| CPC H04L 9/3066 (2013.01) [G06Q 50/265 (2013.01); H04L 9/50 (2022.05)] | 3 Claims |
|
1. A traffic accident forensics method based on a blockchain, comprising:
step S1, initialization of a trust authority: selecting, by the trust authority, an elliptic curve E(⋅) with a generator P, a secure one-way Hash function h(⋅), a fuzzy extraction function Gen(⋅), and a recovery function Rep(⋅); and selecting random numbers (SKTA, KTA) as a long-term private key of the trust authority, and determining a point multiplication result based on an elliptic curve algorithm as a public key PKTA=SKTA·P of the trust authority; and publishing parameters {P, E(⋅), h(⋅), Gen(⋅), Rep(⋅), PKTA};
step S2, submitting, by vehicles and road side units, registration requests to the trust authority; after identities of the vehicles and the road side units are verified by the trust authority, feeding, by the trust authority, registration information of the vehicles and registration information of the road side units to the vehicles and the road side units respectively, and storing the registration information of the vehicles and the registration information of the road side devices in corresponding on-board circuits of the vehicles and corresponding storage circuits of the road side units, respectively; wherein for a vehicle Vi of the vehicles and a road side unit of the road side units, the step S2 further comprises:
sub-step S2.1, selecting, by the vehicle Vi, a random number SKVi as a long-term private key of the vehicle Vi, and determining a point multiplication result based on the elliptic curve algorithm as a public key PKVi=SKVi·P of the vehicle Vi; sending, by the vehicle Vi, an identity number VIDi of the vehicle Vi, the public key PKVi of the vehicle Vi, and vehicle appearance information VaIi of the vehicle Vi to the trust authority through a secure message channel;
sub-step S2.2, after the identity number VIDi of the vehicle Vi is verified by the trust authority, calculating, by the trust authority, an identity-verification parameter bi of the vehicle Vi, selecting a random number ri and a random number ai, calculating a point multiplication result Ai=ai·P based on the elliptic curve algorithm of the random number ai, determining a pseudonym PIDi=EKTA(VIDi, VaIi, ri) of the vehicle Vi, EKTA(VIDi, VaIi, ri) representing a function that uses the long-term private key KTA to encrypt the identity number VIDi, the vehicle appearance information VaIi, and the random number ri based on the elliptic curve algorithm; then returning parameters {PIDi, Ai, bi, PKTA, ri} to the vehicle Vi, where the identity-verification parameter bi is expressed as bi=h(PIDi∥PKvi∥Ai)*SKTA+ai;
sub-step S2.3, verifying, by the vehicle Vi, correctness of a point multiplication result bi·P=h(PIDi∥PKVi∥Ai)·PKTA+Ai of the identity-verification parameter bi based on the elliptic curve algorithm; when the point multiplication result bi·P=h(PIDi∥PKVi∥Ai)·PKTA+Ai is correct, inputting, by a driver of the vehicle Vi, biological information Bioi of the driver of the vehicle Vi; calculating, by the vehicle Vi, a biological key σi and a key recovery parameter τi using (σi, τi)=Gen(Bioi), calculating a login-verification parameter Vi=h(σi∥VaIi), Si1=bi⊕h(σi∥Vi) used to encrypt and store the identity-verification parameter bi, Si2=SKVi⊕h(Vi∥σi) used to encrypt and store the long-term private key SKVi, and Si3=ri⊕h(VIDi∥σi) used to encrypt and store the random number ri; and storing, by the vehicle Vi, the registration information {P, Vi, Si1, Si2, Si3, Ai, PKVi, PKTA, PIDi, Rep(⋅), VaIi, τi} of the vehicle Vi in the on-board circuit of the vehicle Vi;
sub-step S2.4, selecting, by the trust authority, an identity mark RIDt, a private key SKRt, and a random number zt for the road side unit; calculating a public key PKRt=SKRt·P of the road side unit based on the elliptic curve algorithm, calculating a point multiplication result Zt=zt·P of the random number zt based on the elliptic curve algorithm, and calculating an identity-verification parameter yt=h(RIDt∥PKRt∥Zt)*SKTA+zt of the road side unit; and sending, by the trust authority, the registration information {RIDt, yt, Zt, SKRt, PKRt, PKTA} of the road side unit to the road side unit through the secure message channel; and
