<p>The advent of Decentralized Identity (DID) technology is fundamentally changing the way digital identity is managed, allowing user-controlled, privacy-preserving authentication across trust domains a fundamental requirement if zero trust architectures are to be realized, in which continuous verification and least-privilege access are inherent properties. Under traditional ABS (attribute-based signature) schemes, these are difficult to achieve as fine-grained access control is not always possible in practice and anonymity may not be straightforward when policy is evolving dynamically and different authorities may be involved. In this paper, we present a new multi-authority attribute ring signature scheme, which leverages DID philosophy and anonymous credential techniques, enabling users to mix attributes dynamically according to the policies of veriers without disclosing their pseudonyms or partial attributes. The proposed scheme enables distributed key generation by multiple authorities and is shown to be secure in the random oracle model, achieving existential unforgeability against adaptive chosen-message, identity, and attribute attacks (EUF-CMIAA) as well as full signer and attribute anonymity. Based on the SM9 cryptographic standard, our approach reduces the number of <InlineEquation ID="IEq1"> <EquationSource Format="TEX">\(\mathbb {G}_T\)</EquationSource> </InlineEquation> exponentiations and scalar multiplications during signing by approximately 30% compared to existing ring signatures, offering a practical and efficient authentication solution for emerging DID-driven zero-trust networks.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A multi-authority attribute ring signature supporting dynamic policies and dual anonymity for zero-trust networks

  • Jinhong Chen,
  • Xueguang Zhou,
  • Wei Fu,
  • Yihuan Mao,
  • Jiaqi Wang

摘要

The advent of Decentralized Identity (DID) technology is fundamentally changing the way digital identity is managed, allowing user-controlled, privacy-preserving authentication across trust domains a fundamental requirement if zero trust architectures are to be realized, in which continuous verification and least-privilege access are inherent properties. Under traditional ABS (attribute-based signature) schemes, these are difficult to achieve as fine-grained access control is not always possible in practice and anonymity may not be straightforward when policy is evolving dynamically and different authorities may be involved. In this paper, we present a new multi-authority attribute ring signature scheme, which leverages DID philosophy and anonymous credential techniques, enabling users to mix attributes dynamically according to the policies of veriers without disclosing their pseudonyms or partial attributes. The proposed scheme enables distributed key generation by multiple authorities and is shown to be secure in the random oracle model, achieving existential unforgeability against adaptive chosen-message, identity, and attribute attacks (EUF-CMIAA) as well as full signer and attribute anonymity. Based on the SM9 cryptographic standard, our approach reduces the number of \(\mathbb {G}_T\) exponentiations and scalar multiplications during signing by approximately 30% compared to existing ring signatures, offering a practical and efficient authentication solution for emerging DID-driven zero-trust networks.