阅读说明：本技术 跨链场景下异构区块链的身份认证方法 (The identity identifying method of isomery block chain under across chain scene ) 是由 刘景伟 梁天宇 任爱莲 孙蓉 葛建华 于 2019-08-20 设计创作，主要内容包括：本发明公开了一种跨链场景下异构区块链的身份认证方法,其步骤为：1)PKI区块链系统用户节点A与跨链平台进行注册；2)CLC区块链系统用户节点B与跨链平台进行注册；3)PKI区块链系统的用户节点A进行系统认证和密钥协商；4)CLC区块链系统用户节点B进行系统认证和密钥协商；5)PKI区块链系统的用户节点A验证密钥。本发明实现了跨链场景下,架构中采用不同公钥密码体制的区块链系统间的身份认证,继而异构区块链系统双方可以安全地通信,具有流程高效、计算复杂度低和通信开销小的优点。(The invention discloses a kind of identity identifying method of isomery block chain under across chain scene, it the steps include: that 1) PKI block catenary system user node A is registered with across platform chain；2) CLC block catenary system user node B is registered with across platform chain；3) the user node A of PKI block catenary system carries out system authentication and key agreement；4) CLC block catenary system user node B carries out system authentication and key agreement；5) the user node A authentication secret of PKI block catenary system.The present invention realizes under across chain scene, and using the authentication between the block catenary system of different public-key cryptosystems in framework, then isomery block catenary system both sides can safely be communicated, and have the advantages that flow high efficiency, computation complexity are low and communication overhead is small.)

1. the identity identifying method of isomery block chain under a kind of across chain scene, which is characterized in that the area public key cryptography infrastructure PKI User node A in block catenary system and without the user node B in CertPubKey cipher system CLC block catenary system respectively and across chain Platform is registered, and user node A, which is executed, signs close algorithm, and user node B executes solution and signs close algorithm, and both sides complete identity jointly and recognize Card and cipher key agreement process, both sides only carry out once negotiating just to obtain identical session key, and have only used operation in the process Small operation is measured, specific step is as follows for this method:

Step 1, the user node A in PKI block catenary system is registered with across platform chain:

Across platform chain from setOne master key s of middle random selection calculates across platform chain public key P_p=sP, wherein P indicates to add Method cyclic group G₁In a generation member,Expression set 1 ..., q-1 }；

The block catenary system of PKI chooses user node A, using public key cryptography infrastructure key schedule, obtains user's section The private key x of point A_pWith public key PK_p；

User node A is by { ID_p,PK_pMessage is sent to the { ID received across platform chain, across platform chain utilization_p,PK_pMessage, point It Ji Suan not account information Acd, parameter δ, signing messages σ₁, wherein ID_pIndicate the identity of user node A；

Identity account management information { Acd, σ are sent to user node A across platform chain₁,δ}；

User node A verifies Acd=σ₁P-P_pWhether δ is true；If set up, succeed in registration, user node A saves identity account Management information { Acd, σ₁, δ }, and using Acd as oneself mark；Otherwise, registration failure；

Step 2, the user node B in CLC block catenary system is registered with across platform chain:

The block catenary system of CLC chooses user node B, and family node B is by the identity ID of oneself_cIt is sent to across platform chain；

Using part private key generating algorithm, across platform chain calculating intermediate parameters T, cryptographic Hash γ, part private key d, and by message T, D, γ } it is sent to user node B；

User node B verifies e (d × P, P)=e (T, P) × e (P_p, γ × P) it is whether true；If set up, user node B is obtained Complete private key sk_c={ x_c,d}；Otherwise, registration failure；Wherein, e () indicates bilinear map operation, x_cIt indicates from setIn the integer that randomly selects；

Calculate the part public key PK of user node B_c1=x_cP；

User node B will be from intermediate parameters T, the cryptographic Hash γ and part public key PK received across platform chain_c1, it is combined into complete public affairs Key PK_c={ T, PK_c1,γ}；

Across platform chain by identity account management information { Acd, the σ of user node A₁, δ } and public key PK_pIt is sent to user node B；

User node B verifies Acd=σ₁P-P_pWhether δ is true；If so, user node B saves message { Acd, σ₁,PK_p, δ }, and The legal identity of Acd considered as user node A is identified；Otherwise, registration failure；

Step 3, the user node A in PKI block catenary system carries out system authentication and key agreement:

