ProHoster > Ibhulogi > Ulawulo > I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Akusiyo imfihlo ukuba enye yezixhobo ezincedisayo ezisetyenziswa ngokuqhelekileyo, ngaphandle kokukhuselwa kwedatha kwiinethiwekhi ezivulekileyo akunakwenzeka, iteknoloji yesatifikethi sedijithali. Nangona kunjalo, akukho mfihlo ukuba i-drawback ephambili yetekhnoloji kukuthembela okungenammiselo kumaziko akhupha izatifikethi zedijithali. UMlawuli weTekhnoloji kunye ne-Innovation kwi-ENCRY U-Andrey Chmora ucebise indlela entsha yokulungelelanisa Iziseko ezingundoqo zoluntu (Iziseko ezingundoqo zoluntu, PKI), eya kunceda ukuphelisa ukusilela kwangoku kwaye esebenzisa i-ledger (blockchain) iteknoloji. Kodwa izinto zokuqala kuqala.

Ukuba uqhelene nendlela isitshixo sesiseko sikawonke-wonke esisebenza ngayo kwaye uyazazi iziphene zaso eziphambili, ungatsiba uye phambili kule nto sicebisa ukuyitshintsha ngezantsi.

Yintoni imisayino yedijithali kunye nezatifikethi?Ukusebenzisana kwi-Intanethi kuhlala kubandakanya ukuhanjiswa kwedatha. Sonke sinomdla wokuqinisekisa ukuba idatha ihanjiswa ngokukhuselekileyo. Kodwa yintoni ukhuseleko? Ezona nkonzo zokhuseleko zifunwa kakhulu kukugcinwa kwemfihlo, imfezeko nokunyaniseka. Ngenxa yale njongo, iindlela ze-asymmetric cryptography, okanye i-cryptography enesitshixo sikawonkewonke, zisetyenziswa ngoku.

Masiqale ngenyaniso yokuba ukusebenzisa ezi ndlela, izifundo zokunxibelelana kufuneka zibe nezitshixo ezimbini ezidityanisiweyo-esidlangalaleni kunye nemfihlo. Ngoncedo lwabo, iinkonzo zokhuseleko esizikhankanyileyo ngasentla zinikezelwa.

Kufezekiswa njani ukuba yimfihlo kokudluliselwa kolwazi? Ngaphambi kokuthumela idatha, ubhalisi othumelayo ubhala (i-cryptographically transforms) idatha evulekileyo usebenzisa isitshixo sikawonke-wonke somamkeli, kwaye umamkeli ususa i-ciphertext efunyenweyo usebenzisa iqhosha eliyimfihlo elidityanisiweyo.

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Kuphunyezwa njani ukuthembeka nokunyaniseka kolwazi olugqithisiweyo? Ukusombulula le ngxaki, kuye kwenziwa enye indlela. Idatha evulekileyo ayifihlwanga, kodwa umphumo wokusebenzisa umsebenzi we-cryptographic hash - umfanekiso "ocinezelekileyo" wokulandelelana kwedatha yokufaka - idluliselwa kwifom efihliweyo. Isiphumo se-hashing esinjalo sibizwa ngokuba "yi-digest", kwaye ifihliwe ngokusebenzisa isitshixo esifihlakeleyo somrhumeli wokuthumela ("ingqina"). Njengomphumo wokuguqulela i-digest, isignesha yedijithali ifunyenwe. Yona, kunye nombhalo ocacileyo, idluliselwa kummkeli ("umqinisekisi"). Uqhawula isignesha yedijithali kwisitshixo sikawonkewonke kwaye uyithelekisa nesiphumo sokusebenzisa umsebenzi we-cryptographic hash, apho umqinisekisi obala ngokuzimeleyo ngokusekelwe kwidatha evulekileyo efunyenweyo. Ukuba zihambelana, oku kubonisa ukuba idatha idluliselwe kwifomu eqinisekileyo kunye nepheleleyo ngumbhalisi othumelayo, kwaye ayilungiswanga umhlaseli.

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Uninzi lwezibonelelo ezisebenza ngedatha yomntu kunye nolwazi lwentlawulo (iibhanki, iinkampani ze-inshurensi, iinkampani zeenqwelo moya, iinkqubo zokuhlawula, kunye neengosi zikarhulumente ezifana nenkonzo yerhafu) zisebenzisa ngokusebenzayo iindlela ze-cryptography ze-asymmetric.

