基于改进PBFT算法的PKI跨域认证方案

为解决现有公钥基础设施跨域认证方案的效率问题,利用具有分布式和不易被篡改优点的区块链技术,提出基于联盟区块链的跨域认证方案。一方面,该方案对联盟链在传统实用拜占庭共识算法(PBFT)的基础上加入了节点动态增减功能;改进了主节点选举方式;将三阶段广播缩减为两阶段广播,减少了通信开销。另一方面,该方案设计了联盟链跨域认证协议,给出了区块链证书格式,描述了跨域认证协议,并进行了安全和效率分析。分析表明,在安全方面,该方案具有抵抗分布式攻击等安全属性;在效率方面,与已有跨域认证方案相比,该方案在计算开销上、通信开销上都有优势。

PKI cross-domain authentication scheme based on advanced PBFT algorithm

In order to solve the efficiency problem of the existing public key infrastructure cross-domain authentication scheme,a cross-domain authentication model based on the consortium blockchain which has the advantages of distributed and difficult to be tamperd with was proposed.On the one hand,the dynamic join and exit function was added to the practical Byzantine fault tolerant (PBFT) algorithm,the primary node election mode was improved,and the three-stage broadcast was reduced to two-stage broadcast for the reducation of communication overhead.On the other hand,the cross-domain authentication system architecture based on consortium chain was designed,the blockchain certificate format and the cross-domain authentication protocol were presented,the security and efficiency were analyzed.The results shows that in term of security,the proposed model has security attributes such as resisting distributed attacks.In terms of performance,the proposed model has advantages in both computational overhead and communication overhead when it was compared with the existing cross-domain authentication schemes.