Research On PKI Identity Authentication Based On Blockchain

Public key infrastructure(PKI)is one of the important cornerstones of the Internet,which can provide the trust for different users.However,there are some problems with traditional PKI,such as high ly centralization,single points of failure,certificate transparency,cross-domain authentication and so on.Blockchain has excellent characteristics such as decentralization,anonymous,traceability,and immutability,which provides new ideas for solving the above problems.At present,the main method of implementing blockchain-based PKI is to transform traditional PKI through blockchain,for example,to arrange the CAs as the nodes in blockchain,or to store the main identity certificate information in the blockchain to realize the distributed query of certificate.However,it still has problems such as super node with centralized rights,lack of a complete certificate management method,low authentication efficiency,and excessive data volume.With the cross-application of blockchain in different fields,it has become an important issue to explore the cross-chain authentication scheme applicable to the blockchain environment.In view of the above problems,the research conducted in this thesis is as follows:This thesis proposes a new efficient PKI authentication service scheme based on blockchain.Firstly,making use of blockchain to realize the decentralization transformation of traditional PKI and to improve the security.Secondly,the introduction of cryptographic tools such as dynamic accumulators improves the efficiency of identity authentication and greatly reduces the amount of data in the system.At the same time,the model also designs a more complete certificate management algorithm,which can realize the batch update of user certificates.Based on the above model,this thesis constructs the one-stop authentication model among users,miners' nodes and third-party service providers.The user only needs to provide the certificate,the session key and Server-Granting Ticket obtained from the miner node,which can realize the security authentication with the third-party service provider and obtain the corresponding service.The analysis results show that the scheme has high security and efficiency,and is feasible.Based on the one-stop efficient PKI authentication service scheme,this thesis proposes a new efficient cross-chain authentication scheme with identity attributes addition.By further dividing the rights and responsibilities of miner nodes,the scheme has a high degree of decentralization.Secondly,this thesis proposes new block structure and certificate structure,and realizes the efficient management of the user's certificate state by introducing the Merkle Patricia tree.Finally,this thesis puts forward the way of adding or registering the existing three-party blockchain identity or other trusted identity information as properties or as a new user certificate,so as to reduce the repeated construction of user identities on the other chains.The results of security analysis and efficiency analysis sho w that the scheme can provide secure and efficient cross-chain authentication service for users inside or outside the chain.