sub-step S2.5, after the road side unit receives the registration information {RIDt, yt, Zt, SKRt, PKRt, PKTA}, verifying correctness of a point multiplication result yt·P=h(RIDt∥PKRt∥Zt)*PKTA+Zt of the identity-verification parameter yt based on the elliptic curve algorithm; when the point multiplication result yt·P is wrong, resubmitting a registration request by the road side unit, otherwise storing the registration information {RIDt, yt, Zt, SKRt, PKRt, PKTA} to the storage circuit of the road side unit;
step S3, after an accident occurs between the vehicle Vi and a vehicle Vj, performing, by the vehicle Vi and the vehicle Vj, processes of mutually confirming accident information and signing accident reports, and the processes comprising:
sub-step S3.1, inputting, by a driver of the vehicle Vi, the biological information Bioi to the vehicle Vi; recovering, by the vehicle Vi, the biological key σi=Rep (Bioi, τi); calculating the login-verification parameter Vi=h(σi∥VaIi), and verifying correctness of the login-verification parameter Vi=h(σi∥VaIi); when the login-verification parameter Vi=h(σi∥VaIi) is correct, determining that identity verification of the driver is successful; then decrypting, by the vehicle Vi, the identity-verification parameter bi=Si1⊕h(σi∥Vi) and the long-term private key SKVi=Si2⊕h(Vi∥σi), and generating, by the vehicle Vi, a random number di1, a random number di2, a time stamp Ti, and accident information D1 comprising an image or a video;
calculating a point multiplication result Di1=di1·P of the random number di1, a point multiplication result Di2=di2·P of the random number di2, and an accident report verification parameter ci1=SKVi+h(D1∥Di1∥Di2∥T1∥PIDi∥VaIi)*di1 based on the elliptic curve algorithm; and sending, by the vehicle Vi, an accident report Mi1={D1, bi, PIDi, Ai, Di1, Di2, PKVi, ci1, VaIi, T1} to the vehicle V;
sub-step 3.2, inputting, a driver of the vehicle Vj, biological information Bioj of the driver of the vehicle Vj to the vehicle Vj, recovering, by the vehicle Vj, a biological key σj=Rep(Bioj, τj), calculating a login-verification parameter Vj=h(σj∥VaIj) of the vehicle Vj, and verifying correctness of the login-verification parameter Vj=h(σj∥VaIj); when the login-verification parameter Vj=h(σj∥VaIj) is correct, determining that identity verification of the driver is successful; then decrypting, by the vehicle Vj, an identity-verification parameter bj=Sj1⊕h(σj∥Vj) of the vehicle Vj and a long-term private key SKVj=Sj2⊕h(Vj∥σj) of the vehicle Vj, and generating, by the vehicle Vj, a random number dj1, a random number dj2, a time stamp T2, and accident information D2 comprising an image or a video;
calculating a point multiplication result Dj1=dj1·P of the random number dj1 based on the elliptic curve algorithm, calculating a point multiplication result Dj2=dj2·P of the random number dj2 based on the elliptic curve algorithm, and calculating an accident report verification parameter cj1=SKVj+h(D2∥Dj1∥Dj2∥T1∥PIDj∥VaIj)*dj1; and
sending, by the vehicle Vj, an accident report Mj1={D2, bj, PIDj, Aj, Dj1, Dj2, PKVj, cj1, VaIj, T2} to the vehicle Vi;
sub-step 3.3, after the vehicle Vi receives the accident report Mj1 from the vehicle Vj, performing, by the vehicle Vi, first verifications on freshness of the time stamp T2, correctness of a point multiplication result bj·P=h(PIDj∥PKVj∥Aj)*PKTA+Aj of the identity-verification parameter bj based on the elliptic curve algorithm, and correctness of a point multiplication result cj1·P=PKVj+h(D2∥Dj1∥Dj2∥T2∥PIDj∥VaIj)*Dj1 of the accident report verification parameter cj1 based on the elliptic curve algorithm; after the first verifications are passed, confirming, by the vehicle Vi, the accident information D2, when the driver of the vehicle Vi agrees that the accident information D2 sent by the accident vehicle Vj is reasonable, signing the accident information D2 by:
calculating, by the vehicle Vi, a point addition result Dij=Di2+Dj2 of the point multiplication result Di2 and the point multiplication result Dj2 based on the elliptic curve algorithm, and calculating, by the vehicle Vi, an accident report verification parameter ci2=SKVi+h(D1∥D2∥Dij∥T1∥PIDi∥T2∥PIDj∥VaIi∥VaIj)*di2; and
sending, by the vehicle Vi, an signed accident report Mi2={ci2, PIDi, VaIi, PIDj} to the vehicle Vj;
sub-step S3.4, after the vehicle Vj receives the accident report Mi1 from the vehicle Vi, performing, by the vehicle Vj, second verifications on freshness of the time stamp T1, correctness of a point multiplication result bi·P=h(PIDi∥PKVi∥Ai)*PKTA+Ai of the identity-verification parameter bi based on the elliptic curve algorithm, and correctness of a point multiplication result ci1·P=PKVi+h(D1∥Di1∥Di2∥T1∥PIDi∥VaIi)*Di1 of the accident report verification parameter ci1 based on the elliptic curve algorithm; after the second verifications are passed, confirming, by the vehicle Vj, the accident information D1; when the driver of the vehicle Vj agrees that the accident information D1 sent by the accident vehicle Vi is reasonable, signing the accident information D1 by:
calculating, by the vehicle Vj, the point addition result Dij=Di2+Dj2 of the point multiplication result Di2 and the point multiplication result Dj2 based on the elliptic curve algorithm, and calculating, by the vehicle Vj, an accident report verification parameter cj2=SKVj+h(D1∥D2∥Dij∥T1∥PIDi∥T2∥PIDj∥VaIi∥VaIj)*dj2; and
sending, by the vehicle Vj, an signed accident report Mj2={ci2, PIDi, VaIi, PIDj} to the vehicle Vi;
sub-step 3.5, after the vehicle Vi receives the signed accident report Mj2 from the vehicle Vj, calculating, by the vehicle Vi, a sum cij=cj2+ci2 of the accident report verification parameter cj2 and the accident report verification parameter ci2, then verifying correctness of a point multiplication result cij·P=PKVj+PKVi+h(D1∥D2∥Dij∥T1∥PIDi∥T2∥PIDj∥VaIi∥VaIj)Dij of the sum cij based on the elliptic curve algorithm, and when the point multiplication result cijP is correct, determining that the corresponding accident reports are signed by the vehicle Vi and the vehicle Vj; and
sub-step 3.6, after the vehicle Vj receives the signed accident report Mi2 from the vehicle Vj, calculating, by the vehicle Vj, the sum cij=cj2+ci2 of the accident report verification parameter cj2 and the accident report verification parameter ci2, then verifying correctness of the point multiplication result cij·P=PKVj+PKVi+h(D1∥D2∥Dij∥T1∥PIDi∥T2∥PIDj∥VaIi∥VaIj)Dij of the sum cij based on the elliptic curve algorithm, and when the point multiplication result cij·P is correct, determining that the corresponding accident reports are signed by the vehicle Vi and the vehicle Vj;
step S4, uploading, by the road side unit, accident information Tx to the blockchain after the road side unit identifies the vehicle Vi and the vehicle Vj; and wherein the uploading comprises:
sub-step S4.1, sending, by the vehicle Vi, a message M1={PIDi, bi, PKvi, Ai, PIDj, bj, PKvj, Aj} to the road side unit, and the message M1 comprising a parameter set;
sub-step S4.2, after the road side unit receives the message M1, verifying, by the road side unit, correctness of a point multiplication result (bi+bj)·P=(h(PIDi∥PKvi∥Ai)+h(PIDj∥PKvj∥Aj)) PKTA+(Ai+Aj) of a sum of the identity-verification parameter bi and the identity-verification parameter bj based on the elliptic curve algorithm; and when the point multiplication result (bi+bj)·P is correct, sending, by the road side unit, a message M2={RIDt, yt, Zt, PKRt} to the vehicle Vi;
sub-step S4.3, after the vehicle Vi receives the message M2, verifying, by the vehicle Vi, correctness of a point multiplication result yt·P=h(RIDt∥PKRt∥Zt)PKTA+Zt of the identity-verification parameter yt of the road side unit based on the elliptic curve algorithm; and when the point multiplication result yt·P is correct, sending, by the vehicle Vi, a message M3={cij, PKvi, PKvj, D1, D2, Dij, T1, PIDi, T2, PIDj, VaIi, VaIj} to the road side unit; and
