings of International Conference on Security and Cryptography for Networks. Berlin, Germany: Springer, 2006: 111-125.
9	YUEN T , LIU J K , AU M , et al. K-times attribute-based anonymous access control for cloud computing. IEEE Transactions on Computers, 2014, 64 (9): 2595- 2608. doi: 10.1109/TC.2014.2366741
10	HONG J N , XUE K P , GAI N , et al. Service outsourcing in F2C architecture with attribute-based anonymous access control and bounded service number. IEEE Transactions on Dependable and Secure Computing, 2020, 17 (5): 1051- 1062. doi: 10.1109/TDSC.2018.2845381
11	LIU X , WANG H , ZHANG B , et al. An efficient fine-grained data access control system with a bounded service number. Information Sciences, 2022, 584, 536- 563. doi: 10.1016/j.ins.2021.10.038
12	HUANG J Y , SUSILO W , GUO F C , et al. An anonymous authentication system for pay-as-you-go cloud computing. IEEE Transactions on Dependable and Secure Computing, 2020, 19 (2): 1280- 1291. doi: 10.1109/TDSC.2020.3007633
13	BOYEN X, HAINES T. Forward-secure linkable ring signatures[C]//Proceedings of Australasian Conference on Information Security and Privacy. Berlin, Germany: Springer, 2018: 245-264.10.1007/978-3-319-93638-3_15
14	REN Y , GUAN H P , ZHAO Q X . An efficient lattice-based linkable ring signature scheme with scalability to multiple layer. Journal of Ambient Intelligence and Humanized Computing, 2022, 13 (3): 1547- 1556. doi: 10.1007/s12652-021-03092-1
15	LU A R, LI W H, YAO Y Z, et al. TCABRS: an efficient traceable constant-size attribute-based ring signature scheme for electronic health record system[C]//Proceedings of the 6th International Conference on Data Science in Cyberspace (DSC). Washington D. C., USA: IEEE Press, 2021: 106-113.10.1109/DSC53577.2021.00022
16	DERLER D, SLAMANIG D. Highly-efficient fully-anonymous dynamic group signatures[C]//Proceedings of the 2018 on Asia Conference on Computer and Communications Security. New York, USA: ACM Press, 2018: 551-565.10.1145/3196494.3196507
17	ZHANG Y X , LEI H , WANG B , et al. Traceable ring signature schemes based on SM2 digital signature algorithm and its applications in the data sharing scheme. Frontiers of Computer Science, 2024, 18 (2): 182815. doi: 10.1007/s11704-023-3318-z
18	汤永利, 李英, 赵宗渠, 等. 格上可追溯的匿名单点登录方案. 计算机研究与发展, 2023, 60 (6): 1417- 1430. doi: 10.7544/issn1000-1239.202111235
	TANG Y L , LI Y , ZHAO Z Q , et al. Traceable anonymous single sign on scheme on lattice. Journal of Computer Research and Development, 2023, 60 (6): 1417- 1430. doi: 10.7544/issn1000-1239.202111235
19	王栋, 王合建, 玄佳兴, 等. 面向电力调度指令的区块链隐私可追踪存证方案. 计算机工程, 2024, 50 (5): 158- 166. doi: 10.19678/j.issn.1000-3428.0066876
	WANG D , WANG H J , XUAN J X , et al. Blockchain privacy-traceable deposit scheme for power-dispatch instructions. Computer Engineering, 2024, 50 (5): 158- 166. doi: 10.19678/j.issn.1000-3428.0066876
20	TSANG P P , AU M , KAPADIA A , et al. BLAC: revoking repeatedly misbehaving anonymous users without relying on TTPs. ACM Transactions on Information and System Security, 2010, 13 (4): 1- 33. doi: 10.1145/1880022.1880033
21	TSANG P P, AU M H, KAPADIA A, et al. PEREA: towards practical TTP-free revocation in anonymous authentication[C]//Proceedings of the 15th Conference on Computer and Communications Security. New York, USA: ACM Press, 2008: 333-344.10.1145/1455770.1455813
22	YU K Y, YUEN T H, CHOW S S M, et al. PE (AR) 2: privacy-enhanced anonymous authentication with reputation and revocation[EB/OL]. [2024-01-15]. https://link.springer.com/content/pdf/10.1007/978-3-642-33167-1_39.pdf?pdf=core.10.1007/978-3-642-33167-1_39
23	NAKANISHI T , KANATANI T . Efficient blacklistable anonymous credential system with reputation using a pairing-based accumulator. IET Information Security, 2020, 14 (6): 613- 624. doi: 10.1109/TrustCom/BigDataSE.2018.00158
24	ÖZBAY C , LEVI A . Blacklisting based anonymous authentication scheme for sharing economy. IEEE Transactions on Dependable and Secure Computing, 2024, 21 (2): 828- 846. doi: 10.1109/TDSC.2023.3263742
25	SRINIVASAN S, KARANTAIDOU I, BALDIMTSI F, et al. Batching, aggregation, and zero-knowledge proofs in bilinear accumulators[C]//Proceedings of Conference on Computer and Communications Security. New York, USA: ACM Press, 2022: 2719-2733.10.1145/3548606.3560676
26	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM conference on Computer and Communications Security. New York, USA: ACM Press, 2006: 89-98.10.1145/1180405.1180418
27	ROUSELAKIS Y, WATERS B. Efficient statically-secure large-universe multi-authority attribute-based encryption[C]//Proceedings of International Conference on Financial Cryptography and Data Security. Berlin, Germany: Springer, 2015: 315-332.10.1109/ACCESS.2021.3070907
28	LEWKO A, WATERS B. Decentralizing attribute-based encryption[C]//Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2011: 568-588.
