Abstract
The fast expansion of the Internet, as well as people’s concern for personal privacy and security, have raised the expectations for the identity authentication process. Although current controlled anonymous authentication techniques may provide anonymous authentication and supervision, they are inefficient. The one issue is the high processing cost of presenting and verifying the certificate. Another issue is that a single certification authority (CA) cannot reply timely when there are various requests for certificates and tracing fraudulent users. This article presents an efficient blockchain-based anonymous authentication and supervision system (EAAS) to overcome these issues. In comparison to previous solutions, our EAAS system adopts a double-layer CA architecture to address the issue that a single CA cannot react to a large number of requests in a short period of time. Additionally, it reduces the computational cost, making certificate presentation and verification more effective. Security analysis indicates that the proposed scheme enjoys anonymity, traceability, and unlinkability, and can resist forgery attacks. The theoretical and experimental comparison demonstrates its practicality in terms of presenting and verifying the certificate.
Similar content being viewed by others
Availability of supporting data
Not applicable.
References
Szymkowiak A, Melović B, Dabić M, Jeganathan K, Kundi GS (2021) Information technology and gen z: the role of teachers, the internet, and technology in the education of young people. Technol Soc 65:101565. https://doi.org/10.1016/j.techsoc.2021.101565
Hussain M, Mehmood A, Khan S, Khan MA, Iqbal Z (2019) Authentication techniques and methodologies used in wireless body area networks. J Syst Archit 101:101655. https://doi.org/10.1016/j.sysarc.2019.101655
Wang D, Zhao J, Wang Y (2020) A survey on privacy protection of blockchain: the technology and application. IEEE Access 8:108766–108781. https://doi.org/10.1109/ACCESS.2020.2994294
Camenisch J et al (2010) Specification of the identity mixer cryptographic library. IBM Research–Zurich 1–48
Wang Y, Wang Z, Zhao M, Han X, Zhou H, Wang X, Voundi Koe AS (2022) BSM-ether: bribery selfish mining in blockchain-based healthcare systems. Inf Sci 601:1–17. https://doi.org/10.1016/j.ins.2022.04.008
Wang Z, Fan J, Cheng L, An H-Z, Zheng H-B, Niu J-X (2019) Supervised anonymous authentication scheme. J Softw 6:1705–1720. https://doi.org/10.13328/j.cnki.jos.005746
Boneh D, Boyen X, Shacham H (2004) Short group signatures. In: Franklin M (ed) Advances in Cryptology – CRYPTO 2004. Springer, Berlin, Heidelberg, pp 41–55. https://doi.org/10.1007/978-3-540-28628-8_3
Ho T-H, Yen L-H, Tseng C-C (2015) Simple-yet-efficient construction and revocation of group signatures. Int J Found Comput Sci 26(5):611–624. https://doi.org/10.1142/S0129054115500343
Liang W, Wang Y, Ding Y, Zheng H, Liang H, Wang H (2022) An efficient anonymous authentication and supervision system based on blockchain. In: 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC), Guilin, China. pp 306–313. https://doi.org/10.1109/DSC55868.2022.00048
Kou G, Chen L (2021) An supervisable anonymous authentication scheme based on master-slave certificate. In: 2021 IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), Chongqing, China. pp 2127–2131. https://doi.org/10.1109/IAEAC50856.2021.9390874
I’Anson C, Mitchell C (1990) Security defects in CCITT recommendation x. 509: the directory authentication framework. ACM SIGCOMM Computer Communication Review 20(2):30–34
Lyons-Burke K (2000) Federal agency use of public key technology for digital signatures and authentication. Technical report, Booz-Allen and Hamilton Inc Mclean VA. https://apps.dtic.mil/sti/pdfs/ADA393324.pdf
Zulfiqar M, Janjua MU, Hassan M, Ahmad T, Saleem T, Stokes JW (2022) Tracking adoption of revocation and cryptographic features in x. 509 certificates. Int J Inf Secur 21:653–668. https://doi.org/10.1007/s10207-021-00572-5
Saleem T, Janjua MU, Hassan M, Ahmad T, Tariq F, Hafeez K, Salal MA, Bilal MD (2022) Proofchain: an x.509-compatible blockchain-based PKI framework with decentralized trust. Comput Netw 213:109069. https://doi.org/10.1016/j.comnet.2022.109069
Weinshall D (2006) Cognitive authentication schemes safe against spyware. In: 2006 IEEE Symposium on Security and Privacy (S &P’06). pp 6–300. https://doi.org/10.1109/SP.2006.10
