Jiayue Zhou,Jianan Hong,Chengchen Zhu,Futai Zou,Cunqing Hua

DOI: https://doi.org/10.1109/icnc59896.2024.10556332

2024-01-01

Abstract:Blockchain technology has emerged as a popular research topic, particularly in the area of identity management, which provides with a decentralized ID system due to its inherent distributed architecture. This paper focuses on the security issues for vehicular ad-hoc networks (VANETs), where there exists significant obstacles to deploy blockchain-based identity manage-ment system. The idea of lightweight node seems to address such issues, as it provides a local transaction query method. However, it cannot directly suit the complex identity management scenario, as malicious revoked users can successfully exploit spoofing attacks to mislead the lightweight nodes. This paper therefore proposes a new blockchain-enabled identity management scheme for VANET system, which realizes extremely short-latency identity verification with the idea lightweight node. Especially, to achieve trustful revocation for lightweight node, we leverage the mechanism of redactable blockchain with chameleon hash, as well our tailored security protocols. The proposed scheme offers a highly secure, distributed and low-cost identity management system. The experimental result shows our advantage in terms of functionality and efficiency.

Biao Ma,Haifeng Qian

DOI: https://doi.org/10.1007/s12083-024-01866-w

IF: 3.488

2024-11-28

Peer-to-Peer Networking and Applications

Abstract:Traditional identity management solutions currently encounter numerous challenges. (1) These solutions store user information in centralized databases, thereby exposing them to potential risks such as single points of failure and privacy breaches. (2) The lack of data compatibility between various applications leads to escalated communication expenses. (3) While existing solutions strive to tackle these challenges through blockchain, tracking malicious users often proves to be challenging. Moreover, due to the full-replication strategies of the blockchain, the storage overhead becomes excessive. To address these challenges, this paper introduces a scalable identity management scheme utilizing blockchain technology, with the primary goal of enhancing identity protection and traceability. We also integrate blockchain technology with Reed-Solomon (RS) encoding and Certificateless Aggregate Signature (CLAS) to safeguard user information, with each node specifically storing a portion of the encoded data block. In contrast to traditional identity management solutions. (1) Our approach tackles the single point of failure problem by blockchain. Simultaneously, it ensures the security of identity and the ability to track malicious users. Users need only upload information once to access different applications without maintaining multiple sets of account passwords. (2) Furthermore, compared to the traditional blockchain full replication strategy, our method significantly reduces storage overhead from O ( n ) to O (1), greatly improving scalability. Meanwhile, we eliminate time for block searches, accelerating the processes of authentication and information traceability. (3) Our scheme employs CLAS to verify data integrity, ensuring the reliability of received data. In the real world, our solution demonstrates high availability and scalability, with performance analysis and experimental evaluation providing relevant data for validation.

computer science, information systems,telecommunications

Zhiming Song,Enhua Yan,Junrong Song,Rong Jiang,Yimin Yu,Taowei Chen

DOI: https://doi.org/10.1007/s13369-024-09178-0

IF: 2.807

2024-06-06

Arabian Journal for Science and Engineering

Abstract:The blockchain-based digital identity system (BDIS) has emerged as a promising alternative to centralized digital identity systems. While BDISs offer numerous advantages such as decentralization and enhanced security, traditional implementations still exhibit weaknesses in ensuring identity authenticity, controllability, and auditability while maintaining privacy. This paper aims to address these challenges by proposing novel approaches. It separates the functions of verifying physical identity and issuing digital credentials into two distinct roles: the identity verifier and the credential provider, employing linkable ring signatures to obscure the verifier's identity and significantly mitigate the risk of identity information leakage—a common issue in traditional schemes where a single entity performs both tasks. Additionally, this paper addresses the overlooked aspect of identity controllability in traditional schemes, especially proactive and passive revocation with privacy in mind, by integrating cryptographic commitments, zero-knowledge proofs, PS randomized signatures, cryptographic accumulators, and AES encryption. This approach ensures privacy while enabling both types of revocation. Furthermore, it tackles the neglected auditability of identity privacy in traditional schemes by combining linkable ring signatures with smart contract events and other technologies, ensuring auditable privacy protection. Fourth, a blockchain smart contract is utilized to manage system parameters and implement on-chain verification of privacy-protected identities, ensuring cross-platform capability, transparent verification, and resilience against single-point failures. A use case is provided, evaluating the system's performance. Comparative analysis and security discussions suggest that the proposed system rectifies deficiencies in current BDISs and offers improved applicability, execution performance, and security.