User node A calculates intermediate parameters r, c, R₁、r₁、r₂, after U by intermediate parameters c, R₁、r₁、r₂, U be combined into ciphertext σ=c, R₁,r₁,r₂,U}；

It calculates account and protects information R₂=R₁+Acd；

User node A is by service request information { R₂,σ,t_cIt is sent to user node B, wherein t_cIndicate the service request time；

Step 4, the user node B in CLC block catenary system carries out system authentication and key agreement:

User node B receives message { R₂,σ,t_cAfter, verifying | t_c-t₁Whether |≤Δ t is true；If set up, reception is assert The message arrived is legal, otherwise, authentification failure；Wherein, t₁Indicate that current timestamp, Δ t indicate transmission message { R₂,σ,t_cMistake The time delay allowed in journey；

User node B calculates intermediate parameters R₁, k and plaintext m, and verify R₁=c × P-H₄(m)×PK_pIt is whether true；If so, User node B receives ciphertext σ；Otherwise, refuse ciphertext σ；

User node B verifies Acd=R₂-R₁It is whether true；If so, then user node B calculates eap-message digest h₁=H₁(ID_c|| t_c,Acd||c)；Otherwise, authentification failure；Wherein, | | indicate cascade operation；

User node B session key key=H₂(h₁,R₁), and calculate Message Authentication Code M₁=MAC (h₁, key), by message Identifying code is sent to user node A；Wherein, MAC () indicates to calculate Message Authentication Code operation；

5th step, the user node A authentication secret in PKI block catenary system:

User node A calculates eap-message digest h₁=H₁(ID_c||t_c, Acd | | c), session key key=H₂(h₁,R₁)；

Generate new Message Authentication Code M₁ ^*=MAC (h₁, key), check M₁With M₁ ^*It is whether equal, if equal, user node A and and Authentication success, both sides possess identical session key, can then carry out between isomery block chain between user node B Across chain communication；Otherwise, authentication fails.

2. the identity identifying method of isomery block chain under across chain scene according to claim 1, which is characterized in that step 1 Described in key schedule it is as follows:

Step 1, fromOne number of middle random selection, the private key x as user node A_p, whereinExpression set 1 ..., q- 1}；

Step 2, according to PK_p=x_pP formula calculates the public key PK of user node A_p；Wherein, P indicates addition cyclic group G₁In one A generation member.

3. the identity identifying method of isomery block chain under across chain scene according to claim 1, which is characterized in that step 1 Described in account information Acd, parameter δ, signing messages σ₁It is to be calculated by following formula:

Wherein, w₁It indicates from setIn a number randomly selecting, H₀() indicates that hashing operation, P indicate addition cyclic group G₁ In a generation member, H₁() indicates hashing operation, ID_pIndicate the identity of user node A, PK_pIndicate the public affairs of user node A Key, s indicate master key.

4. the identity identifying method of isomery block chain under across chain scene according to claim 1, which is characterized in that step 2 Described in by part private key generating algorithm the step of it is as follows:

Wherein, T indicates intermediate parameters, and t is indicated from setIn an integer randomly selecting, P indicates addition cyclic group G₁In A generation member, γ indicate cryptographic Hash, ID_cIndicate the identity of user node B, s indicates that master key, d indicate calculated portion Divide private key.

5. the identity identifying method of isomery block chain under across chain scene according to claim 1, which is characterized in that step 3 Described in intermediate parameters r, R₁、r₁、r₂, U, c be to be calculated by following formula:

Wherein, H₂() indicates that hashing operation, k indicate randomly selected n binary integer, and m expression, which is sent out, gives user node The plaintext of B, P indicate addition cyclic group G₁In a generation member,Indicate xor operation by turn, H₃() indicates hashing operation, PK_c1Indicate that the part public key of user node B, T indicate intermediate parameters, γ indicates cryptographic Hash, P_pIndicate across platform chain public key, x_pTable Show the private key of user node A, H₄() indicates that hashing operation, mod indicate modulo operation, and n indicates mould.

6. the identity identifying method of isomery block chain under across chain scene according to claim 1, which is characterized in that step 4 Described in intermediate parameters R₁, k and plaintext m be to be calculated by following formula:

Wherein, x_cIt indicates from setIn the integer that randomly selects, U indicates the calculated intermediate parameters of step 3, and d indicates user The part private key of node B, P indicate addition cyclic group G₁In a generation member, r₂Indicate the calculated intermediate parameters of step 3, Indicate xor operation by turn, H₃() indicates hashing operation, r₁Indicate the calculated intermediate parameters of step 3, H₂() indicates Hash Operation.

