基于隐私保护的分布式数字身份认证技术研究及实践探索

doi:10.12267/j.issn.2096-5931.2024.01.009

信息通信技术与政策 ›› 2024, Vol. 50 ›› Issue (1): 59-66.doi: 10.12267/j.issn.2096-5931.2024.01.009

基于隐私保护的分布式数字身份认证技术研究及实践探索

Research and practice of decentralized digital identity authentication technology based on privacy protection

焦志伟¹^,², 吴正豪¹, 徐亦佳¹^,², 魏凡星³

1.蚂蚁科技集团股份有限公司,杭州 310020
2.互联网可信认证联盟,杭州 310020
3.中国信息通信研究院泰尔终端实验室,北京 100191

收稿日期:2023-12-10 出版日期:2024-01-25 发布日期:2024-02-01
通讯作者: 魏凡星,中国信息通信研究院泰尔终端实验室工程师,主要从事隐私安全、终端安全、芯片安全等方面的研究工作
作者简介:
焦志伟,蚂蚁科技集团股份有限公司、互联网可信认证联盟应用开发工程师,主要从事分布式身份认证相关方面的研究、开发工作
吴正豪,蚂蚁科技集团股份有限公司隐私计算部隐语密码算法工程师,主要从事零知识证明、同态加密等方面的研究工作
徐亦佳,蚂蚁科技集团股份有限公司、互联网可信认证联盟安全科技运营工程师,主要从事分布式身份认证相关方面的技术运营工作

JIAO Zhiwei¹^,², WU Zhenghao¹, XU Yijia¹^,², WEI Fanxing³

1. Ant Group, Hangzhou 310020, China
2. IIFAA, Hangzhou 310020, China
3. CTTL Terminal Labs, China Academy of Information and Communications Technology, Beijing 100191, China

Received:2023-12-10 Online:2024-01-25 Published:2024-02-01

摘要/Abstract

摘要：

随着Web 3.0的发展,分布式数字身份应运而生。分布式数字身份面向分布式网络,能够把用户、机构、设备和数字资产统一接入网络,具备去中心化、互通互认、隐私安全等特点。首先研究了基于隐私保护的分布式数字身份认证体系,概述了其技术架构、认证流程、技术特点;其次阐述了基于终端的安全防护机制和基于密码学的隐私保护方案,其中隐私保护安全方案包括基于密码学的分布式身份认证和身份属性认证;最后介绍了视障用户场景实现案例,为分布式数字身份应用场景提供思路,助力用户隐私保护。

关键词: 分布式数字身份, 终端安全, 隐私安全, 零知识证明

Abstract:

With the development of Web3.0, decentralized digital identity comes into being. Decentralized identity is oriented to decentralized networks, allowing users, institutions, devices and digital assets to access the network, with the characteristics of decentralization, mutual recognition, privacy and security. This paper studies the decentralized digital identity authentication system based on privacy protection, and firstly summarizes its technical architecture, authentication process and technical characteristics. Then,it presents the security protection mechanism based on terminal and the privacy protection scheme based on cryptography. The privacy protection security scheme includes DID authentication based on cryptography and identity attribute authentication. Finally, it introduces the implementation case of the visually impaired user scenario to provide ideas for decentralized digital identity application scenarios and help protect user privacy.

Key words: decentralized digital identity, terminal security, privacy security, zero-knowledge proof

中图分类号:

D630
F49

焦志伟, 吴正豪, 徐亦佳, 魏凡星. 基于隐私保护的分布式数字身份认证技术研究及实践探索[J]. 信息通信技术与政策, 2024, 50(1): 59-66.

JIAO Zhiwei, WU Zhenghao, XU Yijia, WEI Fanxing. Research and practice of decentralized digital identity authentication technology based on privacy protection[J]. Information and Communications Technology and Policy, 2024, 50(1): 59-66.

导出引用管理器 EndNote|Ris|BibTeX

链接本文:

http://ictp.caict.ac.cn/CN/10.12267/j.issn.2096-5931.2024.01.009

http://ictp.caict.ac.cn/CN/Y2024/V50/I1/59

图/表 4

图1 基于隐私保护的分布式数字身份认证技术架构

图2 分布式数字身份认证数据处理流程

图3 基于密码口令的传统用户身份认证流程

图4 基于密码承诺和ZKP的分布式身份认证流程

参考文献 10

[1]	SecretFlow YACL. Yet another common crypto library[EB/OL]. 2023[2023-12-08]. https://github.com/secretflow/yacl.
[2]	OKAMOTO T. Provably secure and practical identification schemes and corresponding signature schemes[C]//In Advances in Cryptology:CRYPTO’92. Berlin, Heidelberg: Springer, 1993: 31-53.
[3]	WEN A J, MARTIN K M, KEEFE C M. Mutually trusted authority-free secret sharing schemes[J]. Journal of Cryptology, 1997, 10(4):261-289. doi: 10.1007/s001459900031 URL
[4]	NOJOUMIAN M, DOUGLAS R M. On dealer-free dynamic threshold schemes[J]. Advances in Mathematics of Communications, 2013, 7(1):39-56. doi: 10.3934/amc.2013.7.39 URL
[5]	STANISłAW J, AGGELOS K, HUGO K, et al. TOPPSS: cost-minimal password-protected secret sharing based on threshold OPRF[C]. In Applied Cryptography and Network Security, 2017: 39-58.
[6]	CARSTEN B, TORE K F, JULIA H, et al. PESTO: proactively secure distributed single sign-on, or how to trust a hacked server[C]. In IEEE European Symposium on Security and Privacy (EuroS&P), 2020: 587-606.
[7]	RONALD C, IVAN D, BERRY S. Proofs of partial knowledge and simplified design of witness hiding protocols[C]// YVO G D. In Advances in Cryptology:CRYPTO’94. Berlin, Heidelberg: Springer, 1994:174-187.
[8]	JAN C, MARKUS S. Proof systems for general statements about discrete logarithms[R], 1997.
[9]	JENS G, MARKULF K. One-out-of-many proofs: or how to leak a secret and spend a coin[C]// ELISABETH O, MARC F. In Advances in Cryptology:EUROCRYPT 2015. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer, 2015:253-280.
[10]	STEFANO T, CHENZHI Z. Revisiting BBS signatures[C]// CARMIT H, MARTIJN S. In Advances in Cryptology:EUROCRYPT 2023. Lecture Notes in Computer Science. Cham: Springer Nature Switzerland, 2023: 691-721.

基于隐私保护的分布式数字身份认证技术研究及实践探索

Research and practice of decentralized digital identity authentication technology based on privacy protection

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 10

相关文章 2

编辑推荐

Metrics

本文评价

[1]	毕丹阳, 景越, 李婧璇, 李海花. 分布式数字身份及其在工业互联网中的应用*[J]. 信息通信技术与政策, 2021, 47(10): 7-.
[2]	李雅文. 我国电信和互联网领域个人信息保护制度研究[J]. 信息通信技术与政策, 2018, 44(6): 28-30.