区块链系统身份管理机制研究综述

doi:10.3778/j.issn.1002-8331.2302-0189

摘要/Abstract

摘要： 区块链技术是一项集P2P网络、共识机制、密码学、博弈论、经济学等众多技术与理论于一体的应用创新，以其去中心化这一特质冲击着传统系统中心化机制带来的种种约束，通过共识机制在一个无需第三方信任机构的开放网络环境中实现交易的可信性、可溯源、防篡改等功能，其所形成的新型计算范式和信任机制有助于推动管理模式的转变。同时，区块链技术具有的账本公开和多方共识机制，为以交易为最小数据单元的区块链系统身份管理提出了挑战。梳理区块链系统身份管理技术的重要研究成果，为系统掌握区块链身份标识和认证方式、加强不同应用场景中的信息发现和价值挖掘提供借鉴。在讨论传统系统与区块链系统身份管理特征，并明确区块链身份管理主要内容的基础上，阐释UTXO模型和账户模型的特点，深入分析基于公钥转换、数字证书和去中心化数字身份3类区块链系统身份标识机制，以及匿名认证、实名认证和可控匿名认证3类区块链认证方式，最后对区块链身份管理技术的未来发展进行展望。

关键词: 区块链, 身份管理, 身份标识, 身份认证

Abstract: Blockchain technology integrates various technologies and theories such as P2P networks, consensus mechanisms, cryptography, game theory and economics as an innovative application. It challenges the constraints imposed by centralized mechanisms in traditional systems with its characteristic of decentralization. It achieves trustworthiness, traceability and tamper resistance in transactions within an open network environment without the need for a trusted third party through consensus mechanisms. The new computing paradigm and trust mechanism formed by blockchain technology contribute to the transformation of management models. The transparency of the ledger and the multi-party consensus mechanism in blockchain technology pose challenges to identity management in blockchain systems at the same time, where transactions serve as the smallest data unit. This paper provides insights into understanding blockchain identity identification and authentication methods and strengthens information discovery and value extraction in different application scenarios by reviewing the important research achievements in blockchain system identity management technology. This paper explains the characteristics of the UTXO model and the account model by discussing the characteristics of identity management in traditional systems and blockchain systems and clarifying the main contents of blockchain identity management. It further analyzes three types of blockchain system identity identification mechanisms: public key transformation, digital certificates and decentralized digital identity. It also examines three types of blockchain authentication methods: anonymous authentication, real-name authentication and controllable anonymous authentication. It finally offers prospects for the future development of blockchain identity management technology.

Key words: blockchain, identity management, identity identification, identity authentication

李馥娟, 马卓, 王群. 区块链系统身份管理机制研究综述[J]. 计算机工程与应用, 2024, 60(1): 57-73.

LI Fujuan, MA Zhuo, WANG Qun. Survey on Identity Management in Blockchain Systems[J]. Computer Engineering and Applications, 2024, 60(1): 57-73.

