Oracle Based Privacy-Preserving Cross-Domain Authentication Scheme

The Public Key Infrastructure (PKI) system is the cornerstone of today's security communications. All users in the service domain covered by the same PKI system are able to authenticate each other before exchanging messages. However, there is identity isolation in different domains, making the identity of users in different domains cannot be recognized by PKI systems in other domains. To achieve cross-domain authentication, the consortium blockchain system is leveraged in the existing schemes. Unfortunately, the consortium blockchain-based authentication schemes have the following challenges: high cost, privacy concerns, scalability and economic unsustainability. To solve these challenges, we propose a scalable and privacy-preserving cross-domain authentication scheme called Bifrost-Auth. Firstly, Bifrost-Auth is designed to use a decentralized oracle to directly interact with blockchains in different domains instead of maintaining a consortium blockchain and enables mutual authentication for users lying in different domains. Secondly, users can succinctly authenticate their membership of the domain by the accumulator technique, where the membership proof is turned into zero knowledge to protect users' privacy. Finally, Bifrost-Auth is proven to be secure against various attacks, and thorough experiments are carried out and demonstrate the security and efficiency of Bifrost-Auth.