29	GOLDREICH O , OREN Y . Definitions and properties of zero-knowledge proof systems. Journal of Cryptology, 1994, 7 (1): 1- 32. doi: 10.1007/BF00195207
30	FIAT A, SHAMIR A. How to prove yourself: practical solutions to identification and signature problems[C]//Proceedings of Conference on the Theory and Application of Cryptographic Techniques. Berlin, Germany: Springer, 2007: 186-194.10.1007/3-540-47721-7_12
31	BEN-SASSON E, CHIESA A, TROMER E, et al. Succinct non-interactive zero knowledge for a von Neumann architecture[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. Berlin, Germany: Springer, 2014: 781-796.
32	AGRAWAL S, GANESH C, MOHASSEL P. Non-interactive zero-knowledge proofs for composite statements[EB/OL]. [2024-01-15]. https://link.springer.com/content/pdf/10.1007/978-3-319-96878-0_22.pdf?pdf=core.10.1007/978-3-319-96878-0_22
33	BENALOH J, DE MARE M. One-way accumulators: a decentralized alternative to digital signatures[C]//Proceedings of Workshop on the Theory and Application of of Cryptographic Techniques. Berlin, Germany: Springer, 1994: 274-285.10.1007/3-540-48285-7_24
34	CAMENISCH J, LYSYANSKAYA A. Dynamic accumulators and application to efficient revocation of anonymous credentials[EB/OL]. [2024-01-15]. https://link.springer.com/content/pdf/10.1007/3-540-45708-9_5.pdf.10.1007/3-540-45708-9_5
35	LI J T, LI N H, XUE R. Universal accumulators with efficient nonmembership proofs[EB/OL]. [2024-01-15]. https://link.springer.com/content/pdf/10.1007/978-3-540-72738-5_17.pdf.10.1007/978-3-540-72738-5_17
36	BONEH D, BÜNZ B, FISCH B. Batching techniques for accumulators with applications to IOPs and stateless blockchains[C]//Proceedings of Annual International Cryptology Conference. Berlin, Germany: Springer, 2019: 561-586.10.1007/978-3-030-26948-7_20
37	LI Y S , CAO L , ZHENG G L , et al. Improved RSA dynamic cryptographic accumulator-based anonymous batch authentication scheme for Internet of vehicles. Computers and Electrical Engineering, 2024, 117, 109261. doi: 10.1016/j.compeleceng.2024.109261
38	NGUYEN L. Accumulators from bilinear pairings and applications[C]//Proceedings of the 2005 International Conference on Topics in Cryptology. Berlin, Germany: Springer, 2005: 275-292.10.1007/978-3-540-30574-3_19
39	KARANTAIDOU I, BALDIMTSI F. Efficient constructions of pairing based accumulators[C]//Proceedings of the 34th Computer Security Foundations Symposium (CSF). Washington D. C., USA: IEEE Press, 2021: 1-16.10.1109/CSF51468.2021.00033s
40	CAMACHO P, HEVIA A, KIWI M, et al. Strong accumulators from collision-resistant hashing[C]//Proceedings of International Conference on Information Security. Berlin, Germany: Springer, 2008: 471-486.10.1007/s10207-012-0169-2
41	CAMPANELLI M, HALL-ANDERSEN M, KAMP S H. Curve trees: practical and transparent {zero-knowledge} accumulators[C]//Proceedings of the 32nd USENIX Security Symposium. [S. l. ]: USENIX Association, 2023: 4391-4408.
42	BAILEY B, SANKAGIRI S. Merkle trees optimized for stateless clients in bitcoin[C]//Proceedings of International Conference on Financial Cryptography and Data Security. Berlin, Germany: Springer, 2021: 451-466.10.1007/978-3-662-63958-0_35
43	VITTO G, BIRYUKOV A. Dynamic universal accumulator with batch update over bilinear groups[C]//Proceedings of Cryptographers' Track at the RSA Conference. Berlin, Germany: Springer, 2022: 395-426.10.1007/978-3-030-95312-6_17
44	THAKUR S. Batching non-membership proofs with bilinear accumulators[EB/OL]. [2024-01-15]. https://eprint.iacr.org/2019/1147.
45	AU M H , SUSILO W , MU Y , et al. Constant-size dynamic k-times anonymous authentication. IEEE Systems Journal, 2013, 7 (2): 249- 261. doi: 10.1109/JSYST.2012.2221931
46	MALAVOLTA G, SCHRÖDER D. Efficient ring signatures in the standard model[C]//Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin, Germany: Springer, 2017: 128-157.10.1007/978-3-319-70697-9_5
47	XU S Y, CHEN X, WANG C, et al. A lattice-based ring signature scheme to secure automated valet parking[C]//Proceedings of International Conference on Wireless Algorithms, Systems, and Applications. Berlin, Germany: Springer, 2021: 70-83.10.1007/978-3-030-86130-8_6
48	KANG Z Z , LI J G , SHEN J , et al. TFS-ABS: traceable and forward-secure attribute-based signature scheme with constant-size. IEEE Transactions on Knowledge and Data Engineering, 2023, 35 (9): 9514- 9530. doi: 10.1109/TKDE.2023.3241198
49	YANG R P , AU M H , XU Q L , et al. Decentralized blacklistable anonymous credentials with reputation. Computers & Security, 2019, 85, 353- 371. doi: 10.1016/j.cose.2019.05.009
50	GROSS T. Hashing to prime in zero-knowledge[C]//Proceedings of International Conference on Security and Cryptography. Berlin, Germany: Springer, 2021: 121-128.

