CN-122001667-A - Web3.0-oriented identity authentication method and system under privacy chain

Abstract

The invention discloses a Web3.0-oriented identity authentication method and system under a privacy chain, and belongs to the technical field of blockchains. The method comprises the steps of generating a random private key and a Web3.0 account address corresponding to the random private key, constructing an anti-attack parameter containing the Web3.0 account address and the random number, carrying the anti-attack parameter to finish user identity authentication in a central avatar system to obtain response data and an authorizer identifier, obtaining a user payment password, combining the response data with the authorizer identifier to generate an on-chain identifier, and finishing user identity authentication based on the on-chain identifier. The invention can realize the safe, efficient and privacy-preserving seamless connection of the Web2.0 identity and the Web3.0 blockchain identity.

Inventors

• CHEN ZHONG
• GUAN ZHI
• OU YI
• ZHANG LUE
• HE YIFEI
• Ran Shengwen

Assignees

• 北京大学

Dates

Publication Date

20260508

Application Date

20260313

Claims (10)

1. 1. A Web3.0-oriented identity authentication method under a privacy chain comprises the following steps: generating a random private key and a Web3.0 account address corresponding to the random private key, and constructing an anti-attack parameter comprising the Web3.0 account address and a random number; Carrying the anti-attack parameter to finish user identity authentication in the central avatar part system to obtain response data and an authorized party identifier; acquiring a user payment password, and generating an on-chain identifier by combining the response data with the authorizer identifier; User identity authentication is accomplished based on the on-chain identifier.
2. 2. The method of claim 1, wherein carrying the anti-attack parameter completes user identity authentication in the central avatar system to obtain response data, comprising: The centralized identity system redirects the user to an authorization page based on the user identity authentication request, and after the user completes identity authentication, the authorization service obtains an authorization code, wherein the authorization code comprises an application identifier and an anti-attack parameter; The authorization service exchanges an access token for the central avatar system according to the authorization code; the centralized identity system returns response data containing the access token to the user.
3. 3. The method of claim 1, wherein the response data comprises an application identifier; The obtaining the user payment password, combining the response data and the authorizer identifier to generate an in-chain identifier, comprises the following steps: acquiring a user payment password; Connecting a user payment password, a user global unique identifier, an application identifier and an authorizer identifier; And obtaining the identifier on the chain by calculating the hash value of the connection result.
4. 4. The method of claim 1, wherein in initializing an authentication flow, user identity authentication is completed based on the on-chain identifier, comprising: encapsulating the execution operation information, the zero knowledge proof, the public input, the on-chain identifier and the web3.0 account address into UserOperation structures, and signing the UserOperation structures by using a random private key; The node Bundler verifies the legality of the UserOperation structure, wherein the legality comprises the legality of a UserOperation structure signature and the legality of a validity period; Bundler the node packages the at least one UserOperation structure into a single transaction that is submitted to the portal contract; The portal contract checks whether there is a wallet address associated with the on-chain identifier based on the mapping data structure; In the presence of a wallet address associated with an on-chain identifier, the portal contract encapsulates the UserOperation structure as a transaction request and directs the transmission to the corresponding wallet contract address through a cross-contract invocation mechanism; The wallet contract verifies zero knowledge proof validity in combination with public input to confirm that the user who initiated execution of the operation information is the same user as the user who completes user identity authentication in the central avatar system.
5. 5. The method of claim 4, wherein the response data comprises an authorization credential, an authorization token, a refresh token, an authorization response signature, a user globally unique identifier, an application identifier, an authorization start time, an authorization validity period, and a refresh token validity period; the generating public input and zero knowledge proof based on the web3.0 account address, the anti-attack parameter, the response data, the authorizer identifier and the on-chain identifier comprises: Generating public input based on the authorizer identifier, the authorization credential, the on-chain identifier, the current time, and the web3.0 account address; Extracting an authorization token, a refreshing token, an authorization response signature, a user global unique identifier, an application identifier, an authorization start time, an authorization validity period and a refreshing token validity period from response data, and constructing a secret witness by combining the current time, a user payment password, an anti-attack parameter and a random number; And generating zero knowledge proof meeting constraints according to the public input and the secret witness, wherein the constraints comprise signature verification constraints, token timeliness constraints, identity consistency constraints and external account verification constraints.
6. 6. The method of claim 4, wherein in the absence of a wallet address associated with an on-chain identifier, the method further comprises: Generating a new money inclusion contract instance by invoking contract deployment interface DeployWallet of the underlying blockchain; binding the address of the new money inclusion about instance with the identifier on the chain and then writing the new money inclusion about instance into a mapping data structure; the owner rights to the wallet are given to the web3.0 account address by built-in function SetOwner.