Ingaba isatifikethi sedijithali sinento yokwenza nayo? Ilula. Zombini inkqubo yokuqala neyesibini ibandakanya izitshixo zikawonke-wonke, kwaye njengoko zidlala indima ephambili, kubaluleke kakhulu ukuqinisekisa ukuba izitshixo ngokwenene zezomthumeli (ingqina, kwimeko yokuqinisekisa utyikityo) okanye ummkeli, kwaye akakho. endaweni yezitshixo zabahlaseli. Yiyo loo nto iziqinisekiso zedijithali zikhona ukuqinisekisa ubunyani kunye nokunyaniseka kwesitshixo sikawonke-wonke.

Qaphela: ukunyaniseka kunye nokunyaniseka kwesitshixo sikawonke-wonke siqinisekiswa ngendlela efanayo kunye nokunyaniseka kunye nokunyaniseka kwedatha yoluntu, oko kukuthi, ukusebenzisa i-electronic digital signature (EDS).
Zivela phi izatifikethi zedijithali?Abasemagunyeni abathembekileyo bezatifikethi, okanye ooGunyaziwe bokuQinisekisa (CAs), banoxanduva lokukhupha nokugcina izatifikethi zedijithali. Umenzi-sicelo ucela ukukhutshwa kwesatifikethi kwi-CA, uya kufumana isazisi kwiZiko loBhaliso (CR) aze afumane isatifikethi kwi-CA. I-CA iqinisekisa ukuba isitshixo sikawonke-wonke esisuka kwisatifikethi seso siko kanye esasikhutshelwe lona.

Ukuba awuqinisekisi ukunyaniseka kwesitshixo sikawonke-wonke, ngoko umhlaseli ngexesha logqithiselo/ugcino lweli qhosha angalibuyisela ngelakhe. Ukuba ukutshintshwa kuthathelwe indawo, umhlaseli uya kukwazi ukucima yonke into ethunyelwa ngumrhumi othumelayo kubhalisi owamkelayo, okanye atshintshe idatha evulekileyo ngokubona kwakhe.

Izatifikethi zedijithali zisetyenziswa naphi na apho i-asymmetric cryptography ikhoyo. Esinye sezatifikethi zedijithali eziqhelekileyo zizatifikethi ze-SSL zonxibelelwano olukhuselekileyo ngaphezulu kweprothokholi ye-HTTPS. Amakhulu eenkampani ezibhaliswe kwiindawo ezahlukeneyo zolawulo zibandakanyeka ekukhupheni izatifikethi ze-SSL. Isabelo esiphambili siwela kumaziko amahlanu ukuya kwalishumi amakhulu athembekileyo: IdenTrust, Comodo, GoDaddy, GlobalSign, DigiCert, CERTUM, Actalis, Secom, Trustwave.

I-CA kunye ne-CR zizinto ze-PKI, ezibandakanya:

  • Vula uvimba weefayili – isiseko sedatha sikawonke-wonke esibonelela ngogcino olukhuselekileyo lwezatifikethi zedijithali.
  • Uluhlu lokurhoxiswa kwesatifikethi - i-database yoluntu enikezela ngokukhuselekileyo kokugcinwa kwezatifikethi zedijithali zezitshixo zoluntu ezirhoxisiweyo (umzekelo, ngenxa yokuphazamiseka kweqhosha labucala elidityanisiweyo). Izifundo ze-Infrastructure zingakwazi ukufikelela ngokuzimeleyo kule database, okanye zingasebenzisa iProtocol yeSimo seSiqinisekiso se-Online Certification (OCSP), eyenza lula inkqubo yokuqinisekisa.
  • Abasebenzisi besatifikethi – izifundo ze-PKI ezinikwa inkonzo ezingene kwisivumelwano somsebenzisi ne-CA kwaye zingqinisise isiginitsha yedijithali kunye/okanye i-encrypt data esekelwe kwisitshixo sikawonke-wonke esisuka kwisatifikethi.
  • Ababhalisi - bakhonze izifundo ze-PKI eziphethe isitshixo esiyimfihlo esidityaniswe nesitshixo sikawonke-wonke esisuka kwisatifikethi, kwaye bangene kwisivumelwano sobhaliso kunye ne-CA. Umrhumi unokuthi ngaxeshanye abe ngumsebenzisi wesatifikethi.