[1]	鲁明, 陈慈发, 董方敏. 基于综合积分机制的权益证明共识算法改进研究[J]. 计算机工程, 2025, 51(1): 148-155.
[2]	王奕丰, 曾诚, 全擎宇, 王娇然, 何鹏. 基于多特征融合的智能合约缺陷检测方法[J]. 计算机工程, 2024, 50(8): 133-141.
[3]	郑清安, 董建成, 陈亮, 阮英清, 李锦松, 许林彬. 分布式可信数据管理与隐私保护技术研究[J]. 计算机工程, 2024, 50(7): 174-186.
[4]	杨小东, 李沐紫, 马国祖, 李松谕, 王彩芬. 车联网中支持非法签名定位的无证书匿名认证方案[J]. 计算机工程, 2024, 50(6): 157-165.
[5]	刘寅昊, 蒋文保, 孙林昆, 王勇攀. 基于路径存储表的Hashgraph共识算法优化与实现[J]. 计算机工程, 2024, 50(6): 166-178.
[6]	旋逸昭, 赵红武, 金瑜. 一种基于双链的区块链共识机制[J]. 计算机工程, 2024, 50(5): 139-148.
[7]	王栋, 王合建, 玄佳兴, 郑尚卓, 陈炳聪. 面向电力调度指令的区块链隐私可追踪存证方案[J]. 计算机工程, 2024, 50(5): 158-166.
[8]	陈纪成, 包子健, 罗敏, 何德彪. 一种面向工业物联网的远程安全指令控制方案[J]. 计算机工程, 2024, 50(3): 28-35.
[9]	李宝莹, 李志淮, 王成爱, 杨锋. 自适应节点规模的区块链分片可扩展模型[J]. 计算机工程, 2024, 50(3): 137-147.
[10]	刘少杰, 文斌, 王泽旭. 基于联邦学习的多技术融合数据交易方法[J]. 计算机工程, 2024, 50(3): 182-190.
[11]	孙瑾, 苏文娟, 王璐, 叶克鑫. 基于联盟区块链和星际文件系统的安全租房方案[J]. 计算机工程, 2024, 50(11): 187-196.
[12]	马超, 宋琛. 计及电力数据安全的智能合约上链方法及防篡改技术研究[J]. 计算机工程, 2024, 50(10): 240-254.
[13]	倪雪莉, 马卓, 王群. 区块链矿池网络及典型攻击方式综述[J]. 计算机工程, 2024, 50(1): 17-29.
[14]	蔡梓越, 谭北海, 余荣, 黄旭民, 王思明. 面向6G物联网设备协同的区块链动态分片[J]. 计算机工程, 2024, 50(1): 50-59.
[15]	崔怀勇, 张绍华, 李超, 戴炳荣. 一种基于Schnorr签名的区块链预言机改进方案[J]. 计算机工程, 2024, 50(1): 166-173.

选择文件类型/文献管理软件名称

选择包含的内容

支持黑名单的去中心化k次匿名属性认证

Decentralized k-Times Anonymous Attribute Authentication Supporting Blacklist

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 50

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

支持黑名单的去中心化k次匿名属性认证

Decentralized k-Times Anonymous Attribute Authentication Supporting Blacklist

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 50

相关文章 15

编辑推荐

Metrics

本文评价