Research on Blockchain-Based Privacy Preservation and Digital Authentication

doi:10.3969/j.issn.1671-1122.2025.04.012

Abstract

Abstract:

Public Key Infrastructure Certificate Authority (PKI-CA) is a framework used to manage digital certificates and public-private key pairs. Traditional PKI-CA systems, due to their centralized management nature, faced risks of single points of failure and security vulnerabilities. To address these issues, this paper designed a decentralized PKI-CA system based on blockchain smart contracts, where certificate addition, deletion, modification and querying were achieved through smart contracts. Each node assumed the role of a Certificate Authority (CA) or Registration Authority (RA). To improve efficiency, the system adopted a certificate indexing algorithm based on IPFS, using Content Identifiers (CID) for fast certificate retrieval. Considering the transparency of blockchain, the system incorporated China’s cryptographic algorithm and fully homomorphic encryption to encrypt sensitive data, ensuring the identity and privacy of certificate holders. Testing results showed that the system could handle 50 operations per second, with the issuance of 100 certificates taking only 2.39 seconds, demonstrating better performance and security compared to traditional PKI-CA systems. Security analysis results showed that the China commercial cryptographic algorithm and full homomorphic encryption technology adopted by the system effectively protect the system’s key data and sensitive information. The decentralization and consensus mechanism in the blockchain enhance the system’s anti-attack capability and effectively prevent the malicious generation and forgery of certificates.

Key words: blockchain, smart contracts, certificate authority, IPFS

CLC Number:

TP309

YANG Yatao, DING Yucheng, LIU Peihe, SANG Peng. Research on Blockchain-Based Privacy Preservation and Digital Authentication[J]. Netinfo Security, 2025, 25(4): 640-653.

