基于區(qū)塊鏈的分布式標(biāo)識密碼管理*
2023年電子技術(shù)應(yīng)用第8期
于艷艷1,李智虎2,涂因子1,袁艷芳1,李延1,龐振江1
(1.北京智芯微電子科技有限公司,北京 102200;2.中國電力科學(xué)研究院有限公司,北京 100192)
摘要: 基于標(biāo)識的密碼算法(如SM9等),需要可信第三方密鑰生成中心KGC為用戶生成標(biāo)識私鑰,存在密鑰托管、單點故障的風(fēng)險和問題。提出了一種分布式標(biāo)識密碼管理方案,多個參與方分別產(chǎn)生部分標(biāo)識私鑰發(fā)送給用戶,用戶本地運算產(chǎn)生標(biāo)識私鑰,避免了密鑰托管的問題;同時身份標(biāo)識狀態(tài)等數(shù)據(jù)可信上鏈,可以去中心化查詢用戶身份標(biāo)識及有效性,解決了KGC單點失效及信任的問題,提高了系統(tǒng)可用性和安全性。經(jīng)分析表明,方案在運行效率和帶寬要求方面均具有明顯優(yōu)勢。
中圖分類號:TP393 文獻標(biāo)志碼:A DOI: 10.16157/j.issn.0258-7998.223507
中文引用格式: 于艷艷,李智虎,涂因子,等. 基于區(qū)塊鏈的分布式標(biāo)識密碼管理[J]. 電子技術(shù)應(yīng)用,2023,49(8):98-102.
英文引用格式: Yu Yanyan,Li Zhihu,Tu Yinzi,et al. Blockchain-based distributed identity-based cryptography key management[J]. Application of Electronic Technique,2023,49(8):98-102.
中文引用格式: 于艷艷,李智虎,涂因子,等. 基于區(qū)塊鏈的分布式標(biāo)識密碼管理[J]. 電子技術(shù)應(yīng)用,2023,49(8):98-102.
英文引用格式: Yu Yanyan,Li Zhihu,Tu Yinzi,et al. Blockchain-based distributed identity-based cryptography key management[J]. Application of Electronic Technique,2023,49(8):98-102.
Blockchain-based distributed identity-based cryptography key management
Yu Yanyan1,Li Zhihu2,Tu Yinzi1,Yuan Yanfang1,Li Yan1,Pang Zhenjiang1
(1.Beijing Smartchip Microelectronics Technology Company Limited, Beijing 102200, China; 2.China Electric Power Research Institute, Beijing 100192, China)
Abstract: The identity-based cryptography algorithm such as SM9, requires a trusted third party key generation center KGC to generate the user′s identity private key, which will be faced with the risks and problems of key escrow and single point failure. This paper proposes a distributed identity-based cryptography key management scheme. Several participants generate partial identity private key to the user, and the user locally generates its own identity private key, avoiding the key escrowing problem. Meanwhile, the data such as identity status and other data can be uploaded to the blockchain. It can be used to decentralize the query of user′s identity and validity, solve the single point failure and trust problem of single KGC, and improve the system availability and security. The results show that the proposed scheme has obvious advantages in terms of efficiency and bandwidth requirements.
Key words : identity-based cryptography;SM9;key generation;distributed computation;blockchain
0 引言
近年來,在國家政策的大力扶持下,物聯(lián)網(wǎng)技術(shù)迅速發(fā)展,目前連網(wǎng)的終端設(shè)備數(shù)量數(shù)以億計,體量龐大。這些物聯(lián)網(wǎng)終端設(shè)備往往暴露在異常復(fù)雜的社會環(huán)境中,受攻擊的風(fēng)險大大增加。終端設(shè)備上存儲的采集數(shù)據(jù)、用戶數(shù)據(jù)、業(yè)務(wù)數(shù)據(jù)一旦被竊取或者身份被偽造,將造成用戶隱私數(shù)據(jù)或敏感數(shù)據(jù)泄露,帶來嚴重影響和不可估量的損失。傳統(tǒng)的采用用戶名和密碼進行身份認證的方式無法避免弱口令、撞庫攻擊、字典攻擊等問題;而采用數(shù)字證書認證技術(shù)雖然安全,但證書管理和維護復(fù)雜,使用繁瑣,交換數(shù)字證書會降低通信效率,且證書還要存儲在本地,占用了存儲資源,在終端設(shè)備上安裝控件或KEY驅(qū)動和管理程序等,使用極其不便。
本文詳細內(nèi)容請下載:http://ihrv.cn/resource/share/2000005497
作者信息:
于艷艷1,李智虎2,涂因子1,袁艷芳1,李延1,龐振江1
(1.北京智芯微電子科技有限公司,北京 102200;2.中國電力科學(xué)研究院有限公司,北京 100192)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。