基于智能合约的双因素身份认证方案

doi:10.3969/j.issn.1006-2475.2023.10.018

摘要/Abstract

摘要： 以区块链和密码学技术为支撑的加密货币的兴起，打破了传统的中心化交易模式。但在它带来诸多便利的同时，也暴露了缺陷。当加密货币的合法用户密钥遗失或有攻击者利用合约漏洞非法转移资金时，系统缺乏额外的身份认证和资金托管功能，这会导致用户失去资金的控制权。针对这些问题，本文方案将对用户的账户资金跟踪管理规则写进智能合约中，在特定的异常情况下，强制用户调用双因素认证方案（结合非交互零知识证明、默克尔树、ElGamal算法等方法）来验证合法身份，防止攻击者非法转移资金。通过仿真实验与其他方案对比的结果显示，该方案在安全性和效率上有一定的提升。

关键词: 关键词：非交互零知识证明, ElGamal算法, 默克尔树, 身份认证

Abstract: Due to the rise of cryptocurrencies underpinned by blockchain and cryptography， the traditional centralized transaction model has been broken. But while it brings many conveniences， it also exposes flaws. When the user key of the cryptocurrency is lost or an attacker exploits the contract vulnerability to illegally transfer funds， the system lacks additional authentication and fund custody functions， which will cause the user to lose control of the funds. In view of these problems, the proposed proposal will write the user’s account fund tracking management rules into the smart contract, and force the user to call the two-factor authentication scheme （combined with non-interactive zero-knowledge proof， Merkle tree， ElGamal algorithm and other methods） to verify the legal identity and prevent attackers from illegally transferring funds under specific abnormal circumstances. The results of comparison with other schemes show that the scheme has a certain improvement in safety and efficiency.

Key words: Key words: NIZK, ElGamal algorithm, Merkle tree, identity authentication

中图分类号:

TP391

刘鑫, 柳毅. 基于智能合约的双因素身份认证方案[J]. 计算机与现代化, 2023, 0(10): 121-126.

LIU Xin, LIU Yi. Two-factor Authentication Scheme Based on Smart Contract[J]. Computer and Modernization, 2023, 0(10): 121-126.

参考文献

［1］ MEHAR M I， SHIER C L， GIAMBATTISTA A， et al. Understanding a revolutionary and flawed grand experiment in blockchain: The DAO attack［J］. Journal of Cases on Information Technology， 2019，21（1）:19-32.
［2］ Binance. Binance security breach update［EB/OL］. （2019-05-17）［2022-09-28］. https://binance.zendesk.com/hc/en-us/articles/360028031711.
［3］ Citowise Developments. Citowise wallet［EB/OL］. （2019-07-13）［2022-09-28］. https://cryptocompare.com/wallets/citowise.
［4］ BONNEAU J， MILLER A， CLARK J， et al. SoK: Research perspectives and challenges for bitcoin and cryptocurrencies［C］// Proceedings of the 2015 IEEE Symposium on Security and Privacy. 2015:104-121.
［5］ BAGHERZANDI A， JARECKI S， SAXENA N， et al. Password-protected secret sharing［C］// Proceedings of the 18th ACM Conference on Computer and Communications Security. 2011:433-444.
［6］ FRANKENFIELD J. Blockchain wallet: What it is， how it works， security issues［EB/OL］. （2022-01-13）［2022-09-28］. https://www.investopedia.com/terms/b/blockchain-wallet.asp.
［7］ HOMOLIAK I， BREITENBACHER D， HUJNAK O， et al. SmartOTPs: An air-gapped 2-factor authentication for smart-contract wallets［C］// Proceedings of the 2nd ACM Conference on Advances in Financial Technologies. 2020:145-162.
［8］ ZHOU J， QU R， SUN L Y. Securing blockchain wallets efficiently based on threshold ECDSA scheme without trusted center［C］// Proceedings of the 2021 Asia-Pacific Conference on Communications Technology and Computer Science. 2021:47-51.
［9］ MAXWELL G， POELSTRA A， SEURIN Y， et al. Simple Schnorr multi-signatures with applications to bitcoin［J］. Designs， Codes and Cryptography， 2019，87（9）:2139-2164.
［10］ MOSER M， EYAL I， GUN SIRER E. Bitcoin covenants［C］// Proceedings of the 2016 International Conference on Financial Cryptography and Data Security. 2016:126-141.
［11］ BREUER F， GOYAL V， MALAVOLTA G. Cryptocurrencies with security policies and two-factor authentication［C］// Proceedings of the 2021 IEEE European Symposium on Security and Privacy. 2021:140-158.
［12］ DE CRISTOFARO E， DU H L， FREUDIGER J， et al. A comparative usability study of two-factor authentication［J］. arXiv preprint arXiv:1309.5344， 2013.
［13］ GOLDWASSER S， MICALI S， RACKOFF C. The knowledge complexity of interactive proof systems［J］. SIAM Journal on Computing， 1989，18（1）:186-208.
［14］ BLUM M， FELDMAN P， MICALI S. Non-interactive zero-knowledge and its applications［C］// Proceedings of the 20th Annual ACM Symposium on Theory of Computing. 1988:103-112.
［15］ BLUM M， DE SANTIS A， MICALI S. Noninteractive zero-knowledge［J］. SIAM Journal on Computing， 1991，20（6）:1084-1118.
［16］ POINTCHEVAL D， STERN J. Security proofs for signature schemes［C］// Proceedings of the 15th Annual International Conference on the Theory and Applications of Cryptographic Techniques. 1996:387-398.
［17］ AMRUTIYA V， JHAMB S， PRIYADARSHI P， et al. Trustless two-factor authentication using smart contracts in blockchains［C］// Proceedings of the 2019 International Conference on Information Networking. 2019:66-71.
［18］ ATENIESE G， FAONIO A， MAGRI B， et al. Certified bitcoins［C］// Proceedings of the 2014 International Conference on Applied Cryptography and Network Security. 2014:80-96.
［19］ MANN C， LOEBENBERGER D. Two-factor authentication for the bitcoin protocol［J］. International Journal of Information Security， 2017，16（2）:213-226.
［20］ BAMERT T， DECKER C， WATTENHOFER R， et al. BlueWallet: The secure bitcoin wallet［C］// Proceedings of the 2014 International Workshop on Security and Trust Management. 2014:65-80.
［21］ WOOD G. Ethereum: A secure decentralised generalised transaction ledger［R］. Ethereum Project Yellow Paper， 2014，151:1-32.
［22］ COURTOIS N， SONG G Y， CASTELLUCCI R. Speed optimizations in bitcoin key recovery attacks［J］. Tatra Mountains Mathematical Publications， 2016，67（1）:55-68.
［23］ ARAPINIS M， GKANIATSOU A， KARAKOSTAS D， et al. A formal treatment of hardware wallets［M］// Financial Cryptography and Data Security. 2019:426-445.
［24］ Kraken. Kraken identifies critical flaw in trezor hardware wallets［EB/OL］. （2020-09-23）［2022-09-28］. https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets.
［25］ MILLER A， XIA Y， CROMAN K， et al. The honey badger of BFT protocols［C］// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016:31-42.
［26］ TORRES C F， STEICHEN M， STATE R. The art of the scam: Demystifying honeypots in Ethereum smart contracts［C］// Proceedings of the 28th USENIX Security Symposium. 2019:1591-1607.
［27］ DHAKAL V， FEIT A M， KRISTENSSON P O， et al. Observations on typing from 136 million keystrokes［C］// Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 2018. DOI: 10.1145/3173574.3174220.