Technical field

The invention belongs to field of communication technology, further relate to one of network communication network security technology area across The identity identifying method of isomery block chain under chain scene.The present invention can be used for public key cryptography infrastructure PKI (Public Key Infrastructure) block catenary system and no CertPubKey cipher system CLC (Certificateless Public Key Cryptography) the user both sides of block catenary system carry out mutual authentication when communicating across chain.

Background technique

The framework of block catenary system can be divided into data Layer, network layer, common recognition layer, excitation layer and application layer, wherein data Layer It has been related to the technologies such as chain structure, public encryption system and the digital signature of block data, and public encryption system therein It can be mentioned by public key cryptography infrastructure PKI or without CertPubKey cipher system CLC with the related services of technologies such as signatures It is different, the referred to as isomerism of block chain for, that is to say, that the framework of different blocks catenary system.Isomery block catenary system exists Difference on framework leads to that authentication can not be carried out between system, and then can not communicate " across chain ".

China Geological Univ. Wuhan is in a kind of patent document " side of seamless interfacing between block chain Verification System of its application A kind of block is proposed in method, equipment and storage equipment " (application number 201810213783.X, publication number CN 108566274A) The method of seamless interfacing between chain Verification System.This method realization, which allows, acentric block chain Verification System and has center block chain to recognize Card system carries out being mutually authenticated for identity and information by being coupled server, wherein there is acentric block chain Verification System to use Be public key cryptography infrastructure PKI, there is the block chain Verification System at center to use identification cipher system IBC, be coupled clothes Identity, message and the information signature information of business device verifying non-stop layer block chain Verification System (sender), have then relayed to Center block chain Verification System (authenticating party) allows it to verify identity, message and the information signature information for being coupled server, non-stop layer Block chain Verification System is authenticated when having center block chain Verification System as authenticating party similarly, to realize between isomery block chain Be mutually authenticated.Shortcoming existing for this method is: the certification in method between the block catenary system of two kinds of different frameworks is real It is that a kind of block catenary system sends identity, message and information signature to being coupled server by its certification, after certification passes through, connection on border Knot server again signs information, then identity, message and information signature are transmitted to another block catenary system and recognized by it Card, docking between Lai Shixian block catenary system, process is cumbersome, low efficiency.

In the patent document of its application, " the block chain based on the close algorithm of PKI-CLC isomerization polymerization label adds for Guangdong University of Technology It is proposed in decryption method " (application number 201710128952.5,106897879 A of publication number CN) a kind of based on PKI-CLC isomery The block chain encryption method of close algorithm is signed in polymerization.After getting sender's User ID and sender's client public key in the method, By the authentication center CA being set in Public Key Infrastructure PKI, generated according to sender's User ID and sender's client public key Sender's private key for user；After getting recipient's User ID, preset master key, preset secret value and preset parameter, pass through setting Key generation centre KGC in no CertPubKey cipher system CLC, according to recipient's User ID, preset master key, preset secret Close value and preset parameter generate recipient's private key for user；Then transaction record is got in plain text, to sender's private key for user, transaction Record is in plain text and preset parameter sign close, obtains ciphertext；Finally recipient's private key for user, ciphertext and preset parameter are solved Sign it is close, obtain transaction record in plain text；Finally to being polymerize to obtain new ciphertext in plain text, then polymerization verifying is carried out to new ciphertext.But Be that the shortcoming that this method still has is: in two heterogeneous systems, send information every time will be to polymerizeing in plain text New ciphertext is formed, then polymerization verifying is carried out to new ciphertext, method flow is complicated；And bilinear map behaviour has been used during label are close Make, has used bilinear map operation and inversion operation during solution label are close, computation complexity is high, and communication overhead is big, is communicating When measuring larger, the burden quite weighed can be caused to system.

Summary of the invention

It is an object of the invention in view of the above shortcomings of the prior art, propose isomery block chain under a kind of across chain scene Identity identifying method solves under across chain scene, the area based on Public Key Infrastructure PKI and without CertPubKey cipher system CLC Verify Your Identity questions between the user of block catenary system.

Realizing the thinking of the object of the invention is: allowing based on Public Key Infrastructure PKI and without CertPubKey cipher system CLC User node in block catenary system is registered with across platform chain respectively, then allows user node in PKI block catenary system It executes and signs close algorithm, allow the user node in CLC block catenary system to execute the close algorithm of solution label, to complete the negotiation of session key Journey then realizes the authentication between isomery block catenary system.

