隐私保护及安全可控的区块链数字身份模型

doi:10.3778/j.issn.1002-8331.2404-0321

摘要/Abstract

摘要： 针对目前数字身份方案存在的隐私泄露、披露过度、灵活性低以及可控性差等方面的问题，提出了一种基于智能合约的分布式可信数字身份方案。将用户身份与属性解耦，采用合约地址作为身份标识并使用非交互式零知识证明隐藏公钥，采用Pederson承诺隐藏属性，给予用户对于属性的选择披露控制权。采用可链接环签名以确保用户数字身份的真实性、验证者的匿名性和可审计性。通过动态密码学累加器为每个服务颁发可撤销凭证以实现跨域服务的双向撤销，并引入AES算法推动实现被动撤销，同时采用多重签名机制实现数字身份的丢失可恢复。通过与其他系统进行功能以及性能对比证明了该方案在匿名性、灵活性以及可控性等方面具有更好的性能。经安全性分析和实验验证，该方案具有较高的安全性能，并且能够保持资源的支出可控，具备实用性。

关键词: 数字身份, 智能合约, 跨域认证, 隐私保护, 安全可控

Abstract: Aiming at the problems of privacy leakage, excessive disclosure, low flexibility and poor controllability in current digital identity schemes, a distributed trusted digital identity scheme based on smart contracts is proposed. Firstly, the user’s identity and attributes are decoupled. The contract address is used as the identity and the non-interactive zero-knowledge proof is used to hide the public key. Pedersen commitments are used to hide attributes, granting users control over the disclosure of attributes. The linkable ring signature is used to ensure the authenticity of the user’s digital identity, the anonymity and auditability of the verifier. The dynamic cryptographic accumulator is used to issue revocable credentials for each service to achieve bidirectional revocation of cross-domain services, and the AES algorithm is introduced to promote passive revocation. At the same time, the multi-signature mechanism is used to realize the recovery of digital identity loss. In addition, by comparing the functionality and performance with other systems, it has been demonstrated that this solution offers better performance in terms of anonymity, flexibility, and controllability. Through security analysis and experimental verification, the scheme has higher security performance and can maintain the controllable expenditure of resources, which is practical.

Key words: digital identity, smart contract, cross-domain authentication, privacy protection, controllability for security

闫恩华, 宋智明, 任志鑫, 宋俊蓉, 姜茸. 隐私保护及安全可控的区块链数字身份模型[J]. 计算机工程与应用, 2025, 61(12): 319-332.

YAN Enhua, SONG Zhiming, REN Zhixin, SONG Junrong, JIANG Rong. Privacy Protection and Secure Controllable Blockchain Digital Identity Model[J]. Computer Engineering and Applications, 2025, 61(12): 319-332.