multidisciplinary sciences

Jing He,Xiaofeng MA,Dawei Zhang,Feng Peng

DOI: https://doi.org/10.1051/sands/2024013

2024-10-16

Security and Safety

Abstract:Decentralized identity represents an innovative approach based on blockchain to achieve effective identity management. This method utilizes decentralized identifiers and verifiable credential to enable trusted authentication, free circulation of identity information, and self-sovereign control over identity data functionalities. The current decentralized identity systems rely on entirely anonymous identifiers, lacking robust identity regulation. Furthermore, they face challenges such as identity attribute leakage during verifiable credential presentation and the issuers' struggle to reliably revoke credentials. To address these issues, efficient and practical schemes have been designed based on BBS signature, zero-knowledge proof, dynamic accumulator and blockchain technology: one for decentralized identifiers management and the other for verifiable credential privacy protection, both of which are supervised and revocable. The former ensures the privacy of subject identity while achieving regulatability and revocability of identity data by regulator. The latter facilitates selective disclosure of anonymous credentials and reliable revocation. A security analysis shows that the proposed scheme meets anonymity, non-forgeability, regulatory reliability, and revocability reliability, and offers comprehensive and effective privacy protection measures. The experimental results demonstrate that the algorithms designed operate at a millisecond level, which satisfies the demands of blockchain identity management scenarios.

Jie Xu,Kaiping Xue,Hangyu Tian,Jianan Hong,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tvt.2020.2986041

IF: 6.8

2020-01-01

IEEE Transactions on Vehicular Technology

Abstract:More and more users are eager to obtain more comprehensive network services without revealing their private information. Traditionally, in order to access a network, a user is authorized with an identity and corresponding keys, which are generated and managed by the network operator. All users' personally identifying information are centralized stored by the network operator. However, this approach makes users lose the control of their personally identifying information. Users are concerned about who can access these sensitive data and whether they have been compromised. In this paper, we propose a blockchain-based identity management and authentication scheme for mobile networks, where users' identifying information are controlled by the users themselves. Our scheme let users generate their self-sovereign identities (SSIs) and corresponding public keys and private keys. The private key used to authenticate the user's identifying information is only known to the user. We use blockchain to record SSIs and public keys of legitimate user, and adopt chameleon hash to delete illegal users' information on the blockchain, while keeping the block head unchanged. Furthermore, other service providers can obtain the user's SSI and public key and authenticate users by querying the blockchain. Experimental results confirm that our scheme can greatly reduce the revocation overhead and communication overhead.

Li Zhiji,Zhiji Li

DOI: https://doi.org/10.4236/jis.2022.132003

2022-01-01

Journal of Information Security

Abstract:Decentralized identity authentication is generally based on blockchain, with the protection of user privacy as the core appeal. But traditional decentralized credential system requires users to show all the information of the entire credential to the verifier, resulting in unnecessary overexposure of personal information. From the perspective of user privacy, this paper proposed a verifiable credential scheme with selective disclosure based on BLS (Bohen- Lynn-Shacham) aggregate signature. Instead of signing the credentials, we sign the claims in the credentials. When the user needs to present the credential to verifier, the user can select a part of but not all claims to be presented. To reduce the number of signatures of claims after selective disclosure, BLS aggregate signature is achieved to aggregate signatures of claims into one signature. In addition, our scheme also supports the aggregation of credentials from different users. As a result, verifier only needs to verify one signature in the credential to achieve the purpose of batch verification of credentials. We analyze the security of our aggregate signature scheme, which can effectively resist aggregate signature forgery attack and credential theft attack. The simulation results show that our selective disclosure scheme based on BLS aggregate signature is acceptable in terms of verification efficiency, and can reduce the storage cost and communication overhead. As a result, our scheme is suitable for blockchain, which is strict on bandwidth and storage overhead.