Ke ngoko, amaqumrhu athembekileyo eziseko ezingundoqo zoluntu, abandakanya ii-CA, ii-CRs kunye nezalathisi ezivulekileyo, anoxanduva loku:

1. Ukuqinisekiswa kobunyani bomfaki-sicelo.
2. Ukwenza iphrofayili yesatifikethi sesitshixo sikawonke-wonke.
3. Ukukhutshwa kwesatifikethi sikawonke-wonke somfaki-sicelo onesazisi esiqinisekisiweyo ngokuthembekileyo.
4. Guqula imo yesiqinisekiso sesitshixo sikawonke-wonke.
5. Ukubonelela ngolwazi malunga nemeko yangoku yesatifikethi sesitshixo sikawonke-wonke.

Izinto ezingalunganga ze-PKI, zithini?Isiphene esisisiseko se-PKI bubukho bamaziko athembekileyo.
Abasebenzisi kufuneka bathembele ngaphandle kwemiqathango kwi-CA kunye ne-CR. Kodwa, njengoko uqheliselo lubonisa, ukuthembela ngokungenamiqathango kugcwele iziphumo ezibi.

Kule minyaka ilishumi idlulileyo, kubekho amahlazo amaninzi kulo mmandla anxulumene nokuba sesichengeni kweziseko zophuhliso.

- kwi-2010, i-malware ye-Stuxnet yaqala ukusasazeka kwi-intanethi, isayinwe isebenzisa izatifikethi ezibiwe zedijithali ezivela kwi-RealTek kunye ne-JMicron.

- Kwi-2017, i-Google yamangalela i-Symantec ngokukhupha inani elikhulu lezatifikethi eziphosakeleyo. Ngelo xesha, i-Symantec yayiyenye yee-CAs ezinkulu ngokwemiqulu yemveliso. Kwi-browser ye-Google Chrome 70, inkxaso yezatifikethi ezikhutshwe yile nkampani kunye namaziko ayo adibeneyo i-GeoTrust kunye ne-Thawte yamiswa ngaphambi kwe-1 kaDisemba 2017.

I-CAs yaphazamiseka, kwaye ngenxa yoko wonke umntu wabandezeleka-ii-CA ngokwabo, kunye nabasebenzisi kunye nababhalisi. Ukuzithemba kwiziseko ezingundoqo kujongelwe phantsi. Ukongeza, izatifikethi zedijithali zinokuvalwa kumxholo weengxabano zezopolitiko, eziya kuchaphazela nokusebenza kwezibonelelo ezininzi. Oku ngokuchanekileyo oko kwakusoyikwa iminyaka emininzi edlulileyo kulawulo lukamongameli waseRashiya, apho kwi-2016 baxubusha ithuba lokudala iziko lezatifiketi zombuso eziza kukhupha izatifikethi ze-SSL kwiindawo kwi-RuNet. Imeko yangoku yemicimbi injalo kangangokuba nakwii-portal zaseburhulumenteni eRashiya sebenzisa izatifikethi zedijithali ezikhutshwe ziinkampani zaseMelika iComodo okanye iThawte (i-subsidiary yeSymantec).

Kukho enye ingxaki - umbuzo uqinisekiso lokuqala (uqinisekiso) lwabasebenzisi. Indlela yokuchonga umsebenzisi oye waqhagamshelana ne-CA ngesicelo sokukhupha isatifikethi sedijithali ngaphandle koqhagamshelwano lobuqu oluthe ngqo? Ngoku oku kusonjululwe ngokwemeko ngokuxhomekeke kubuchule bezakhiwo. Kukho into ethatyathwe kwiirejista ezivuliweyo (umzekelo, ulwazi malunga namaqumrhu asemthethweni acela izatifikethi); kwiimeko apho abafaki-zicelo bengabantu ngabanye, ii-ofisi zebhanki okanye ii-ofisi zeposi zingasetyenziswa, apho iinkcukacha zabo ziqinisekiswa kusetyenziswa izazisi, umzekelo, incwadana yokundwendwela.

Ingxaki yokugqwetha iziqinisekiso ngenjongo yokuzenza umntu ongenguye ingundoqo. Masiqaphele ukuba akukho sisombululo esipheleleyo kule ngxaki ngenxa yezizathu zolwazi-thiyori: ngaphandle kokuba nolwazi oluthembekileyo lwe-priori, akunakwenzeka ukuqinisekisa okanye ukukhanyela ukunyaniseka kwesifundo esithile. Njengomthetho, ukwenzela ukuqinisekiswa kuyimfuneko ukubonisa isethi yamaxwebhu abonisa ubungqina bomenzi-sicelo. Kukho iindlela ezininzi zokuqinisekisa ezahlukeneyo, kodwa akukho namnye kubo onika isiqinisekiso esipheleleyo sobunyani bamaxwebhu. Ngokufanelekileyo, ukunyaniseka kwesazisi somenzi-sicelo nako akunakuqinisekiswa.

