OpenID Protocol Based on SM9 Blind Signature

Abstract

Abstract: OpenID is a user-centered digital identity recognition framework and a decentralized online identity authentication system. It has the characteristics of openness, decentralization and freedom. However, some existing OpenID protocols still have many deficiencies in effectively protecting user privacy. For example, identity providers can learn the relying party information logged in by users through each use. In view of the above problems, a design idea of the OpenID protocol based on blind signature is proposed, which blinds the website identifier of the OpenID relying party. This paper first designs an identity-based blind signature scheme based on the national secret algorithm SM9, and proves that the security of this scheme depends on SM9 signature scheme. Then, based on the above blind signature scheme, an OpenID protocol is designed. Finally, the efficiency and security of the proposed OpenID protocol are demonstrated through simulation experiments and theoretical analysis.

Key words: OpenID protocol, SM9 algorithm, blind signature, security analysis

WANG Xuan, WANG Zhi-wei, . OpenID Protocol Based on SM9 Blind Signature[J]. Computer and Modernization, 2022, 0(12): 111-117.

References

［1］ GONG L, ALGHAZZAWI D M, CHENG L. BCoTsentry: A blockchain-based identity authentication framework for IoT devices［J］. Information, 2021,12(5). DOI:10.3390/info12050203.
［2］李雄. 多种环境下身份认证协议的研究与设计［D］. 北京:北京邮电大学, 2012.
［3］ SUCASAS V, MANTAS G, RADWAN A, et al. An OAuth2-based protocol with strong user privacy preservation for smart city mobile e-Health apps［C］// 2016 IEEE International Conference on Communications (ICC). 2016. DOI:10.1109/ICC.2016.7511598.
［4］胡共由. 基于OpenID物联网应用统一认证技术的研究［D］. 上海:复旦大学, 2013.
［5］ BELLAMY-MCINTYRE J, LUTERROTH C, WEBER G. OpenID and the enterprise: A model-based analysis of single sign-on authentication［C］// Proceedings of the 2011 IEEE 15th International Enterprise Distributed Object Computing Conference. 2011:129-138.
［6］鲁金钿,尧利利,何旭东,等. 改进的OpenID Connect协议及其安全性分析［J］. 计算机应用, 2017,37(5):1347-1352.
［7］ RECORDON D, REED D. OpenID 2.0: A platform for user-centric identity management［C］// Proceedings of the 2nd ACM Workshop on Digital Identity Management. 2006:11-16.
［8］刘艳民,鄂海红. 基于OpenID2.0的认证授权系统的分析与设计［J］. 软件, 2015,36(10):1-4.
［9］ GOLDWASSER S, MICALI S. Probabilistic encryption［J］. Journal of Computer and System Sciences, 1984,28(2):270-299.
［10］刘艳民. 基于OpenID的认证授权系统的研究与设计［D］. 北京:北京邮电大学, 2016.
［11］HAMMANN S, SASSE R, BASIN D. Privacy-preserving OpenID connect［C］// Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. 2020:277-289.
［12］CHAUM D. Blind signatures for untraceable payments［C］// Proceedings of CRYPTO ’82. 1982:199-203.
［13］CHAUM D. Blind signature system［C］// Proceedings of CRYPTO ’83. 1983. DOI: 10.1007/978-1-4684-4730-9_14.
［14］CHAUM D, FIAT A, NAOR M. Untraceable electronic cash［C］// Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology. 1988:319-327.
［15］袁峰,程朝辉. SM9标识密码算法综述［J］. 信息安全研究, 2016,2(11):1008-1027.
［16］OLIVEIRA L B, DAHAB R, LOPEZ J, et al. Identity-based encryption for sensor networks［C］// Proceedings of the 15th IEEE International Conference on Pervasive Computing and Communications Workshops. 2007:290-294.
［17］WIENER M J. Cryptanalysis of short RSA secret exponents［J］. IEEE Transactions on Information Theory, 1990,36(3):553-558.
［18］CASTAGNOS G, LAGUILLAUMIE F. Linearly homomorphic encryption from DDH［C］// CT-RSA 2015. 2015:487-505.
［19］PAILLIER P. Public-key cryptosystems based on composite degree residuosity classes［C］// Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques. 1999:223-238.
［20］CASTAGNOS G, CATALANO D, LAGUILLAUMIE F, et al. Two-party ECDSA from hash proof systems and efficient instantiations［C］// 39th Annual International Cryptology Conference. 2019:191-221.
［21］YUEN T H, CUI H, XIE X. Compact zero-knowledge proofs for threshold ECDSA with trustless setup［C］// IACR International Conference on Public-Key Cryptography. 2021:481-511.
［22］JAULMES , JOUX A. A chosen-ciphertext attack against NTRU［C］// Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology. 2000:20-35.
［23］ZHANG J, KANG J, TENG G, et al. Study on secure communication of internet of vehicles based on identity-based cryptograph［C］// 2021 13th International Conference on Advanced Infocomm Technology (ICAIT). 2021:156-160.
［24］赖建昌,黄欣沂,何德彪,等. 国密SM9数字签名和密钥封装算法的安全性分析［J］. 中国科学(信息科学), 2021,51(11):1900-1913.
［25］张柁苧,王雄,池亚平. 基于SM9的OpenStack双向认证方案研究与设计［J］. 北京电子科技学院学报, 2021,29(4):45-50.
［26］CREMERS C J. The scyther tool: Verification, falsification, and analysis of security protocols［C］// Proceedings of the 20th International Conference on Computer Aided Verification. 2008:414-418.

[1]	CHE Jia-li, REN Jun-ling. Single Bid Trading Mode Based on Security Performance [J]. Computer and Modernization, 2021, 0(03): 41-45.
[2]	ZHANG Xi, WANG Jian. A Public Integrity Auditing Scheme Based on Blind Signature for Shared Data in Cloud [J]. Computer and Modernization, 2020, 0(04): 60-.
[3]	MAO Yu-fang, DENG Lun-zhi. An Identity-based Blind Signature Scheme and Its Security Proof [J]. Computer and Modernization, 2017, 0(4): 105-108.
[4]	WAN Zhong-bao;JI Miao-wei. An Improved Group Blind Signature Scheme [J]. Computer and Modernization, 2013, 1(5): 99-102.
[5]	YUAN Huan;LU Yuliang;SONG Shunhong;HUANG Hui . An Attack Graph Model Using Greedy Policy [J]. Computer and Modernization, 2010, 1(7): 63-67.
[6]	CHENG Ying;XIAO Mei-hua. Analysis and Improvement of Otway-Rees Protocol [J]. Computer and Modernization, 2010, 1(6): 74-0076.
[7]	YANG Sigen;PENG Changgen. A New Identitybased Proxy Blind Signature Scheme [J]. Computer and Modernization, 2010, 1(4): 0-69.