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.ins.2020.12.035

IF: 8.1

2021-01-01

Information Sciences

Abstract:Attribute-based encryption (ABE) is considered to be one of the most suitable schemes for cryptographic access control in the big data environment. But it still faces many challenges to be applied in the Internet of Things (IoT). ABE is implemented based on bilinear pairing, which is considered to be an expensive operation. However, there are lots of IoT devices with constrained resources. Proxy re-encryption methods based on the cloud are proposed to reduce computing overhead on the user side, but an untrusted cloud may give incorrect computing results to mislead users. To solve this problem, an access control scheme with lightweight decryption based on ABE and blockchain technologies is proposed. We assume that the cloud is untrusted, and guarantee the accuracy of proxy re-encryption calculation based on blockchain. In addition, how to encourage users to obtain authorization through blockchain and record access behavior on the blockchain is a problem worthy of attention. This paper proposes a user credibility incentive mechanism, which calculates the user's credibility according to the user's access behavior and gives a reputation score, so as to dynamically adjust the endorsement protocol. Security analysis and experimental results show that the proposed method is reliable and efficient. (C) 2020 Elsevier Inc. All rights reserved.

Fengqi Li,Hui Xu,Qingqing Song,Lupeng Zhang,Xuefeng Du,Ning Tong,Deguang Wang

DOI: https://doi.org/10.1109/jiot.2023.3308725

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Although combining the Internet of Things (IoT) and industrial scenarios has brought about a technological revolution, it has also caused equipment security issues. Due to the characteristics of Industrial Internet of Things (IIoT) devices with a wide distribution, complex application scenarios, considerable differences in node performance, and device heterogeneity, spoofing attacks and third-party attacks are common. Identity authentication for IIoT devices can solve this dilemma. However, most existing authentication technologies involve a trade-off between traditional centralised certificate issuance and sacrificing device storage resources, resulting in lower efficiency of IIoT device authentication, and the process is complicated. Therefore, ensuring the security and trustworthiness of device identities in the IIoT is imminent. In this paper, we propose an IIoT device authentication scheme based on an editable blockchain, that can solve the problem of the device’s low energy while satisfying the useage needs of large-scale scenarios. In particular, we created a suite of secure, efficient, and innovative technical solutions for this protocol. Firstly, to solve the problem of the authentication difficulty between industrial devices, we propose a lightweight identity authentication protocol called BLMA. Moreover, we propose the vPBFT algorithm and introduce the online and offline signature algorithm to reduce communication overhead and resource consumption between devices. Finally, considering the top security and dynamics of the IIoT environment, we use the chameleon hash function to build a hash chain of authentication results. Extensive simulation and experimental results demonstrate the reliability of our protocol.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shlok Gilda,Tanvi Jain,Aashish Dhalla

DOI: https://doi.org/10.48550/arXiv.2207.02207

2022-07-06

Abstract:Authentication and authorization of a user's identity are generally done by the service providers or identity providers. However, these centralized systems limit the user's control of their own identity and are prone to massive data leaks due to their centralized nature. We propose a blockchain-based identity management system to authenticate and authorize users using attribute-based access control policies and privacy-preserving algorithms and finally returning the control of a user's identity to the user. Our proposed system would use a private blockchain, which would store the re-certification events and data access and authorization requests for users' identities in a secure, verifiable manner, thus ensuring the integrity of the data. This paper suggests a mechanism to digitize documents such as passports, driving licenses, electricity bills, etc., issued by any government authority or other authority in an immutable and secure manner. The data owners are responsible for authenticating and propagating the users' identities as and when needed using the OpenID Connect protocol to enable single sign-on. We use advanced cryptographic algorithms to provide pseudonyms to the users, thus ensuring their privacy. These algorithms also ensure the auditability of transactions as and when required. Our proposed system helps in mitigating some of the issues in the recent privacy debates. The project finds its applications in citizen transfers, inter-country service providence, banks, ownership transfer, etc. The generic framework can also be extended to a consortium of banks, hospitals, etc.

Cryptography and Security

Jiahe Wang,Songjie Wei,Haozhe Liu

DOI: https://doi.org/10.1007/978-3-030-23404-1_14

2019-01-01

Abstract:To overcome the difficulties in the traditional password-based identity authentication procedure with high security risk and complexity, and to avoid the privacy leaking problems arising from a series of new techniques such as using biometrics as key, this paper proposes a universal solution for decentralized identity authentication by block chain integrated with a trusted execution environment, through a separate hardware to establish a secure area, enabling identity anonymity and avoiding feature disclosure. Smart contract and consensus mechanism are adopted for building trusted identity nodes between decentralized nodes by constructing a traceable identity data structure in blockchain. We conduct formal theoretical and empirical evaluations to show that the proposed can realize user identity registration, cross-platform authentication, and guarantee security in the whole procedure with efficiency and reliability.

