基于区块链和可信执行环境的属性签名身份认证方案

Attribute Signature Identity Authentication Scheme Based on Blockchain and Trusted Execution Environment

身份认证是当前数字化世界中广泛应用的一项技术,对于流量至上的时代,安全而便捷的身份验证方案对于应用服务吸引用户是至关重要的.去中心化身份通过使用完全去中心化的技术如区块链,让用户完全控制自己的身份.为了进一步提高身份认证的安全性与便捷性,提出一种基于区块链和可信执行环境(TEE)的属性签名身份认证方案.现有的身份验证方法存在用户身份凭证管理繁重、安全性不足等问题.用户利用属性签名生成指向应用服务的持久性凭据,并且凭据是可扩充的.而用户反复扩充凭据的过程相比单次生成凭据保存更有被攻击者植入木马的风险,可信执行环境则可以在签名过程中提供硬件级别的保护,避免中间参数的泄露.同时还用较小的额外验证代价实现了对用户身份泄露、冒用的审计,进一步提高了方案的安全性.

Identity authentication is a technology widely used in the current digital world.In the era of traffic supremacy,a secure and convenient identity authentication solution is crucial for attracting users to application services.Decentralized identity gives users complete control over their identity by using a fully decentralized technology such as blockchain.In order to further improve the security and convenience of identity authentication,an attribute signature authentication scheme based on blockchain and trusted execution environment is proposed.Existing identity verification methods have problems such as heavy management of user identity certificates and insufficient security.Attribute signatures are used by users to generate persistent credentials pointing to application services,and credentials are extensible.In the process of repeatedly expanding credentials,the user is more likely to be implanted with a Trojan horse than a single generation of credentials.The trusted execution environment can provide hardwarelevel protection during the signing process to avoid the leakage of intermediate parameters.At the same time,the audit of user identity leakage and fraudulent use is realized with a small additional verification cost,which further improves the security of the scheme.