The specific steps of the present invention are as follows:

Step 1, the user node A in PKI block catenary system is registered with across platform chain:

Across platform chain fromMiddle random selection master key s calculates across platform chain public key P_p=sP, wherein P indicates that addition follows Ring group G₁In a generation member,Expression set 1 ..., q-1 }；

PKI block catenary system chooses user node A and obtains user using public key cryptography infrastructure key schedule The private key x of node A_pWith public key PK_p；

User node A is by { ID_p,PK_pMessage is sent to the { ID received across platform chain, across platform chain utilization_p,PK_pDisappear Breath, calculates separately account information Acd, parameter δ, signing messages σ₁, wherein ID_pIndicate the identity of user node A；

Identity account management information { Acd, σ are sent to user node A across platform chain₁,δ}；

User node A verifies Acd=σ₁P-P_pWhether δ is true；If set up, succeed in registration, user node A saves identity Account management information { Acd, σ₁, δ }, and using Acd as oneself mark；Otherwise, registration failure；

Step 2, the user node B in CLC block catenary system is registered with across platform chain:

The block catenary system of CLC chooses user node B, and family node B is by the identity ID of oneself_cIt is sent to across platform chain；

Using part private key generating algorithm, across platform chain calculating intermediate parameters T, cryptographic Hash γ, part private key d, and will disappear Breath { T, d, γ } is sent to user node B；

User node B verifies e (d × P, P)=e (T, P) × e (P_p, γ × P) it is whether true；If set up, user is obtained The complete private key sk of node B_c={ x_c,d}；Otherwise, registration failure；Wherein, e () indicates bilinear map operation, x_cIndicate from SetIn the integer that randomly selects；

Calculate the part public key PK of user node B_c1=x_cP；

User node B will be from intermediate parameters T, the cryptographic Hash γ and part public key PK received across platform chain_c1, it has been combined into Whole public key PK_c={ T, PK_c1,γ}；

Across platform chain by identity account management information { Acd, the σ of user node A₁, δ } and public key PK_pIt is sent to user node B；

User node B verifies Acd=σ₁P-P_pWhether δ is true；If so, user node B saves message { Acd, σ₁,PK_p, δ }, and the legal identity of Acd considered as user node A is identified；Otherwise, registration failure；

Step 3, the user node A in PKI block catenary system carries out system authentication and key agreement:

User node A calculates intermediate parameters r, c, R₁、r₁、r₂, after U by intermediate parameters c, R₁、r₁、r₂, U be combined into ciphertext σ ={ c, R₁,r₁,r₂,U}；

It calculates account and protects information R₂=R₁+Acd；

User node A is by service request information { R₂,σ,t_cIt is sent to user node B, wherein t_cWhen indicating service request Between；

Step 4, the user node B in CLC block catenary system carries out system authentication and key agreement:

User node B receives message { R₂,σ,t_cAfter, verifying | t_c-t₁Whether |≤Δ t is true；If set up, recognize Surely the message received is legal, otherwise, authentification failure；Wherein, t₁Indicate that current timestamp, Δ t indicate transmission message { R₂,σ, t_cDuring allow time delay；

User node B calculates intermediate parameters R₁, k and plaintext m, and verify R₁=c × P-H₄(m)×PK_pIt is whether true；If It sets up, user node B receives ciphertext σ；Otherwise, refuse ciphertext σ；

User node B verifies Acd=R₂-R₁It is whether true；If so, then user node B calculates eap-message digest h₁=H₁ (ID_c||t_c,Acd||c)；Otherwise, authentification failure；Wherein, | | indicate cascade operation；

User node B session key key=H₂(h₁,R₁), and calculate Message Authentication Code M₁=MAC (h₁, key), it will Message Authentication Code is sent to user node A；Wherein, MAC () indicates to calculate Message Authentication Code operation；

Step 5, the user node A authentication secret in PKI block catenary system:

User node A calculates eap-message digest h₁=H₁(ID_c||t_c, Acd | | c), session key key=H₂(h₁,R₁)；

Generate new Message Authentication Code M₁*=MAC (h₁, key), check M₁With M₁* whether equal；If equal, user node A and the authentication success between user node B, both sides possess identical session key, can then carry out isomery block chain Between across chain communication；Otherwise, authentication fails.

