信息安全研究第10卷第2期2024年2月JournalotinformationSecurityResearchVol.10No.2Feb.2024DOl:10.12379/j.issn.2096-1057.2024.02.08基于区块链和PKI的身份认证技术研究李铭垫2马马利民2王王佳慧张伟1(网络文化与数字传播北京市重点实验室(北京信息科技大学)北京100101)2(北京信息科技大学计算机学院北京100101)3(国家信息中心信息与网络安全部北京100045)(15601127733@163.com)ResearchonIdentityAuthenticationTechnologyBasedonBlockChainandPKILiMingkunl?2,MaLiminl-2,WangJiahui?,andZhangWei?I(BeijingKeyLaboratoryofIntermetCultureandDigitalDisseminationResearch(BeijingInformationScience&.TechnologyUniversity),Beijing100101)2(SchoolofComputer,BeijingInformationScience&.TechnologyUniversity,Beijing100101)3(DepartmentofInformationandSecurity,StateInformationCenter,Beijing100045)AbstractPublickeyinfrastructure(PKI)isasecuresystembasedonasymmetriccryptographicalgorithmanddigitalcertificatetorealizeidentityauthenticationandencryptedcommunication,operatingontheprincipleoftrusttransmissionbasedontrustanchor.However,thistechnologyhasthefollowingproblems:TheCAcenterisuniqueandthereisasinglepointoffailure;Theauthenticationprocessinvolvesalargenumberofoperations,suchascertificateresolution,signatureverification,andcertificatechainverification.Tosolvetheaboveproblems,thispaperbuildsanidentityauthenticationmodelbasedonChanganChain,andproposesanidentityauthenticationschemebasedonChanganChaindigitalcertificateandpublickeyinfrastructure.Theoreticalanalysisandexperimentaldatademonstratethatthisschemereducescertificateparsing,signatureverificationandotheroperations,simplifiestheauthenticationprocess,andimprovestheauthenticationefficiency.Keywordschainmakerdigitalcertificate;chainmaker;certificateparsing;digitalsignature;signatureverification;identityauthentication摘要PKI是基于非对称密码算法和数字证书来实现身份认证和加密通信的安全体系,原理是基于信任锚的信任传递.该技术存在以下问题:CA中心唯一,存在单点故障;认证过程存在大量证书解析、签名验签、证书链校验等操作,认证流程繁琐.针对上述问题,基于长安链构建身份认...
