Revocable Certificateless Cross-Domain Authentication Scheme Based on PrimarySecondary Blockchain

Cross-domain interaction in social networks and mobile applications is rapidly expanding. The demand for accessing data across multiple domains from different applications is growing. Establishing robust authorization and access control mechanisms within trusted domains has become a critical foundation for data security. Despite advancements in the field of identity authentication and cross-domain access, challenges persist in various application domain transition scenarios, including cumbersome and inefficient processes, and the potential for authority misuse by malicious actors in decentralized environments. To mitigate these limitations, we propose a blockchain-based scheme that leverages consensus mechanisms to enable "one-time authentication, multidomain authorization." This scheme enhances security attributes and performance in several key aspects. First, we developed a primary-secondary chain model compatible with multiple trusted domains, where the primary chain records user authentication and authorization information, and the secondary chain logs domain-specific user identity registration information. Nodes within the primary and secondary chains reach a rapid consensus on authentication outcomes through an improved consensus algorithm. Building on this model, we devised a certificateless cross-domain identity authentication method, rendering the authentication and authorization processes more secure and efficient. Additionally, to address the issue of centralized user authority, an optimized chameleon hash function was designed to facilitate identity revocation within a multicentric environment. Furthermore, security analyses and simulation validations were conducted to assess the performance of the proposed scheme. Compared to existing approaches, our scheme demonstrates reduced computational and communication overhead, substantiating its efficacy in streamlining cross-domain interactions.