A blockchain and signature based scheme for cross-domain authentication with decentralized identity

Currently, users access various network services without a unified identity authentication among domains, which not only obliges users to numerous network accounts, but also creates significant inconvenience for cross-domain authentication. Most existing schemes rely on the Public Key Infrastructure (PKI) system, which depends on the trustworthiness of Certificate Authorities (CAs). However, this poses challenges to maintaining user identity privacy. Addressing this issue, this paper proposes a blockchain-based cross-domain identity authentication scheme utilizing decentralized identity management, where users only need to register an account within one domain and can access services in other domains through verifiable credentials (VC). The scheme designs two types of VC, namely, directional VCs and general VCs. General VCs use threshold signatures allowing access to a larger number of domains. It also introduces proxy signatures to design a method for credential borrowing, further enhancing user convenience. Logical analysis using the Subject- Verb-Object (SVO) structure confirms the scheme's viability, while security analysis indicates its resilience against various attacks, including replay, impersonation, and internal threats. Moreover, the scheme provides substantial benefits for safeguarding user privacy and data security.