7. 7. The method of claim 1, wherein in the private key update flow, user identity authentication is performed based on the on-chain identifier, comprising: generating a new Web3.0 account address based on the new random private key, and constructing a new anti-attack parameter containing the new Web3.0 account address and the random number; carrying new anti-attack parameters to finish user identity authentication in a central avatar system to obtain new response data and an authorizer identifier; generating public input and zero knowledge proof based on a Web3.0 account address, anti-attack parameters, new response data, an authorizer identifier, an authorization credential and an on-chain identifier, wherein the response data comprises a user global unique identifier, and the authorization credential is generated by a client executing a signature operation on the user global unique identifier and an authorization initiation time by using a new random private key; Packaging the on-chain identifier, the new zero knowledge proof, the new public input, the new web3.0 account address and the execution operation information into a UserOperation structure, and signing the UserOperation structure by using a new random private key; The node Bundler verifies the legality of the UserOperation structure, wherein the legality comprises the legality of a UserOperation structure signature and the legality of a validity period; Bundler the node packages the at least one UserOperation structure into a single transaction that is submitted to the portal contract; The portal contract obtains a wallet address corresponding to the identifier on the chain based on the mapping data structure; Invoking CheckOwner a function to check if the new web3.0 account address is the purse owner; And under the condition that the new Web3.0 account address is a wallet owner, carrying out zero knowledge proof verification on the new zero knowledge proof by combining with the new public input, and calling a UpdateOwner method of the target wallet contract when the new zero knowledge proof verification passes, and writing the new Web3.0 account address into a storage layer of the wallet contract.
8. 8. The method of claim 1, wherein in the payment credential update procedure, user identity authentication is accomplished based on the on-chain identifier, comprising: Generating a public input and zero knowledge proof based on the web3.0 account address, the anti-attack parameters, the response data, the authorizer identifier, the authorization credential, and the in-chain identifier; Generating a new on-chain identifier based on the new user payment password, response data and the authorizer identifier, and generating a new public input and a new zero knowledge proof based on the web3.0 account address, the anti-attack parameter, the response data, the authorizer identifier, the authorization credential and the new on-chain identifier; packaging Web3.0 account address, on-chain identifier, public input, zero knowledge proof, new on-chain identifier, new zero knowledge proof, new public input and execution operation information into UserOperation structures, and signing the UserOperation structures by using a random private key; The node Bundler verifies the legality of the UserOperation structure, wherein the legality comprises the legality of a UserOperation structure signature and the legality of a validity period; Bundler the node packages the at least one UserOperation structure into a single transaction that is submitted to the portal contract; The portal contract obtains a wallet address corresponding to the identifier on the chain based on the mapping data structure; Invoking CheckOwner a function to check if the web3.0 account address is the purse owner; in the case where the new web3.0 account address is the purse owner, performing zero knowledge proof verification on the new zero knowledge proof in combination with the new public input; After the new zero knowledge proof passes the verification, the portal contract call RemoveKey function deletes the entry corresponding to the identifier on the chain from the mapping data structure, establishes the binding relation between the identifier on the new chain and the wallet address, and writes the binding relation into the mapping data structure.
9. 9. The method of claim 1, wherein in the transaction signature process, user identity authentication is accomplished based on the on-chain identifier, comprising: encapsulating the on-chain identifier, web3.0 account address and execution operation information into a UserOperation structure, and signing the UserOperation structure by using a random private key; The node Bundler verifies the legality of the UserOperation structure, wherein the legality comprises the legality of a UserOperation structure signature and the legality of a validity period; Bundler the node packages the at least one UserOperation structure into a single transaction that is submitted to the portal contract; The portal contract obtains a wallet address corresponding to the identifier on the chain based on the mapping data structure; Invoking CheckOwner a function to check if the web3.0 account address is the purse owner; In the case where the new web3.0 account address is the wallet owner, the portal contract encapsulates the UserOperation structure as a transaction request and directs the sending to the corresponding wallet contract address through a cross-contract invocation mechanism; The wallet contract executes the transaction operation in UserOperation structure and returns the execution result to the user side.
10. 10. A web3.0-oriented under-privacy chain identity authentication system, the system comprising: The initialization module generates a random private key and a Web3.0 account address corresponding to the random private key, and constructs an anti-attack parameter comprising the Web3.0 account address and a random number; The data acquisition module is used for carrying the anti-attack parameters to finish user identity authentication in the central avatar system to obtain response data and an authorized party identifier; The on-chain identifier generation module is used for acquiring a user payment password and generating an on-chain identifier by combining the response data with the authorizer identifier; and the identity authentication module is used for completing user identity authentication based on the on-chain identifier.