Ruibiao Chen,Fangxing Shu,Shuokang Huang,Lei Huang,Huafang Liu,Jin Liu,Kai Lei

DOI: https://doi.org/10.23919/jcin.2021.9387704

2021-01-01

Journal of Communications and Information Networks

Abstract:Reliable identity management and authentication are significant for network security. In recent years, as traditional centralized identity management systems suffer from security and scalability problems, decentralized identity management has received considerable attention in academia and industry. However, with the increasing sharing interaction among each domain, management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore. To solve these problems, we propose BIdM, a decentralized cross- domain identity management system based on blockchain. We design a decentralized identifier (DID) for naming identities based on the consortium blockchain technique. Since the identity subject fully controls the life cycle and ownership of the proposed DID, it can be signed and issued without a central authentication node's intervention. Simultaneously, every node in the system can participate in identity authentication and trust establishment, thereby solving the centralized mechanism's single point of failure problem. To further improve authentication efficiency and protect users' privacy, BIdM introduces a one-way accumulator as an identity data structure, which guarantees the validity of entity identity. We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation. The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.

Xiaodong Ren,Feilong Lin,Zhongyu Chen,Changbing Tang,Zhonglong Zheng,Minglu Li

DOI: https://doi.org/10.1109/msn50589.2020.00031

2020-01-01

Abstract:The abuse of personal identity information is one of the most serious problems worldwide. Most social services or businesses use the identity authorization to confirm their validity and legality and the copies of users’ identity certification are usually recorded by the service providers. It is easy to leak the users’ identity information due to the untrustworthy service provider or single-point security failure, and various social problems are then caused. To deal with such problems, this paper proposes a Blockchain-based Identity Authorization mechanism (BIA). First, an Identity Authorization Module (IAM) is devised, which reads the identity certificate and transform the identity plaintext to ciphertext under the authorization by the user’s identity certificate entity and password. IAM guarantees the security of identity information by keeping its plaintext offline. Second, a Business Contract Module (BCM) is designed, which provides a general smart contract framework for identity authorization that can be adopted by most of social services or businesses. Third, a double-chain blockchain infrastructure is developed, whereby the encrypted identity information and service smart contracts are respectively recorded in the tamper-resistant, non-repudiable, and publicly verifiable way. Finally, a prototype system has been developed to verify the security, feasibility and effectiveness of the proposed BIA.

Mengjuan Zhai,Yanli Ren,Guorui Feng,Xinpeng Zhang

DOI: https://doi.org/10.23919/jcc.2022.06.004

2022-01-01

China Communications

Abstract:With the popularity of the internet,users hope to better protect their privacy while obtaining network services.However,in the traditional central-ized authentication scheme,identity information such as the user's private key is generated,stored,and man-aged by the network operator.Users can't control their identity information,which will lead to a great threat to the privacy of users.Based on redactable blockchain,we propose a fine-grained and fair iden-tity authentication scheme for mobile networks.In our proposed scheme,the user's identity information is generated and controlled by the users.We first propose a notion of score chameleon hash(SCH),which can delete or update the information of illegal users so as to dynamically update the status of users and provide users with more fine-grained and fair services.We propose another notion of self-updating secret shar-ing(SUSS),which allows users to update the trap-door and the corresponding hash key after redacting the blockchain without requiring trusted authority to redistribute the trapdoor.Experimental results show that,compared with the immutable blockchain Bit-coin,the redactable blockchain in our identity authen-tication scheme provides users with fine-grained and fair redacting functions,and can be adopted with a small additional overhead.