Tian X, Zhu RW, Wong DS (2007) Improved efficient remote user authentication schemes. Int J Netw Secur 4(2):149–154. https://doi.org/10.6633/IJNS.200703.4(2).04
Wang W, Xu H, Alazab M, Gadekallu TR, Han Z, Su C (2021) Blockchain-based reliable and efficient certificateless signature for IIoT devices. IEEE Trans Ind Inf 18(10):7059–7067. https://doi.org/10.1109/TII.2021.3084753
Deebak BD, Memon FH, Khowaja SA, Dev K, Wang W, Qureshi NMF, Su C (2023) A lightweight blockchain-based remote mutual authentication for AI-empowered IoT sustainable computing systems. IEEE Internet Things J 10(8):6652–6660. https://doi.org/10.1109/JIOT.2022.3152546
Wen B, Wang Y, Ding Y, Zheng H, Qin B, Yang C (2023) Security and privacy protection technologies in securing blockchain applications. Inf Sci 645:119322. https://doi.org/10.1016/j.ins.2023.119322
Zhang T, Wang Y, Ding Y, Wu Q, Liang H, Wang, H (2022) Multi-party electronic contract signing protocol based on blockchain. IEICE Trans Inf Syst E105.D(2):264–271. https://doi.org/10.1587/transinf.2021BCP0011
Cao Y, Wang Y, Ding Y, Guo Z, Wu Q, Liang H (2023) Blockchain-empowered security and privacy protection technologies for smart grid. Comput Stand Interfaces 85:103708. https://doi.org/10.1016/j.csi.2022.103708
Huang X, Ding Y, Zheng H, Luo D, Wang Y, Wu J, Zhang L (2022) A privacy-preserving credit bank supervision framework based on redactable blockchain. In: Svetinovic D, Zhang Y, Luo X, Huang X, Chen X (eds) Blockchain and trustworthy systems. Springer, Chengdu, China, pp 18–30. https://doi.org/10.1007/978-981-19-8043-5_2
Chen L, Wang Y, Ding Y, Liang H, Yang C, Wang H (2023) Iot-assisted blockchain-based car rental system supporting traceability. In: Wang X, Sapino ML, Han WS, El Abbadi A, Dobbie G, Feng Z, Shao Y, Yin H (eds) Database systems for advanced applications. Springer, Tianjin, China, pp 712–718. https://doi.org/10.1007/978-3-031-30678-5_61
Li P, Lai J, Wu Y (2021) Event-oriented linkable and traceable anonymous authentication and its application to voting. J Inf Secur Appl 60:102865. https://doi.org/10.1016/j.jisa.2021.102865
Barki A, Desmoulins N, Gharout S Traoré J (2017) Anonymous attestations made practical. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks. WiSec ’17, pp. 87–98. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3098243.3098258
Deng L, Zeng J (2014) Two new identity-based threshold ring signature schemes. Theor Comput Sci 535:38–45. https://doi.org/10.1016/j.tcs.2014.04.002
Yang X, Wu W, Liu JK, Chen X (2015) Lightweight anonymous authentication for Ad Hoc group: A ring signature approach. In: Au M-H, Miyaji A (eds) Provable Security. Springer, Cham, pp 215–226. https://doi.org/10.1007/978-3-319-26059-4_12
Harishma B, Mathew P, Patranabis S, Chatterjee U, Agarwal U, Maheshwari M, Dey S, Mukhopadhyay D (2022) Safe is the new smart: PUF-based authentication for load modification-resistant smart meters. IEEE Trans. Dependable Secure Comput 19(1):663–680. https://doi.org/10.1109/TDSC.2020.2992801
Vasco MIG, Pozo ALPD, Soriente C (2021) A key for John Doe: modeling and designing anonymous password-authenticated key exchange protocols. IEEE Trans Dependable Secure Comput 18(3):1336–1353. https://doi.org/10.1109/TDSC.2019.2919013
Maji HK, Prabhakaran M, Rosulek M (2011) Attribute-based signatures. In: Kiayias A (ed) Topics in Cryptology – CT-RSA 2011. Springer, Berlin, Heidelberg, pp 376–392. https://doi.org/10.1007/978-3-642-19074-2_24
Bellare M, Fuchsbauer G (2014) Policy-based signatures. In: Krawczyk H (ed) Public-Key Cryptography – PKC 2014. Springer, Berlin, Heidelberg, pp 520–537. https://doi.org/10.1007/978-3-642-54631-0_30
Tan S-Y, Groß T (2020) Monipoly—an expressive Q-SDH-based anonymous attribute-based credential system. In: Moriai S, Wang H (eds) Advances in Cryptology – ASIACRYPT 2020. Springer, Cham, pp 498–526. https://doi.org/10.1007/978-3-030-64840-4_17
Crites EC, Lysyanskaya A (2019) Delegatable anonymous credentials from mercurial signatures. In: Matsui M (ed) Topics in Cryptology – CT-RSA 2019. Springer, Cham, pp 535–555. https://doi.org/10.1007/978-3-030-12612-4_27
Blömer J, Bobolz J, Diemert D, Eidens F (2019) Updatable anonymous credentials and applications to incentive systems. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. CCS ’19. Association for Computing Machinery, New York, NY, USA, pp 1671–1685. https://doi.org/10.1145/3319535.3354223