参考文献

[1] DAI W. B-money[EB/OL]. [2023-01-03]. www.weidai.com/bmoney.txt.
[2] NAKAMOTO S. Bitcoin: a peer-to-peer electronic cash system[EB/OL]. [2023-01-10]. https://bitcoin.org/bitcoin.pdf.
[3] 王群, 李馥娟, 王振力, 等. 区块链原理及关键技术[J]. 计算机科学与探索, 2020, 14(10): 1621-1643.
WANG Q, LI F J, WANG Z L, et al. Principle and core technology of blockchain[J]. Journal of Frontiers of Computer Science and Technology, 2020, 14(10): 1621-1643.
[4] W3C. First public working draft: decentralized identifiers (DIDS) V1.0[EB/OL]. (2019-11-07)[2022-11-13]. https://www.w3.org/blog/news/archives/8032.
[5] 姚前, 张大伟. 区块链系统中身份管理技术研究综述[J]. 软件学报, 2021, 32(7): 2260-2286.
YAO Q, ZHANG D W. Survey on identity management in blockchain[J]. Journal of Software, 2021, 32(7): 2260-2286.
[6] 宋靖文, 张大伟, 韩旭, 等. 区块链中可监管的身份隐私保护方案[J]. 软件学报, 2023, 34(7): 3292-3312. ?
SONG J W, ZHANG D W, HAN X, et al. Supervised identity privacy protection scheme in blockchain[J]. Journal of Software, 2023, 34(7): 3292-3312. ?.
[7] 佘维, 霍丽娟, 刘炜, 等. 一种可隐藏敏感文档和发送者身份的区块链隐蔽通信模型[J]. 电子学报, 2022, 50(4): 1002-1013.
SHE W, HUO L J, LIU W, et al. A blockchain-based covert communication model for hiding sensitive documents and sender identity[J]. Acta Electronica Sinica, 2022, 50(4): 1002-1013.
[8] GENKIN D, PAPADOPOULOS D, PAPAMANTHOU C. Privacy in decentralized cryptocurrencies[J]. Communications of the ACM, 2018, 61(6): 78-88.
[9] DUNPHY P, PETITCOLAS F. A First look at identity management schemes on the blockchain[J]. arXiv:1801.0329, 2018.
[10] BUCCAFURRI F, LAX G, RUSSO A, et al. Integrating digi-tal identity and blockchain[C]//Confederated International Conferences: CoopIS, C&TC, and ODBASE 2018, Valletta, Malta, October 22-26, 2018. Berlin, Heidelberg: Springer, 2018: 568-585.
[11] 王群, 李馥娟, 倪雪莉, 等. 区块链共识算法及应用研究[J]. 计算机科学与探索, 2022, 16(6): 1214-1242.
WANG Q, LI F J, NI X L, et al. Survey on blockchain consensus algorithms and application[J]. Journal of Frontiers of Computer Science and Technology, 2022, 16(6): 1214-1242.
[12] CRISTINA P S, SERGI D S, GUILLERMO N A G, et al. Another coin bites the dust: an analysis of dust in UTXO-based cryptocurrencies[J]. Royal Society Open Science, 2019, 6(1): 1-26.
[13] TIKHOMIROV S. Ethereum: state of knowledge and research perspectives[C]//International Symposium on Foundations and Practice of Security, Nancy, France, October 23-25, 2017. Berlin, Heidelberg: Springer, 2017: 206-221.
[14] NIST (National Institute of Standards and Technology). Merkle tree[EB/OL]. (2019-02-19)[2023-03-18]. https://xlinux.nist.gov/dads/HTML/MerkleTree.html.
[15] SATO S, BANNO R, FURUSE J, et al. Verification of a Merkle patricia tree library using F*[J]. arXiv:2106.04826, 2021.
[16] BEN-SASSON E, CHIESA A, GARMAN C, et al. Zerocash: decentralized anonymous payments from bitcoin[EB/OL]. (2014-05-18)[2022-12-26]. https://eprint.iacr.org/2014/349.pdf.
[17] ALONSO K M, JOANCOMARTI J H. Monero: privacy in the blockchain[EB/OL]. [2022-12-26]. https://eprint.iacr.org/2018/535.pdf.
[18] STELLA E O. WaykiChain: a high technological and innovative platform for cryptocurrency and football lovers[EB/OL]. (2022-01-16)[2022-12-26]. https://emperorokpanku.medium.com/8-6ee1ba26808e.
[19] ANDROULAKI E, BARGER A, BORTNIKOV V, et al. Hyperledger fabric: a distributed operating system for permissioned blockchains[J]. arXiv:1801.10228, 2018.
[20] EL-YAFI R. Corda: the open source blockchain for business[EB/OL]. [2022-12-28]. https://medium.com/corda.
[21] LAM J. BigBang core[EB/OL]. (2019-12-16)[2022-12-28]. https://medium.com/bigbangcore/bigbangcore-8d8a625794e8.
