[1]麻付强,徐 峥,宋桂香.基于零知识的多实体联合身份认证算法[J].计算机技术与发展,2023,33(11):113-118.[doi:10. 3969 / j. issn. 1673-629X. 2023. 11. 017]
 MA Fu-qiang,XU Zheng,SONG Gui-xiang.Multi-entity Joint Identity Authentication Algorithm Based on Zero-knowledge Proof[J].,2023,33(11):113-118.[doi:10. 3969 / j. issn. 1673-629X. 2023. 11. 017]
点击复制

基于零知识的多实体联合身份认证算法()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年11期
页码:
113-118
栏目:
网络空间安全
出版日期:
2023-11-10

文章信息/Info

Title:
Multi-entity Joint Identity Authentication Algorithm Based on Zero-knowledge Proof
文章编号:
1673-629X(2023)11-0113-06
作者:
麻付强123 徐 峥1 宋桂香1
1. 浪潮(北京)电子信息产业有限公司,北京 100085;
2. 高效能服务器和存储技术国家重点实验室,北京 100085;
3. 浪潮集团有限公司,山东 济南 250101
Author(s):
MA Fu-qiang123 XU Zheng1 SONG Gui-xiang1
1. Inspur ( Beijing) Electronic Information Industry Co. ,Ltd. ,Beijing 100085,China;
2. State Key Laboratory of High-end Server & Storage Technology,Beijing 100085,China;
3. Inspur Group Co. ,Ltd. ,Jinan 250101,China
关键词:
身份认证零知识证明门限签名机密计算多实体
Keywords:
identity authenticationzero-knowledge proofthreshold signatureconfidential computingmulti-entity
分类号:
TP309
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 11. 017
摘要:
针对需要多人操作的强安全云计算系统的身份认证问题,该文提出了一种基于零知识的多实体联合身份认证算法,有效解决了多实体同时联合身份认证问题。 采用秘密共享技术将私钥拆分成多个私钥份额,并分发给多个实体。 基于零知识证明协议,实体无需传输私钥份额到身份认证中心,降低了传输过程中的泄露风险。 采用门限签名算法构造零知识证明协议,
每次身份认证需要多个实体参与。 同时,身份认证中心无需存储实体的私钥份额,降低了私钥份额的存储泄露风险。 进一步,身份认证中心运行在机密计算环境中,每个实体可以对身
份认证中心的真实性进行认证。 该方案降低单一实体对系统的访问权限,能够容忍少量不可用或恶意实体。 最后,该方案从完备性、正确性、零知识性方面分析了算法的安全性。
Abstract:
In view of the joint identity authentication problem of strong security cloud computing system,we propose a multi-entity jointidentity authentication algorithm based on zero knowledge,which can effectively solve the problem of multi-entity joint identity authentication. The private key is split into multiple private key shares by using secret sharing technology and distributed to multiple entities.Based on the zero-knowledge proof protocol,the entity does not need to transmit the share of the private key to the identity authenticationcenter,which reduces the risk of disclosure in the transmission process. The zero - knowledge proof protocol is constructed by usingthreshold signature algorithm. Each identity authentication requires multiple entities to participate. At the same time, the identityauthentication center does not need to store the private key share of entity, reducing the risk of storage leakage. Further,the identity authentication center is placed in a confidential computing environment. Each entity can verify the authenticity of the identity authenticationcenter. The proposed scheme reduces the access permission of a single entity to the system and can tolerate a small number of unavailableor malicious entities. Finally,the proposed scheme analyzes the security from the aspects of completeness,correctness and zero knowledge.

相似文献/References:

[1]田志英 廖晓群 赵安新.校园网认证计费系统的研究与实现[J].计算机技术与发展,2010,(05):202.
 TIAN Zhi-ying,LIAO Xiao-qun,ZHAO An-xin.Research and Implementation of Campus Network Authentication and Accounting System[J].,2010,(11):202.
[2]万久士 李翔 林祥.基于JSSh实现身份认证网站信息采集[J].计算机技术与发展,2009,(10):156.
 WAN Jiu-shi,LI Xiang,LIN Xiang.Information Collection of Website which Achieve Identity Authentication Based on JSSh[J].,2009,(11):156.
[3]贺锋 王汝传.一种基于PKI的P2P身份认证技术[J].计算机技术与发展,2009,(10):181.
 HE Feng,WANG Ru-chuan.A Peer- to- Peer Identity Authentication Technology Based on PKI[J].,2009,(11):181.
[4]吕武玲 黎忠文.SIP中基于身份认证的安全机制研究[J].计算机技术与发展,2009,(02):158.
 LU Wu-ling,LI Zhong-wen.Research on Identity- Based Authentication in SIP[J].,2009,(11):158.
[5]孙印杰 陈智芳 王敏 洪力.基于指纹和数字水印的网络身份认证系统研究[J].计算机技术与发展,2008,(04):147.
 SUN Yin-jie,CHEN Zhi-fang,WANG Min,et al.Research of Authentication System Based on Fingerprint and Digital Watermarking[J].,2008,(11):147.
[6]黄叶珏 陈勤.Web网站统一口令认证系统的设计与实现[J].计算机技术与发展,2007,(06):163.
 HUANG Ye-jue,CHEN Qin.Design and Implementation of Web Site Universal Password Authentication System[J].,2007,(11):163.
[7]王平水.零知识数字签名方案中Hash值长度的研究[J].计算机技术与发展,2007,(06):170.
 WANG Ping-shui.Study on Length of Hash - Values for Digital Signature Schemes Based on Zero- Knowledge[J].,2007,(11):170.
[8]王平水.基于独立集问题的零知识证明研究[J].计算机技术与发展,2007,(09):55.
 WANG Ping-shui.Study on Zero- Knowledge Proof Based on Independent Set Problem[J].,2007,(11):55.
[9]孟彦 侯整风 昂东宇 周循.基于椭圆曲线的单轮零知识证明方案[J].计算机技术与发展,2007,(12):147.
 MENG Yan,HOU Zheng-feng,ANG Dong-yu,et al.One- Round Zero- Knowledge Proofs Protocol Based on Elliptic Curve[J].,2007,(11):147.
[10]徐小平 尹颖禹.基于数字签名的身份认证模型的一种方案[J].计算机技术与发展,2006,(02):220.
 XU Xiao-ping,YIN Ying-yu.A Model Scheme for Identity Verification Based on Digital Signature[J].,2006,(11):220.
[11]陈梁景,王志伟.隐私保护的传染病密切接触者身份追踪系统[J].计算机技术与发展,2022,32(09):167.[doi:10. 3969 / j. issn. 1673-629X. 2022. 09. 026]
 CHEN Liang-jing,WANG Zhi-wei.A Privacy-protected Identity Tracking System for Close Contacts of Infectious Diseases[J].,2022,32(11):167.[doi:10. 3969 / j. issn. 1673-629X. 2022. 09. 026]

更新日期/Last Update: 2023-11-10