XAuth: Efficient Privacy-Preserving Cross-Domain Authentication

Abstract

It is well known that each Public Key Infrastructure (PKI) system forms a closed security domain and only recognizes certificates in its own domain (such as medical systems, financial systems, and 5G networks). When users need to access services in other domains, their identities often cannot be recognized or PKI systems require extremely complex operations to authenticate the users’ identities. This is the cross-domain authentication problem. The distributed consensus feature of blockchain provides a technical approach to solve this problem. However, there are some unresolved problems in existing blockchain-based schemes. On one hand, due to the low throughput of blockchain systems, the response speed may be insufferable when the number of cross-domain authentication requirements becomes enormous. On the other hand, these schemes insufficiently consider the privacy risk in the cross-domain scenario. In this article, we propose an efficient privacy-preserving cross-domain authentication scheme called XAuth that is integrated naturally with the existing PKI and Certificate Transparency (CT) systems. Specifically, we design a lightweight correctness verification protocol based on Multiple Merkle Hash Tree for rapid response. To protect users’ privacy, we present an anonymous authentication protocol for cross-domain authentication. The security analysis and experimental results demonstrate that XAuth is secure and efficient.