[22] SERGI D S, CRISTINA P S, GUILLERMO N A, et al. Analysis of the Bitcoin UTXO set[C]//International Conference on Financial Cryptography and Data Security, Nieuwpoort, Cura?ao, February 26-March 2, 2018. Berlin, Heidelberg: Springer, 2018: 78-91.
[23] HALIM N S A, RAHMAN M A, AZAD S, et al. Blockchain security hole: issues and solutions[C]//Proceedings of the 2nd International Conference of Reliable Information and Communication Technology (IRICT 2017), Johor Bahru, Malaysia, April 23-24, 2017. Berlin, Heidelberg: Springer, 2017: 739-746.
[24] ERMILOV D, PANOV M, YANOVICH Y. Automatic bitcoin address clustering[C]//2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), Cancun, Mexico, Dec 18-21, 2017. Piscataway: IEEE, 2017: 461-466.
[25] BONNEAU J, NARAYANAN A, MILLER A, et al. Mixcoin: anonymity for bitcoin with accountable mixes[C]//International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, March 3-7, 2014. Heidelberg: Springer, 2014: 486-504.
[26] eosio. What is EOS?[EB/OL]. [2023-03-16]. https://eos.io/eos-public-blockchain/.
[27] Wisdom. Wisdom chain developer reference[EB/OL]. [2023-03-16]. https://docs.wisdchain.com/#/.
[28] cita. What is CITA[EB/OL]. [2023-03-18]. https://github.com/citahub/cita.
[29] RAJU P, PONNAPALLI S, KAMINSKY E, et al. mLSM: making authenticated storage faster in ethereum[C]//Proceedings of the 10th USENIX Conference on Hot Topics in Storage and File Systems (HotStorage’18), Boston, MA, USA, July 9-10, 2018. Berkeley: USENIX Association, 2018: 1-10.
[30] XU M C, XU G J, XU H Y, et al. A decentralized lightweight authentication protocol under blockchain[J]. Concurrency and Computation: Practice and Experience, 2023, 35(6): 1-17.
[31] WiKi. Deterministic wallet[EB/OL]. [2023-01-13]. https://en.bitcoin.it/wiki/Deterministic_wallet#Type_2_hierarchical_
deterministic_wallet.
[32] WiKi. BIP 0032[EB/OL]. [2023-01-16]. https://en.bitcoin.it/wiki/BIP_0032.
[33] PERLMAN R. An overview of PKI trust models[J]. IEEE Network, 1999, 13(6): 38-43.
[34] WANG R, HE J, LI Q, et al. A privacy-aware PKI system based on permissioned blockchains[C]//2018 IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, Chain, Nov 23-25, 2018: 928-931.
[35] W3C. Decentralized identifiers (DIDs) v1.0[EB/OL]. (2019-11-07)[2022-11-13]. https://www.w3.org/TR/2019/WD-did-core-20191107/.
[36] DIF. Decentralized identity FAQ[EB/OL]. [2023-01-10]. https://identity.foundation/faq/.
[37] MUHLE A, GRUNER A, GAYVORONSKAYA, et al. A survey on essential components of a self-sovereign identity[J]. Computer Science Review, 2018, 30(11): 80-86.
[38] Eruopean Commission. Verifiable presentation[EB/OL]. [2022-01-23]. https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Verifiable+Presentation.
[39] BANGERTER E, BARZAN S, KRENN S, et al. Bringing zero-knowledge proofs of knowledge to practice[EB/OL]. [2022-01-23]. https://eprint.iacr.org/2009/211.pdf.
[40] Microsoft. Decentralized identity[EB/OL]. [2023-01-10]. https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2DjfY.
[41] LUNDKVIST C, HECK R, TORSTENSSON J, et al. UPort: a platform for self-sovereign identity[EB/OL]. [2023-01-11]. https://blockchainlab.com/pdf/uPort_whitepaper_DRAFT
20161020.pdf.
[42] LI Z J. A verifiable credentials system with privacy-preserving based on blockchain[J]. Journal of Information Security, 2022, 13(2): 43-65.
[43] WeBank. WeIdentity[EB/OL]. [2023-01-13]. https://github.com/WeBankBlockchain/Weidentity.