sub-step S4.4, after the road side unit receives the message M3, verifying, by the road side unit, correctness of a point multiplication result cij·P=PKVj+PKVi+h(D1∥D2∥Dij∥T1∥PIDi∥T2∥PIDj∥VaIi∥VaIj)Dij of the sum cij based on the elliptic curve algorithm; and when the point multiplication result cij·P is correct, selecting, by the road side unit, a random number dt and calculating a point multiplication result Dt=dt·P of the random number dt based on the elliptic curve algorithm, generating a signature parameter ct=SKRt+h(cij∥T3∥Dt)dt by the road side unit, T3 of the signature parameter ct representing a time stamp, and unloading, by the road side unit, the accident information Tx={cij, PKvi, PKvj, D1, D2, Dij, T1, PIDi, T2, PIDj, VaIi, VaIj, RIDt, PKRt, T3, ct, Dt} to the blockchain; and
step S5, updating, by the vehicle Vi, a temporary identity to prevent identity tracking attacks, and wherein the updating comprises:
sub-step S5.1, inputting, by the driver of the vehicle Vi, the biological information Bioi of the driver of the vehicle Vi to the vehicle Vi; recovering, by the vehicle Vi, the biological key σi=Rep(Bioi, τi), calculating the login-verification parameter Vi=h(σi∥VaIi), and verifying the correctness of the login-verification parameter Vi=h(σi∥VaIi); and when Vi≠h(σi∥VaIi), determining that the login-verification parameter Vi=h(σi∥VaIi) is wrong, otherwise decrypting, by the vehicle Vi, the random number ri=Si3⊕h(VIDi∥σi);
sub-step 5.2, reselecting, by the vehicle Vi, a random number SKVi* as a private key; and generating a time stamp T4, calculating a point multiplication result PKVi*=SKVi*·P of the random number SKVi* based on the elliptic curve algorithm, and the point multiplication result PKVi* representing a public key; encrypting, by the vehicle Vi, a message M1=Eri(VIDi, PKVi*, PIDi, T4), and sending, by the vehicle Vi, a first message set {PIDi, M1, T4} to the trust authority for an update request;
sub-step 5.3, after the trust authority receives the update request, verifying, by the trust authority, freshness of the time stamp T4, when the freshness of the time stamp T4 passes a verification of the trust authority, decrypting, by the trust authority, the message M1 by (VIDi, VaIi, ri)=DKTA(PIDi) and (VIDi*, PKvi*, PIDi*, T4*)=Dri(M1); verifying, by the trust authority, equations VIDi*=VIDi, PIDi*=PIDi, and T4*=T4; when the equations hold, generating, by the trust authority, a random number ri* and a random number ai*; calculating, by the trust authority, a point multiplication result Ai*=ai*·P of the random number ai* based on the elliptic curve algorithm; calculating, by the trust authority, a pseudonym PIDi*=EKTA (VIDi∥VaIi∥ri*) of the vehicle Vi; calculating, by the trust authority, an identity-verification parameter bi*=h(PIDi*∥PKVi*∥Ai*)*SKTA+ai* of the vehicle Vi; generating, by the trust authority, a time stamp T5; calculating a message M2=Eri(VIDi, Ai*, PIDi*, bi*, ri*, T5), and sending a second message set {PIDi, M2, T5} to the vehicle Vi; and
sub-step S5.4, after the vehicle Vi receives the second message set {PIDi, M2, T5}, verifying, by the vehicle Vi, freshness of the time stamp T5; when the freshness of the time stamp T5 passes a verification of the vehicle Vi, decrypting, by the vehicle Vi, the message M2 by (VIDi**, Ai*, PIDi*, bi*, T5*)=Dri(M2); verifying, by the vehicle Vi, correctness of a point multiplication result bi*·P=h(PIDi*∥PKVi*∥Ai*)*PKTA+Ai* of the identity-verification parameter bi* based on the elliptic curve algorithm; when the point multiplication result bi*·P is correct, VIDi**=VIDi, and T5*=T5, calculating, by the vehicle Vi, a login-verification parameter Vi*=h(σi∥VaIi), S1*=bi*⊕h(σi∥Vi) used to encrypt and store the identity-verification parameter bi*, Si2*=SKVi*⊕h(Vi∥σi) used to encrypt and store the long-term private key SKVi*, and Si3*=ri*⊕h(VIDi∥σi) used to encrypt and store the random number ri*; and replacing, by the vehicle Vi, the registration information{P, Vi, Si1, Si2, Si3, Ai, PKVi, PKTA, PIDi, Rep(⋅), VaIi, τi} of the vehicle Vi stored in the on-board circuit with {P, Vi, Si1*, Si2*, Si3*, Ai*, PKVi*, PKTA, PIDi*, Rep(⋅), VaIi, τi}.
|