Juan A. Berrios Moya

2024-06-17

Abstract:This research introduces the Blockchain Academic Credential Interoperability Protocol (BACIP), designed to significantly enhance the security, privacy, and interoperability of verifying academic credentials globally, addressing the widespread issue of academic fraud. BACIP integrates dual blockchain architecture, smart contracts, and zero-knowledge proofs to offer a scalable and transparent framework aimed at reducing fraud and improving the mobility and opportunities for students and professionals worldwide. The research methodology adopts a mixed-methods approach, involving a rigorous review of pertinent literature and systematic integration of advanced technological components. This includes both qualitative and quantitative analyses that underpin the development of a universally compatible system. Preliminary evaluations suggest that BACIP could enhance verification efficiency and bolster security against tampering and unauthorized access. While the theoretical framework and practical implementations have laid a solid foundation, the protocol's real-world efficacy awaits empirical validation in a production environment. Future research will focus on deploying a prototype, establishing robust validation policies, and defining precise testing parameters. This critical phase is indispensable for a thorough assessment of BACIP's operational robustness and its compliance with international educational standards. This work contributes significantly to the academic field by proposing a robust model for managing and safeguarding academic credentials, thus laying a strong foundation for further innovation in credential verification using blockchain technology.

Cryptography and Security,Computers and Society

Xiushu Jin,Kazumasa Omote

DOI: https://doi.org/10.1371/journal.pone.0310094

IF: 3.7

2024-09-13

PLoS ONE

Abstract:In the development of web applications, the rapid advancement of Internet technologies has brought unprecedented opportunities and increased the demand for user authentication schemes. Before the emergence of blockchain technology, establishing trust between two unfamiliar entities relied on a trusted third party for identity verification. However, the failure or malicious behavior of such a trusted third party could undermine such authentication schemes (e.g., single points of failure, credential leaks). A secure authorization system is another requirement of user authentication schemes, as users must authorize other entities to act on their behalf in some situations. If the transfer of authentication permissions is not adequately restricted, security risks such as unauthorized transfer of permissions to entities may occur. Some research has proposed blockchain-based decentralized user authentication solutions to address these risks and enhance availability and auditability. However, as we know, most proposed schemes that allow users to transfer authentication permissions to other entities require significant gas consumption when deployed and triggered in smart contracts. To address this issue, we proposed an authentication scheme with transferability solely based on hash functions. By combining one-time passwords with Hashcash, the scheme can limit the number of times permissions can be transferred while ensuring security. Furthermore, due to its reliance solely on hash functions, our proposed authentication scheme has an absolute advantage regarding computational complexity and gas consumption in smart contracts. Additionally, we have deployed smart contracts on the Goerli test network and demonstrated the practicality and efficiency of this authentication scheme.

multidisciplinary sciences

Patrick Herbke,Anish Sapkota,Sid Lamichhane

2024-09-20

Abstract:Trust in applications is crucial, especially for fast and efficient hiring processes. Applicants must present credentials that employers can trust without delays or risk of fraudulent information. This paper introduces a framework for managing digital resumé credentials using Decentralized Identifiers and Verifiable Credentials. We propose a framework for the issuance and verification of Verifiable Credentials in real time without intermediaries. We showcase the integration of the European Blockchain Service Infrastructure as a trust anchor. Furthermore, we demonstrate a streamlined application process, reducing verification times and fostering a reliable credentialing ecosystem across various sectors, including recruitment and professional certification.

Cryptography and Security,Networking and Internet Architecture

Xia Feng,Kaiping Cui,Liangmin Wang

DOI: https://doi.org/10.48550/arXiv.2208.14616

2022-08-31

Abstract:Internet of Vehicles(IoV) is increasingly used as a medium to propagate critical information via establishing connections between entities such as vehicles and infrastructures. During message transmission, privacy-preserving authentication is considered as the first line of defence against attackers and malicious information. To achieve a more secure and stable communication environment, ever-increasing numbers of blockchain-based authentication schemes are proposed. At first glance, existing approaches provide robust architectures and achieve transparent authentication. However, in these schemes, verifiers must connect to the blockchain network in advance and accomplish the authentication with smart contracts, which prolongs the latency. To remedy this limit, we propose a privacy-preserving blockchain-based authentication protocol(PBAG), where Root Authority(RA) generates a unique evaluation proof corresponding to the issued certificate for each authorized vehicle. Meanwhile, RA broadcasts a public global commitment based on all valid certificates. Instead of querying certificates stored in the blockchain, the vehicle will be efficiently proved to be an authorized user by utilizing the global commitment through bilinear pairing. Moreover, our scheme can prevent vehicles equipped with invalid certificates from accomplishing the authentication, thus avoiding the time-consuming for checking Certificate Revocation List (CRL). Finally, our scheme provides privacy properties such as anonymity and unlinkability. It allows anonymous authentication based on evaluation proofs and achieves traceability of identity in the event of a dispute. The simulation demonstrates that the average time of verification is 0.36ms under the batch-enabled mechanism, outperforming existing schemes by at least 63.7%.