Compared with the prior art, the present invention has the following advantages:

First, due to the user node B in user node A and CLC the block catenary system in PKI block catenary system of the present invention It is registered respectively to across platform chain, then user node A, which is executed, signs close algorithm, and user node B executes solution and signs close algorithm, common to complete Authentication and cipher key agreement process negotiate identical session key, can then securely communicate, and overcome existing skill A kind of block catenary system needs to send identity, message and information signature to being coupled server by its certification in art, after certification passes through, It is coupled server information is signed again, then identity, message and information signature is transmitted to another block catenary system by it Certification carries out communication and requires the cumbersome problem of the process authenticated to identity and message, every time so that the present invention only needs A key agreement is carried out, the efficiency of the identity identifying method of isomery block chain under across chain scene is improved.

Second, due to user section of the present invention in user node A and CLC the block catenary system in PKI block catenary system During point B is successively carried out with across platform chain registration, system authentication and key agreement, it is achieved that verifying, overcomes existing Technology sign close reconciliation label it is close after, it is also necessary to being polymerize to obtain new ciphertext in plain text, then new ciphertext is carried out to polymerize verifying Problem, so that the process of authentication of the invention is more succinct efficient under the premise of guaranteeing safety, anonymity, non-repudiation.

Third, in the whole process due to the present invention, other than a bilinear map operation has been used when verifying only The high operations of operation efficiencies such as common arithmetic, hashing operation, nodulo-2 addition operation have been used, the prior art has been overcome and is signing It is close, solution label are close, have used bilinear map operation in polymerization verification process, and used during solution label are close take inverse operation and Caused by computationally intensive problem so that authentication procedures computation complexity of the invention is low, communication overhead is small.

Detailed description of the invention

Fig. 1 is flow chart of the invention.

Fig. 2 is user node A in PKI block catenary system of the invention and the flow chart registered across platform chain；

Fig. 3 is user node B in CLC block catenary system of the invention and the flow chart registered across platform chain；

Fig. 4 is the process of user node B the progress system authentication and key agreement in CLC block catenary system of the invention Figure；

Fig. 5 is the flow chart of the user node A authentication secret in PKI block catenary system of the invention.

Specific embodiment

The present invention is described further with reference to the accompanying drawing.

Referring to attached drawing 1, specific steps of the invention are further described.

Step 1, the user node A in PKI block catenary system is registered with across platform chain.

Referring to attached drawing 2, step 1 of the invention is further described.

Across platform chain fromMiddle random selection master key s calculates across platform chain public key P_p=sP, wherein P indicates that addition follows Ring group G₁In a generation member,Indicate finite field Z_q=0,1 ..., and q-1 } remove the set after element zero.

The block catenary system of PKI is chosen user node A and is used using public key cryptography infrastructure key schedule The private key x of family node A_pWith public key PK_p；

Steps are as follows for public key cryptography infrastructure key schedule:

Step 1, fromOne number of middle random selection, the private key x as user node A_p, whereinIndicate set {1,...,q-1}；

Step 2, according to PK_p=x_pP formula calculates the public key PK of user node A_p；Wherein, P indicates addition cyclic group G₁In A generation member.

User node A is by { ID_p,PK_pMessage is sent to the { ID received across platform chain, across platform chain utilization_p,PK_pDisappear Breath, calculates separately account information Acd, parameter δ, signing messages σ₁, wherein ID_pIndicate the identity of user node A；

Account information Acd, parameter δ, signing messages σ₁It is to be calculated by following formula:

Wherein, w₁It indicates from setIn a number randomly selecting, H₀() indicates that hashing operation, P indicate that addition follows Ring group G₁In a generation member, H₁() indicates hashing operation, ID_pIndicate the identity of user node A, PK_pIndicate user node The public key of A, s indicate master key.

Identity account management information { Acd, σ are sent to user node A across platform chain₁,δ}；

User node A verifies Acd=σ₁P-P_pWhether δ is true；If set up, succeed in registration, user node A saves identity Account management information { Acd, σ₁, δ }, and using Acd as oneself mark；Otherwise, registration failure；

Step 2, the user node B in CLC block catenary system with across platform chain carry out registration

Referring to attached drawing 3, step 2 of the invention is further described.

The block catenary system of CLC chooses user node B, and family node B is by the identity ID of oneself_cIt is sent to across platform chain；

Using part private key generating algorithm, across platform chain calculating intermediate parameters T, cryptographic Hash γ, part private key d, and will disappear Breath { T, d, γ } is sent to user node B；

The step of part private key generating algorithm calculating section private key d, is as follows:

Wherein, T indicates intermediate parameters, and t is indicated from setIn an integer randomly selecting, P indicates addition cyclic group G₁In a generation member, γ indicate cryptographic Hash, ID_cIndicate the identity of user node B, s indicates that master key, d indicate calculated Part private key.