[44] BSN. FISCO BCOS, the most popular permissioned framework in Chinese mainland[EB/OL]. (2021-04-19)[2023-01-29]. https://medium.com/use-case-library/fisco-bcos-the-most-popular-permissioned-framework-in-chinese-mainland-da8baae96266.
[45] 王晨旭, 程加成, 桑新欣, 等. 区块链数据隐私保护: 研究现状与展望[J]. 计算机研究与发展, 2021, 58(10): 2099-2119.
WANG C X, CHENG J C, SANG X X, et al. Data privacy-preserving for blockchain: state of the art and trends[J]. Journal of Computer Research and development, 2021, 58(10): 2099-2119.
[46] YANG Y. Multi-issuer attribute-based anonymous credential with traceability and revocation[J]. Computer and Information Science, 2022, 15(2): 1-68.
[47] JAIN K, JAIN J, BORADE J L. A survey on man in the middle attack[J]. International Journal for Science Technology and Engineering, 2016, 2(9): 277-280.
[48] 林璟锵, 荆继武, 张琼露, 等. PKI技术的近年研究综述[J]. 密码学报, 2015, 2(6): 487-496.
LIN J Q, JING J W, ZHANG Q L, et al. Recent advances in PKI technologies[J]. Journal of Cryptologic Research, 2015, 2(6): 487-496.
[49] AXON L. GOLDSMITH M. PB-PKI: a privacy-aware blockchain-based PKI[C]//Proceedings of the 14th International Joint Conference on e-Business and Telecommunications ICETE, Madrid, Spain, 2017: 311-318.
[50] KUBILAY M Y, KIRAZ M S, MANTAR H A. CertLedger: a new PKI model with certificate transparency based on blockchain[J]. arXiv:1806.03914, 2018.
[51] WATANABE H, FUJIMURA S, NAKADAIRA A, et al. Blockchain contract: securing a blockchain applied to smart contracts[C]//2016 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, January 07-11, 2016. Piscataway: IEEE, 2016: 467-468.
[52] FROMKNECHT C, VELICANU D, YAKOUBOV S. CertCoin: a NameCoin based decentralized authentication system 6.857 class project[EB/OL]. (2014-05-14)[2023-05-29]. https://courses.csail.mit.edu/6.857/2014/files/19-fromknecht-velicann-yakoubov-certcoin.pdf.
[53] MOHANTA B K, PANDA S S, JENA D. An overview of smart contract and use cases in blockchain technology[C]//2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Bengaluru, India, 2018. Piscataway: IEEE, 2018: 1-4.
[54] YAKUBOV A, SHBAIR W M, WALLBOM A, et al. A blockchain-based PKI management framework[C]//2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, China, 2018. Piscataway: IEEE, 2018: 1-6.
[55] ZHANG M, WANG L, YANG J. A blockchain-based authentication method with one-time password[C]//2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC), London, UK, October 29-31, 2019. Piscataway: IEEE, 2019: 1-9.
[56] LAMPORT L. Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(11): 770-772.
[57] M’RAIHI D, BELLARE M, HOORNAERT F, et al. HOTP: an HMAC-based one-time password algorithm[EB/OL]. (2005-12-01)[2023-06-01]. https://www.rfc-editor.org/rfc/pdfrfc/rfc4226.txt.pdf.
[58] M’RAIHI D, MACHANI S, PEI M, et al. TOTP: time-based one-time password algorithm[EB/OL]. (2011-05-11)[2023-06-01]. https://www.rfc-editor.org/pdfrfc/rfc6238.txt.pdf.
[59] HOMOLIAK I, BREITENBACHER D, HUJNAK O, et al. SmartOTPs: an air-gapped 2-factor authentication for smart-contract wallets[C]//Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, New York, NY, USA, October 21-23, 2020. New York: ACM Press, 2020: 145-162.
[60] PARK C S. One-time password based on hash chain without shared secret and re-registration[J]. Computers & Security, 2018(75): 138-146.
[61] ERDEM E, SANDIKKAYA M T. OTPaaS-one time password as a service[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(3): 743-756.
[62] CATALFAMO A, RUGGERI A, CELESTI A, et al. A microservices and blockchain based one time password (MBB-OTP) protocol for security-enhanced authentication[C]//2021 IEEE Symposium on Computers and Communications (ISCC), Athens, Greece, September 05-08, 2021. Piscataway: IEEE, 2021: 1-6.