[1]	何思达, 陈平华. 基于意图的轻量级自注意力序列推荐模型[J]. 计算机与现代化, 2024, 0(12): 1-9.
[2]	赵晨阳, 薛涛, 刘俊华. 基于改进Stable Diffusion的时尚服饰图案生成[J]. 计算机与现代化, 2024, 0(12): 15-23.
[3]	黄庭培1, 马禄彪1, 李世宝2, 刘建航1. 基于WiFi和原型网络的手势识别方法[J]. 计算机与现代化, 2024, 0(12): 34-39.
[4]	刘云海1, 冯广1, 吴晓婷2, 杨群2. 复杂施工场景下的安全帽佩戴检测算法[J]. 计算机与现代化, 2024, 0(12): 66-71.
[5]	张志霞, 秦志毅. 基于变分模态分解和IGJO-SVR的网络舆情预测[J]. 计算机与现代化, 2024, 0(11): 77-83.
[6]	万鸿炜, 陈平华. 基于Involution算子和协调反向注意力的息肉图像分割[J]. 计算机与现代化, 2024, 0(11): 84-90.
[7]	杨正科, 沈小东, 王凯翔, 何立. 基于改进麻雀搜索算法的接地网腐蚀故障定位[J]. 计算机与现代化, 2024, 0(10): 14-20.
[8]	韩瑞超, 孟令军, 敖利丞, 谢宇斌, 甄明硕. 基于改进YOLOv5的施工防护佩戴检测[J]. 计算机与现代化, 2024, 0(10): 49-54.
[9]	王佳1, 顾文俊1, 鞠炜刚2, 李玉维1, 张云龙2, 米传民3, 周志鹏3. 基于多元级差优良化遗传算法的环境拓扑结构任务调度[J]. 计算机与现代化, 2024, 0(10): 65-73.
[10]	杨世军1, 狄广义1, 高军1, 陈见飞1, 王耀坤1, 季晓晗2. 跨模态注意力融合和信息感知的情感一致检测[J]. 计算机与现代化, 2024, 0(10): 113-119.
[11]	于天一, 李剑锋, 陈海龙, 翟军. 隐性角色下的协同推荐算法[J]. 计算机与现代化, 2024, 0(09): 1-7.
[12]	薛浩, 马静, 郭小宇. 基于Focal Loss改进LightGBM的供水管网毛刺数据检测[J]. 计算机与现代化, 2024, 0(09): 74-81.
[13]	程萌, 李浩. 改进YOLOv5s的落叶树鸟巢检测方法[J]. 计算机与现代化, 2024, 0(08): 24-29.
[14]	时现伟1, 范鑫2. 基于轻量化的视频帧场景语义分割方法[J]. 计算机与现代化, 2024, 0(08): 49-53.
[15]	赵小明, 潘婷, 刘伟锋. 基于图像分类的自动绘画心理分析方法[J]. 计算机与现代化, 2024, 0(08): 92-97.