参考文献

[1] DAI Z Y, ZHOU W L. The federated identity and access management architectures: a literature survey[D]. Melbourne: Deakin University. School of Information Technology, 2005.
[2] ZHOU T, LI X F, ZHAO H. EverSSDI: blockchain-based framework for verification, authorisation and recovery of self-sovereign identity using smart contracts[J]. International Journal of Computer Applications in Technology, 2019, 60(3): 281-295.
[3] AL-BASSAM M. SCPKI: a smart contract-based PKI and identity system[C]//Proceedings of the ACM Workshop on Blockchain, Cryptocurrencies and Contracts, 2017: 35-40.
[4] HEGDE M, RAO R R, NIKHIL B M. Ddmia: distributed dynamic mutual identity authentication for referrals in blockchain-based health care networks[J]. IEEE Access, 2022, 10: 78557-78575.
[5] SINGH K, DIB O, HUYART C, et al. A novel credential protocol for protecting personal attributes in blockchain[J]. Computers & Electrical Engineering, 2020, 83: 106586.
[6] NIU J L, REN Z Y. A self-sovereign identity management scheme using smart contracts[C]//Proceedings of the MATEC Web of Conferences, 2021: 08005.
[7] LEE J, CHOI J, OH H, et al. Privacy-preserving identity management system[J]. Cryptology ePrint Archive, 2021.
[8] YANG X H, LI W J. A zero-knowledge-proof-based digital identity management scheme in blockchain[J]. Computers & Security, 2020, 99: 102050.
[9] REN Z X, YAN E H, CHEN T W, et al. Blockchain-based CP-ABE data sharing and privacy-preserving scheme using distributed KMS and zero-knowledge proof[J]. Journal of King Saud University-Computer and Information Sciences, 2024, 36(3): 101969.
[10] RA G, KIM T, LEE I. VAIM: verifiable anonymous identity management for human-centric security and privacy in the internet of things[J]. IEEE Access, 2021, 9: 75945-75960.
[11] LUNDKVIST C, HECK R, TORSTENSSON J, et al. Uport: a platform for self-sovereign identity[EB/OL]. (2017-02-21)[2024-04-19]. https://blockchainlab. com/pdf/uPort_white.
[12] WANG Z, LIN J Q, CAI Q W, et al. Blockchain-based certificate trans-parency and revocation transparency[J]. IEEE Transactions on Dependable and Secure Computing, 2020 (1): 681-697.
[13] FROMKNECHT C, VELICANU D, YAKOUBOV S. CertCoin: a namecoin based decentralized authentication system[R]. Massachusetts Institute of Technology, Cambridge, MA, USA, 2014: 46-56.
[14] BOURAS M A, LU Q H, DHELIM S, et al. A lightweight blockchain-based IoT identity management approach[J]. Future Internet, 2021, 13(2): 24.
[15] TSANG P P, WEI V K. Short linkable ring signatures for e-voting, e-cash and attestation[C]//Proceedings of the International Conference on Information Security Practice and Experience. Berlin, Heidelberg: Springer, 2005: 48-60.
[16] AU M H, CHOW S S M, SUSILO W, et al. Short linkable ring signatures revisited[C]//Proceedings of the Third European PKI Workshop on Public Key Infrastructure: Theory and Practice, 2006: 101-115.
[17] ZHENG D, LI X X, CHEN K F, et al. Linkable ring signatures from linear feedback shift register[C]//Proceedings of the 2007 Conference on Emerging Direction in Embedded and Ubiquitous Computing, 2007: 716-727.
[18] 汤永利, 夏菲菲, 叶青, 等. 格上基于身份的可链接环签名[J]. 密码学报, 2021, 8(2): 232-247.
TANG Y L, XIA F F, YE Q, et al. Identity-based linkable ring signature on lattice[J]. Journal of Cryptologic Research, 2021, 8(2): 232-247.
[19] LIU J K, WONG D S. Linkable ring signatures: security models and new schemes[C]//Proceedings of the International Conference on Computational Science and Its Applications. Berlin, Heidelberg: Springer, 2005: 614-623.
[20] LI Q N, XUE Z H. A privacy-protecting authorization system based on blockchain and zk-SNARK[C]//Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies. New York: ACM, 2020: 439-444.
[21] PEDERSEN T P. Non-interactive and information-theoretic secure verifiable secret sharing[C]//Proceedings of the Annual International Cryptology Conference on Advances in Cryptology. Berlin, Heidelberg: Springer, 2007: 129-140.
[22] NGUYEN L. Accumulators from bilinear pairings and applications[C]//Proceedings of the Cryptographers’ Track at the RSA Conference on Topics in Cryptology. Berlin, Heidelberg: Springer, 2005: 275-292.
[23] DAMGARD I, TRIANDOPOULOS N. Supporting non-membership proofs with bilinear-map accumulators[EB/OL]. (2008-01-01)[2024-04-19]. http://eprint.iacr.org/2008/538.pdf.
[24] CAMENISCH J, KOHLWEISS M, SORIENTE C. An accumulator based on bilinear maps and efficient revocation for anonymous credentials[C]//Proceedings of the 12th International Conference on Public Key Cryptography. Berlin, Heidelberg: Springer, 2009: 481-500.
[25] YU Y, ZHAO Y Q, LI Y N, et al. Blockchain-based anonymous authentication with selective revocation for smart industrial applications[J]. IEEE Transactions on Industrial Informatics, 2020, 16(5): 3290-3300.