[63] 微众银行. FISCO BCOS 技术文档[EB/OL]. [2023-01-16]. https://fisco-bcos-doc.readthedocs.io/zh_CN/latest/.
WeBank.FISCO BCOS technical document[EB/OL]. [2023-01-16]. https://fisco-bcos-doc.readthedocs.io/zh_CN/latest/.
[64] Hyperledger Fabric. Membership service providers (MSP)[2022-12-29]. https://hyperledger-fabric.readthedocs.io/en/release-1.1/msp.html.
[65] DIX I. Implementation of a reputation system for CA trust management[EB/OL]. (2016-08-04)[2023-01-16]. https://download.hrz.tu-darmstadt.de/media/FB20/Dekanat/Publikationen/CDC/Isabella_Dix.bachelor.pdf.
[66] LAURIE B, MESSERI E, STRADLING R. RFC 9162: certificate transparency version 2.0[S]. 2021.
[67] LOZUPONE V. Analyze encryption and public key infrastructure (PKI)[J]. International Journal of Information Management, 2018, 38(1): 42-44.
[68] SHAMIR A. Identity-based cryptosystems and signature schemes[C]//Proceedings of CRYPTO’84. Berlin, Heidelberg: Springer, 1985: 47-53.
[69] AI-RIYAMI S S, PATERSON K G. Certificateless public key cryptography[C]//9th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, China, November 30-December 4, 2003. Berlin, Heidelberg: Springer, 2003: 452-473.
[70] 李芳, 李卓然, 赵赫. 区块链跨链技术进展研究[J]. 软件学报, 2019, 30(6): 1649-1660.
LI F, LI Z R, ZHAO H. Research on the progress in cross-chain technology of blockchains[J]. Journal of Software, 2019, 30(6): 1649-1660.
[71] ZHANG H, CHEN X, LAN X, et al. BTCAS: a blockchain-based thoroughly cross-domain authentication scheme[J]. Journal of Information Security and Applications, 2020, 55: 1-10.
[72] 王姝爽, 马兆丰, 刘嘉微, 等. 区块链跨链安全接入与身份认证方案研究与实现[J]. 信息网络安全, 2022, 22(6): 61-72.
WANG S S, MA Z F, LIU J W, et al. Research and implementation of cross chain security access and identity authentication scheme of blockchain[J]. Netinfo Security, 2022, 22(6): 61-72.
[73] Internet Engineering Task Force (IETF). Problems with the public key infrastructure (PKI) for the world wide web(draft-iab-web-pki-problems-01.txt)[EB/OL]. (2016-08-24)[2023-01-16]. https://datatracker.ietf.org/doc/html/draft-iab-web-pki-problems-01#section-3.2.1.
[74] KULYNYCH B, ISAAKIDIS M, TRONCOSO C, et al. ClaimChain: decentralized public key infrastructure[J]. arXiv:1707.06279v1, 2018.
[75] HUANG Y. Decentralized public key infrastructure (DPKI): what is it and why does it matter?[EB/OL]. (2019-05-14)[2023-02-13]. https://medium.com/hackernoon/decentralized-public-key-infrastructure-dpki-what-is-it-and-why-does-it-matter-babee9d88579.
[76] VAUDENAY S. The security of DSA and ECDSA bypassing the standard elliptic curve certification scheme[EB/OL]. [2023-02-03]. https://link.springer.com/content/pdf/10.1007/3-540-36288-6_23.pdf.
[77] Network Working Group. Threshold signatures in elliptic curves[EB/OL]. (2020-09-10)[2023-02-10]. https://datatracker.ietf.org/doc/html/draft-hallambaker-threshold-sigs-01.
[78] Internet Research Task Force (IRTF). Edwards-curve digital signature algorithm (EdDSA)(rfc 8032)[EB/OL]. (2017-01-01)[2023-02-13]. https://datatracker.ietf.org/doc/rfc8032/.
[79] 陈思吉, 翟社平, 汪一景. 一种基于环签名的区块链隐私保护算法[J]. 西安电子科技大学学报, 2020, 47(5): 86-93.
CHEN S J, ZHAI S P, WANG Y J. Blockchain privacy protection algorithm based on ring signaure[J]. Journal of Xidian University, 2020, 47(5): 86-93.
[80] 周炜, 王超, 徐剑, 等. 基于区块链的隐私保护去中心化联邦学习模型[J]. 计算机研究与发展, 2022, 59(11): 2423-2436.
ZHOU W, WANG C, XU J, et al. Privacy-preserving and decentralized federated learning model based on the blockchain[J]. Journal of Computer Research and Development, 2022, 59(11): 2423-2436.