Cryptography and Security

Ling Xiong,Fagen Li,Shengke Zeng,Tu Peng,Zhicai Liu

DOI: https://doi.org/10.1109/access.2019.2939368

IF: 3.9

2019-01-01

IEEE Access

Abstract:Multi-server authentication technology has become more and more popular with the extensive applications of networks. Although it has brought great convenience to people's life, security becomes a critical issue and attracts lots of attentions in both academia and industry. Over the past two decades, a series of multi-server authentication schemes without communication with the online registration center in each authentication phase using the self-certified public key cryptography have been proposed to enhance security. However, it may cause the single-point failure problem due to the centralized architecture. Besides, user revocation facility is not well resolved in these schemes. To the best of our knowledge, blockchain technology has lots of advantages, bringing a promising solution to the problems of single-point failure and user revocation compared with the traditional cryptography technologies. In this work, we apply the idea of blockchain technology to construct a privacy-awareness authentication scheme for the multi-server environment, which can achieve distributed registry and efficient revocation. Moreover, the proposed scheme not only provides multiple security requirements like mutual authentication, user anonymity and perfect forward secrecy, but also resists various kinds of malicious attacks. The security of the proposed scheme is proved by rigorous formal proof using the random oracle model. Compared with recently related schemes, the proposed scheme has better communication performance, which make it be very suitable for real-life applications.

Deyu Luo,Youchi Zhang,Gang Sun,Hongfang Yu,Dusit Niyato

DOI: https://doi.org/10.1109/jiot.2024.3420719

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the rapid emergence of Internet of Things (IoT) technology, cross-domain collaboration and information sharing among IoT devices have become increasingly critical. However, the security and privacy risks associated with cross-domain communication have also escalated. Establishing efficient and secure authentication mechanisms for cross-domain collaboration among IoT devices remains a complex challenge, particularly in the context of bandwidth-constrained wide-area networks. Most recent cross-domain authentication solutions rely heavily on emerging blockchain technology. However, in bandwidth-constrained scenarios, they may suffer from efficiency losses. Consequently, an effective resolution of cross-domain authentication issues in bandwidth-limited conditions has become a pressing concern. In this article, we introduce an efficient blockchain-assisted cross-domain authentication mechanism, named EBCA, designed for bandwidth-constrained wide area IoT networks. To enhance authentication efficiency, we design a highly efficient multiblockchain architecture, which optimally leverages the underlying network bandwidth, significantly improving throughput and reducing latency for cross-domain authentication. Additionally, threshold signatures are incorporated to minimize communication overhead, further enhancing authentication efficiency. Extensive experiments have been conducted to demonstrate the efficiency of our approach. Our scheme has been shown to increase throughput by approximately 34% when compared to existing methods.

Junhao Lai,Taotao Wang,Shengli Zhang,Qing Yang,Soung Chang Liew

2024-09-26

Abstract:Digital identity plays a vital role in enabling secure access to resources and services in the digital world. Traditional identity authentication methods, such as password-based and biometric authentications, have limitations in terms of security, privacy, and scalability. Decentralized authentication approaches leveraging blockchain technology have emerged as a promising solution. However, existing decentralized authentication methods often rely on indirect identity verification (e.g. using passwords or digital signatures as authentication credentials) and face challenges such as Sybil attacks. In this paper, we propose BioZero, an efficient and privacy-preserving decentralized biometric authentication protocol that can be implemented on open blockchain. BioZero leverages Pedersen commitment and homomorphic computation to protect user biometric privacy while enabling efficient verification. We enhance the protocol with non-interactive homomorphic computation and employ zero-knowledge proofs for secure on-chain verification. The unique aspect of BioZero is that it is fully decentralized and can be executed by blockchain smart contracts in a very efficient way. We analyze the security of BioZero and validate its performance through a prototype implementation. The results demonstrate the effectiveness, efficiency, and security of BioZero in decentralized authentication scenarios. Our work contributes to the advancement of decentralized identity authentication using biometrics.

Cryptography and Security