Figures/Tables 11

References 35

[1]	NAKAMOTO S. Bitcoin: A Peer-To-Peer Electronic Cash System[EB/OL]. (2008-10-31)[2024-09-06]. https://bitcoin.org/bitcoin.pdf.
[2]	TEWARI H. Blockchain Research Beyond Cryptocurrencies[J]. IEEE Communications Standards Magazine, 2019, 3(4): 21-25.
[3]	XIAO Ling, LI Zhitang. Public Key Infrastructure (PKI) Architecture[J]. Computer Engineering and Applications, 2002, 38(10): 137-139.
	肖凌, 李之棠. 公开密钥基础设施(PKI)结构[J]. 计算机工程与应用, 2002, 38(10):137-139.
[4]	LIN Jingqiang, JIN Jiwu, ZHANG Qionglu, et al. Recent Research on PKI Technology: A Review[J]. Journal of Cryptography, 2015, 2(6): 487-496.
	林璟锵, 荆继武, 张琼露, 等. PKI技术的近年研究综述[J]. 密码学报, 2015, 2(6):487-496. doi: 10.13868/j.cnki.jcr.000095
[5]	YANG Yatao, LIU Deli, LIU Peihe, et al. BFV-Blockchainvoting: A Blockchain-Based Electronic Voting System Supporting BFV Fully Homomorphic Encryption[J]. Journal on Communications, 2022, 43(9): 100-111. doi: 10.11959/j.issn.1000-436x.2022172
	杨亚涛, 刘德莉, 刘培鹤, 等. BFV-Blockchainvoting:支持BFV全同态加密的区块链电子投票系统[J]. 通信学报, 2022, 43(9):100-111. doi: 10.11959/j.issn.1000-436x.2022172
[6]	YANG Yatao, LIN Tianxiang, CHENG Jianyuan. Design of Fully Homomorphic Encryption Smart Contracts Under Edge Computing Model[J]. Journal of Information Security, 2022, 7(2): 150-162.
	杨亚涛, 林天祥, 陈剑源. 边缘计算模式下全同态加密智能合约设计[J]. 信息安全学报, 2022, 7(2):150-162.
[7]	NASRULIN B, DE V M, ISHMAEV G, et al. Gromit: Benchmarking the Performance and Scalability of Blockchain Systems[C]// IEEE. 2022 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS). New York: IEEE, 2022: 56-63.
[8]	CHIU W Y, MENG Weizhi, JENSEN C D. ChainPKI-Towards Ethash-Based Decentralized PKI with Privacy Enhancement[C]// IEEE. 2021 IEEE Conference on Dependable and Secure Computing(DSC). New York: IEEE, 2021: 1-8.
[9]	BERBECARU D G, LIOY A. An Evaluation of X. 509 Certificate Revocation and Related Privacy Issues in the Web PKI Ecosystem[J]. IEEE Access, 2023, 11: 79156-79175.
[10]	FROMKNECHT C, VELICANU D, YAKOUBOV S. Certcoin: A Namecoin Based Decentralized Authentication System[EB/OL]. (2014-05-14)[2024-09-06]. https://courses.csail.mit.edu/6.857/2014/files/19-fromknecht-velicann-yakoubov-certcoin.pdf?source=post_page.
[11]	ZOU Bangqi, ZHAO Gansen, TANG Hua, et al. Archiveschain: Distributed PKI Archives System[C]// IEEE. 2021 4th International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE). New York: IEEE, 2021: 1009-1013.
[12]	FAN Wenjun, CHANG S, KUMAR S, et al. Blockchain-Based Secure Coordination for Distributed SDN Control Plane[C]// IEEE. 2021 IEEE 7th International Conference on Network Softwarization (NetSoft). New York: IEEE, 2021: 253-257.
[13]	OBIRI I A, YANG Jian, GAO Jun, et al. A Sovereign PKI for IoT Devices Based on the Blockchain Technology[C]// IEEE. 2021 18th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP). New York: IEEE, 2021: 110-115.
[14]	SUZUKI N, YOSHIOKA T, HASEGAWA A, et al. Implementation and Evaluation of Spectrum Sharing Technology Using Smart Contracts[C]// IEEE. 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC). New York: IEEE, 2022: 922-928.
[15]	GUPTA N, NEGI S, RAWAT K, et al. Decentralized and Permission-Aware Blockchain for Certificate Security: An Exploratory Analysis[C]// IEEE. 2024 2nd International Conference on Sustainable Computing and Smart Systems (ICSCSS). New York: IEEE, 2024: 558-562.
[16]	DASH S P, JENA A K. An Efficient Approach for Optimizing the CA Selection Search Space in a Blockchain Network[C]// IEEE. 2024 International Conference on Emerging Systems and Intelligent Computing (ESIC). New York: IEEE, 2024: 685-690.
[17]	WANG Miaomiao, RUI Lanlan, YANG Yang, et al. A Blockchain-Based Multi-CA Cross-Domain Authentication Scheme in Decentralized Autonomous Network[J]. IEEE Transactions on Network and Service Management, 2022, 19(3): 2664-2676.
