计算机科学 ›› 2023, Vol. 50 ›› Issue (6): 307-312.doi: 10.11896/jsjkx.220600069
肖健, 杨敏
XIAO Jian, YANG Min
摘要: 针对区块链缺少恢复机制导致用户私钥一旦丢失就难以找回的问题,提出了一种基于口令、秘密问题和指纹的多因素区块链私钥保护方案。该方案无需用户存储额外信息且可以完全在线上实施,并采用了抗遗忘的因素访问策略。在注册阶段,用户需要提供所有因素信息(包括口令、秘密问题和指纹)以及区块链私钥,并使用秘密共享方案为一组服务器分配秘密份额。在恢复阶段,用户仅需要提供部分因素并向多个服务器发送恢复申请,即可获得其秘密份额的信息并以此重构出区块链私钥。实验结果和启发式安全分析表明,该方案中客户端和服务端的计算开销都在毫秒级,可以抵抗已知攻击且通过支持多因素提供了更好的安全性。
中图分类号:
[1]HAN X,YUAN Y,WANG F Y.Security Problems on Block-chain:The State of the Art and Future Trends[J].Acta Automatica Sinica,2019,45(1):206-225. [2]JIANG Y.Vernacular Blockchain [M].Beijing:China Machine Press,2017:363-365. [3]LEE W,JIN J H,LEE M J.A Robust Identity Recovery Scheme for the Ethereum Blockchain Platform[J].International Information Institute(Tokyo).Information,2017,20(11):8133-8141. [4]ZHU Y,XIA L,SENEVIRATNE O.A Proposal for AccountRecovery in Decentralized Applications[C]//2019 IEEE International Conference on Blockchain(Blockchain).Halifax:IEEE,2019:148-155. [5]LUSETTI M,SALSI L,DALLATANA A.A Blockchain Based Solution for the Custody of Digital Files in Forensic Medicine[J].Forensic Science International:Digital Investigation,2020,35:1-11. [6]RAMOS S,PIANESE F,LEACH T,et al.A Great Disturbance in the Crypto:Understanding Cryptocurrency Returns Under Attacks[J].Blockchain:Research and Applications,2021,2(3):100021. [7]ALFANDI O,KHANJI S,AHMAD L,et al.A Survey on Boosting IoT Security and Privacy through Blockchain[J].Cluster Computing,2021,24(1):37-55. [8]JARECKI S,KIAYIAS A,KRAWCZYK H,et al.TOPPSS:Cost-Minimal Password-Protected Secret Sharing Based on Threshold OPRF[C]//International Conference on Applied Cryptography and Network Security.Cham:Springer,2017:39-58. [9]JIANG J,WANG D,ZHANG G,et al.Quantum-Resistant Password-Based Threshold Single-Sign-On Authentication with Updatable Server Private Key[C]//European Symposium on Research in Computer Security.Cham:Springer,2022:295-316. [10]HITAJ B,GASTI P,ATENIESE G,et al.Passgan:A DeepLearning Approach for Password Guessing[C]//International Conference on Applied Cryptography and Network Security.Cham:Springer,2019:217-237. [11] LEE K,SJÖBERG S,NARAYANAN A.Password Policies of Most Top Websites Fail to Follow Best Practices[C]//Eighteenth Symposium on Usable Privacy and Security.2022:561-580. [12]LAI Y L,LI M,LIANG S N,et al.Lossless Fuzzy ExtractorEnabled Secure Authentication Using Low Entropy Noisy Sources[J].Journal of Information Security and Applications,2021,58:43-49. [13]CANETTI R,FULLER B,PANETH O,et al.Reusable Fuzzy Extractors for Low-Entropy Distributions[J].Journal of Cryptology,2021,34(1):1-33. [14]MICALLEF N,ARACHCHILAGE N A G.UnderstandingUsers' Perceptions to Improve Fallback Authentication[J].Personal and Ubiquitous Computing,2021,25(5):893-910. [15]YANG W,WANG S,HU J,et al.Security and Accuracy of Fingerprint-Based Biometrics:A review[J].Symmetry,2019,11(2):141. |
|