Deuber D, Maffei M, Malavolta G, Rabkin M, Schröder D, Simkin M (2018) Functional credentials. Proc Priv Enhancing Technol 2018(2):64–84. https://doi.org/10.1515/popets-2018-0013
Yang R, Au MH, Xu Q, Yu Z (2019) Decentralized blacklistable anonymous credentials with reputation. Comput Secur 85:353–371. https://doi.org/10.1016/j.cose.2019.05.009
Camenisch J, Drijvers M, Lehmann A (2016) Universally composable direct anonymous attestation. In: Cheng C-M, Chung K-M, Persiano G, Yang B-Y (eds) Public-Key Cryptography – PKC 2016. Springer, Berlin, Heidelberg, pp 234–264. https://doi.org/10.1007/978-3-662-49387-8_10
Urquidi M, Khader D, Lancrenon J, Chen L (2016) Attribute-based signatures with controllable linkability. In: Yung M, Zhang J, Yang Z (eds) Trusted Systems. Springer, Cham, pp 114–129. https://doi.org/10.1007/978-3-319-31550-8_8
Wang X, Chen Y, Ma X (2019) Adding linkability to ring signatures with one-time signatures. In: Lin Z, Papamanthou C, Polychronakis M (eds) Information Security. Springer, Cham, pp 445–464. https://doi.org/10.1007/978-3-030-30215-3_22
Slamanig D, Spreitzer R, Unterluggauer T (2014) Adding controllable linkability to pairing-based group signatures for free. In: Chow SSM, Camenisch J, Hui LCK, Yiu SM (eds) Information Security. Springer, Cham, pp 388–400. https://doi.org/10.1007/978-3-319-13257-0_23
Zheng H, Wu Q, Guan Z, Qin B, He S, Liu J (2019) Achieving liability in anonymous communication: auditing and tracing. Comput Commun 145:1–13. https://doi.org/10.1016/j.comcom.2019.05.021
Derler D, Slamanig D (2018) Highly-efficient fully-anonymous dynamic group signatures. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security. ASIACCS ’18. Association for Computing Machinery, New York, NY, USA, pp 551–565. https://doi.org/10.1145/3196494.3196507
Kuchta V, Sahu RA, Saraswat V, Sharma G, Sharma N, Markowitch O (2018) Anonymous yet traceable strong designated verifier signature. In: Chen L, Manulis M, Schneider S (eds) Information Security. Springer, Cham, pp 403–421. https://doi.org/10.1007/978-3-319-99136-8_22
Gu K, Wang K, Yang L (2019) Traceable attribute-based signature. J Inf Secur Appl 49:102400. https://doi.org/10.1016/j.jisa.2019.102400
Kaaniche N, Laurent M (2016) Attribute-based signatures for supporting anonymous certification. In: Askoxylakis I, Ioannidis S, Katsikas S, Meadows C (eds) Computer Security – ESORICS 2016. Springer, Cham, pp 279–300. https://doi.org/10.1007/978-3-319-45744-4_14
Chaum D, Van Heyst E (1991) Group signatures. In: Proceedings of the 10th Annual International Conference on Theory and Application of Cryptographic Techniques. EUROCRYPT’91. Springer, Berlin, Heidelberg, pp 257–265. https://doi.org/10.1007/3-540-46416-6_22
Blum M, Feldman P, Micali S (1988) Non-interactive zero-knowledge and its applications. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing. STOC ’88. Association for Computing Machinery, New York, NY, USA, pp 103–112. https://doi.org/10.1145/62212.62222
Acknowledgements
This article was supported in part by the National Key R&D Program of China under project 2020YFB1006003, the Guangxi Natural Science Foundation under grants 2019GXNSFGA245004 and 2023GXNSFAA026236, the National Natural Science Foundation of China under projects 62162017, 62172119 and 61962012, the Zhejiang Provincial Natural Science Foundation of China under Grant No. LZ23F020012, the Swift Fund Fintech Funding, the Guangdong Key R&D Program under project 2020B0101090002, and the special fund of the High-level Innovation Team and Outstanding Scholar Program for universities of Guangxi.
Author information
Authors and Affiliations
Contributions
All authors contributed to the study conception and design. Material preparation, data collection, and analysis were performed by Weiyou Liang. The first draft of the manuscript was written by Weiyou Liang and all authors reviewed and edited all versions of the manuscript. All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Ethics approval
Not applicable.
Consent to participate
Yes.
Consent for publication
Yes.
Human and animal ethics
Not applicable.
Conflict of interest
The authors declare that they have no conflict of interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Liang, W., Wang, Y., Ding, Y. et al. An efficient blockchain-based anonymous authentication and supervision system. Peer-to-Peer Netw. Appl. 16, 2492–2511 (2023). https://doi.org/10.1007/s12083-023-01518-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-023-01518-5