User node B verifies e (d × P, P)=e (T, P) × e (P_p, γ × P) it is whether true；If set up, user is obtained The complete private key sk of node B_c={ x_c,d}；Otherwise, registration failure；Wherein, e () indicates bilinear map operation, x_cIndicate from SetIn the integer that randomly selects；

Calculate the part public key PK of user node B_c1=x_cP；

User node B will be from intermediate parameters T, the cryptographic Hash γ and part public key PK received across platform chain_c1, it has been combined into Whole public key PK_c={ T, PK_c1,γ}；

Across platform chain by identity account management information { Acd, the σ of user node A₁, δ } and public key PK_pIt is sent to user node B；

User node B verifies Acd=σ₁P-P_pWhether δ is true；If so, user node B saves message { Acd, σ₁,PK_p, δ }, and Acd is taken as to the identity of legitimate node；Otherwise, registration failure；

Step 3, the user node A in PKI block catenary system carries out system authentication and key agreement.

User node A calculates intermediate parameters r, c, R₁、r₁、r₂, after U by intermediate parameters c, R₁、r₁、r₂, U be combined into ciphertext σ ={ c, R₁,r₁,r₂,U}；

Intermediate parameters r, R₁、r₁、r₂, U, c be to be calculated by following formula:

Wherein, H₂() indicates that hashing operation, k indicate randomly selected n binary integer, and m expression, which is sent out, gives use The plaintext of family node B, P indicate addition cyclic group G₁In a generation member,Indicate xor operation by turn, H₃() indicates to breathe out Uncommon operation, PK_c1Indicate that the part public key of user node B, T indicate intermediate parameters, γ indicates cryptographic Hash, P_pIndicate across platform chain public affairs Key, x_pIndicate the private key of user node A, H₄() indicates that hashing operation, mod indicate modulo operation, and n indicates mould.

It calculates account and protects information R₂=R₁+Acd；

User node A is by service request information { R₂,σ,t_cIt is sent to user node B, wherein t_cWhen indicating service request Between；

Step 4, the user node B in CLC block catenary system carries out system authentication and key agreement.

Referring to attached drawing 4, step 4 of the invention is further described.

User node B receives message { R₂,σ,t_cAfter, verifying | t_c-t₁Whether |≤Δ t is true；If set up, recognize Surely the message received is legal, otherwise, authentification failure；Wherein, t₁Indicate that current timestamp, Δ t indicate transmission message { R₂,σ, t_cDuring allow time delay；

User node B calculates intermediate parameters R₁, k and plaintext m, and verify R₁=c × P-H₄(m)×PK_pIt is whether true；If It sets up, user node B receives ciphertext σ；Otherwise, refuse ciphertext σ；

The intermediate parameters R₁, k and plaintext m be to be calculated by following formula:

Wherein, x_cIt indicates from setIn the integer that randomly selects, U indicates the calculated intermediate parameters of step 3, and d is indicated The part private key of user node B, P indicate addition cyclic group G₁In a generation member, r₂Indicate the calculated intermediate ginseng of step 3 Number,Indicate xor operation by turn, H₃() indicates hashing operation, r₁Indicate the calculated intermediate parameters of step 3, H₂() table Show hashing operation.

User node B verifies Acd=R₂-R₁It is whether true；If so, then user node B calculates eap-message digest h₁=H₁ (ID_c||t_c,Acd||c)；Otherwise, authentification failure；Wherein, | | indicate cascade operation；

User node B session key key=H₂(h₁,R₁), and calculate Message Authentication Code M₁=MAC (h₁, key), it will Message Authentication Code is sent to user node A；Wherein, MAC () indicates to calculate Message Authentication Code operation；

Step 5, the user node A authentication secret in PKI block catenary system.

Referring to attached drawing 5, step 5 of the invention is further described.

User node A calculates eap-message digest h₁=H₁(ID_c||t_c, Acd | | c), session key key=H₂(h₁,R₁)；

Generate new Message Authentication Code M₁*=MAC (h₁, key), check M₁With M₁* whether equal；If equal, user node A and the authentication success between user node B, both sides possess identical session key, can then carry out isomery block chain Between across chain communication；Otherwise, authentication fails.