[18]	MOUSSAOUI D, KADRI B, FEHAM M, et al. A Distributed Blockchain Based PKI (BCPKI)Architecture to Enhance Privacy in VANET[C]// IEEE. 2020 2nd International Workshop on Human-Centric Smart Environments for Health and Well-Being (IHSH). New York: IEEE, 2021: 75-79.
[19]	AGURU A D, ERUKALA S B, KAVATI I. Smart Contract Based Next-Generation Public KeyInfrastructure (PKI) Using Permissionless Blockchain[C]// Springer. Hybrid Intelligent Systems (HIS). International Conference on Hybrid Intelligent Systems(HIS). Heidelberg: Springer, 2022: 625-635.
[20]	TRAN E, SEN S, ERGUN T. A Semi-Decentralized PKI Based on Blockchain with a Stake-Based Reward-Punishment Mechanism[J]. IEEE Access, 2024, 12: 60705-60721.
[21]	GARBA A, HU Qinwen, CHEN Zhong, et al. BB-PKI: Blockchain-Based Public Key Infrastructure Certificate Management[C]// IEEE. 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City(HPCC/SmartCity/DSS). New York: IEEE, 2020: 824-829.
[22]	GARBA A, CHEN Zhong, GUAN Zhi, et al. Lightledger: A Novel Blockchain-Based Domain Certificate Authentication and Validation Scheme[J]. IEEE Transactions on Network Science and Engineering, 2021, 8(2): 1698-1710.
[23]	RASHID A, MASOOD A, ABBAS H, et al. Blockchain-Based Public Key Infrastructure: A Transparent Digital Certification Mechanism for Secure Communication[J]. IEEE Network, 2021, 35(5): 220-225.
[24]	WANG Ze, LIN Jinqiang, CAI Quanwei, et al. Blockchain-Based Certificate Transparency and Revocation Transparency[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 19(1): 681-697.
[25]	PENNINO D, PIZZONIA M, VITALETTI A, et al. Efficient Certification of Endpoint Control on Blockchain[J]. IEEE Access, 2021, 9(1): 133309-133334.
[26]	KUBILAY M, KIRAZ M S, MANTAR H. CERTLEDGER: A New PKI Model With Certificate Transparency Based on Blockchain[J]. Computers & Security, 2019, 85(1): 333-352.
[27]	CHEN Jing, YAO Shixiong, YUAN Quan, et al. CertChain: Public and Efficient Certificate Audit Based on Blockchain for TLS Connections[C]// IEEE. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications(IEEE INFOCOM 2018). New York: IEEE, 2018: 2060-2068.
[28]	KHAN S, ZHANG Zijian J, ZHU Liehuang, et al. SCM: Secure and Accountable TLS Certificate Management[EB/OL]. (2020-07-31)[2024-09-24]. https://onlinelibrary.wiley.com/doi/full/10.1002/dac.4503.
[29]	YE H, PARK S. Reliable Vehicle Data Storage Using Blockchain and IPFS[J]. Electronics, 2021, 10(10): 1130-1145.
[30]	CHEN Yongle, LI Hui, LI Kejiao, et al. An Improved P2P File System Scheme Based on IPFS and Blockchain[C]// IEEE. 2017 IEEE International Conference on Big Data (Big Data). New York: IEEE, 2017: 2652-2657.
[31]	FAN Junfeng, VERCAUTEREN F. Somewhat Practical Fully Homomorphic Encryption[EB/OL]. (2012-03-22) [2024-09-24]. https://eprint.iacr.org/2012/144.
[32]	BRAKERSKI Z, VAIKUNTANATHAN V. Efficient Fully Homomorphic Encryption from (Standard) LWE[EB/OL]. (2011-08-04) [2024-09-24]. https://eprint.iacr.org/2011/344.
[33]	QIN Bo, HUANG Jikun, WANG Qin, et al. Cecoin: A Decentralized PKI Mitigating MitM Attacks[J]. Future Generation Computer Systems, 2017,107:805-815.
[34]	DYKCIK L, CHUAT L, SZALACHOWSKI P, et al. BlockPKI:An Automated, Resilient, and Transparent Public-Key Infrastructure[C]// IEEE. 2018 IEEE International Conference on Data Mining Workshops (ICDMW). New York: IEEE, 2018:105-114.
[35]	WANG Rong, HE Juan, LIU Can, et al. A Privacy-Aware PKI System Based on Permissioned Blockchains[C]// IEEE. 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS). New York: IEEE, 2018: 928-931.

区块链类型	应用	节能	智能合约执行环境	编程语言	货币	共识算法
比特币	加密货币	否	比特币虚拟机（BVM）	脚本语言	BTC	POW
以太坊	应用平台	否	比特币虚拟机（BVM）	Solidity	Ether	POW
超级账本	应用平台	是	Docker	Golang	无	Raft

PKI-CA系统	交易吞吐量/tps	是否消耗数字货币
基于比特币^[33]的PKI-CA	7	是
基于以太坊^[34]的PKI-CA	20	是
本文提出的PKI-CA	50	否

测试功能	测试次数/次	消耗时间/s	是否出现异常
证书创建	100	2.39	否
证书查询	100	1.27	否
证书延期	100	1.55	否
证书撤销	100	219.00	否

系统类型	功能
系统类型	证书注册	证书更新	证书延期	证书撤销	单点故障	证书透明
传统PKI-CA	√	√	√	√	×	×
Authcoin	√	×	√	×	×	√
IKP	√	×	√	×	√	√
本文方案	√	√	√	√	√	√