Description

Web3.0-oriented identity authentication method and system under privacy chain Technical Field The invention relates to the technical field of blockchain, in particular to a Web3.0-oriented identity authentication method and system under a privacy chain. Background With the rapid development of blockchain technology, web3.0 is remodelling trust mechanisms and value exchange patterns of digital society as a next generation internet architecture. The core idea is to realize the complete control of the data, the identity and the assets by the user through the decentralised technical architecture. However, current web3.0 ecology still faces significant challenges in terms of privacy protection and seamless engagement of in-chain identity authentication. Traditional web2.0 authentication approaches rely on a centralized identity management system, while blockchain and web3.0 emphasize decentralization and privacy preservation. Therefore, how to realize effective docking of web2.0 identity authentication and web3.0 identity authentication, and simultaneously ensure that user privacy is not revealed is a technical problem to be solved currently. While the prior art provides on-chain identity authentication (e.g., de-centralized identity DID), linking on-chain identities to off-chain data still faces the risk of privacy disclosure. In addition, the blockchain technology still faces the problems of low verification efficiency, poor cross-chain compatibility, insufficient reliability of data under the chain and the like in the aspects of identity authentication under the chain and privacy protection, and the large-scale application of the Web3.0 technology is severely limited. In terms of on-chain authentication mechanisms, existing research has mainly surrounded signature algorithm-based authentication mechanisms, biometric-based authentication mechanisms, and de-centralized identity (DID) techniques. The verification mechanism based on the signature algorithm has the bottlenecks of large calculation overhead, complex recovery protocol and the like, the verification mechanism based on the biological characteristics is limited by the popularity and privacy disputes of biological data acquisition equipment, and the DID technology becomes the focus of digital identity evolution by virtue of the characteristics of autonomous control, cross-platform interoperability and the like of users, but still faces the key recovery problem and management complexity. In the field of chain up-link and down-link identity intercommunication, the prior research is in an initial exploration stage, and mainly focuses on two technical paths of block chain address mapping and address abstraction. The block chain address mapping scheme establishes the association relation between the Web2 identity and the on-chain address through encryption certificates or zero knowledge proof, but the scheme has a common static mapping risk, namely the fixed binding relation is easy to be reversely deduced by on-chain transaction map analysis, so that the identity privacy is revealed. The address abstraction scheme avoids direct mapping by introducing an intermediate layer identity expression mechanism, but still has the problems of poor cross-chain compatibility and low efficiency. Therefore, there is an urgent need in the art for an innovative solution that can not only implement identity security authentication under a chain, but also ensure that user privacy is not compromised. Disclosure of Invention The invention aims to solve the technical problems of insufficient privacy protection, chain up-chain and down-chain identity splitting, low authentication efficiency and the like in the existing blockchain identity authentication system, and provides a Web3.0-oriented privacy chain identity authentication method and system. The system realizes the safe, efficient and privacy-preserving seamless connection of the Web2.0 identity and the Web3.0 blockchain identity through an innovative technical architecture. In order to achieve the above object, the technical scheme of the present invention includes the following. A Web3.0-oriented identity authentication method under a privacy chain comprises the following steps: generating a random private key and a Web3.0 account address corresponding to the random private key, and constructing an anti-attack parameter comprising the Web3.0 account address and a random number; Carrying the anti-attack parameter to finish user identity authentication in the central avatar part system to obtain response data and an authorized party identifier; acquiring a user payment password, and generating an on-chain identifier by combining the response data with the authorizer identifier; User identity authentication is accomplished based on the on-chain identifier. Further, carrying the anti-attack parameter to complete user identity authentication in the central avatar system to obtain response data, including: The centralized ident