Zinokupheliswa njani ezi ntsilelo?Ukuba iingxaki ze-PKI kwimeko yayo yangoku zinokuchazwa ngokufakwa kwindawo enye, ngoko kunengqiqo ukucinga ukuba ukuhanjiswa kwamagunya kuya kunceda ukuphelisa iintsilelo ezichongiweyo.

Ukwabela amagunya akuthethi ubukho bamaziko athembekileyo - ukuba uyadala iziseko ezingundoqo zoluntu ezinatyisiweyo (IziSeko ezinguNdoqo zoLuntu ezinatyisiweyo, DPKI), ke akukho CA okanye CR ezifunekayo. Masiyilahle ingqiqo yesatifikethi sedijithali kwaye sisebenzise irejistri esasaziweyo ukugcina ulwazi malunga nezitshixo zoluntu. Kwimeko yethu, sibiza irejista i-database yomgca equkethe iirekhodi zomntu ngamnye (iibhloko) ezidityaniswe kusetyenziswa iteknoloji ye-blockchain. Esikhundleni sesatifikethi sedijithali, siya kwazisa ingcamango "yesaziso".

Indlela inkqubo yokufumana, yokuqinisekisa kunye nokurhoxiswa kwezaziso iya kujongeka njani kwiDPKI ecetywayo:

1. Umfaki-sicelo ngamnye ufaka isicelo sesaziso ngokuzimeleyo ngokuzalisa ifom ngexesha lokubhalisa, emva koko wenza i-transaction egcinwe kwi-pool ekhethekileyo.

2. Ulwazi malunga nesitshixo sikawonkewonke, kunye neenkcukacha zomnini kunye nezinye i-metadata, zigcinwe kwirejista esasazwayo, kwaye kungekhona kwisatifikethi sedijithali, ukukhutshwa kwayo kwi-PCI ephakathi i-CA inoxanduva.

3. Ukuqinisekiswa kobunyani bomfaki-sicelo wenziwa emva kwenyani ngemigudu edibeneyo yoluntu lwabasebenzisi be-DPKI, kwaye kungekhona nge-CR.

4. Ngumnini weso saziso kuphela onokutshintsha isimo sesitshixo sikawonke-wonke.

5. Nabani na unokufikelela kwileja esasaziweyo kwaye ajonge imeko yangoku yesitshixo sikawonke-wonke.

Qaphela: Isiqinisekiso soluntu sesazisi somenzi-sicelo sinokubonakala singathembekanga kwasekuqaleni. Kodwa kufuneka sikhumbule ukuba namhlanje bonke abasebenzisi beenkonzo zedijithali bashiya i-digital footprint, kwaye le nkqubo iya kuqhubeka ifumana amandla. Vula iirejista ze-elektroniki zamaqumrhu asemthethweni, iimephu, idijithali yemifanekiso yomhlaba, iinethiwekhi zentlalo - zonke ezi zizixhobo ezikhoyo esidlangalaleni. Sele zisetyenziswe ngempumelelo ngexesha lophando ngazo zombini iintatheli kunye nee-arhente zogcino-mthetho. Ngokomzekelo, kwanele ukukhumbula uphando lweBellingcat okanye iqela lophando elihlangeneyo i-JIT, efunda iimeko zokuphahlazeka kwe-Malaysian Boeing.

Ke ingasebenza njani isiseko soluntu esingundoqo esinatyisiweyo? Makhe sihlale kwinkcazo yeteknoloji ngokwayo, thina inelungelo elilodwa lomenzi ngo-2018 kwaye ngokufanelekileyo siyigqala njengokwazi kwethu.

Khawucinge ukuba kukho umninimzi ophethe izitshixo ezininzi zikawonke-wonke, apho isitshixo ngasinye siyintengiselwano ethile egcinwe kwirejista. Xa ingekho i-CA, unokuqonda njani ukuba zonke izitshixo zezalo mnikazi? Ukuxazulula le ngxaki, ukuthengiselana kwe-zero kwenziwa, equlethe ulwazi malunga nomnini kunye nesikhwama sakhe (apho ikhomishini yokubeka ukuthengiselana kwirejistri ikhutshwe). I-null transaction luhlobo "lwe-anchor" apho le ntengiselwano ilandelayo kunye nedatha malunga nezitshixo zikawonkewonke ziya kuqhotyoshelwa. Intengiselwano nganye enjalo iqulethe ulwakhiwo lwedatha ekhethekileyo, okanye ngamanye amagama, isaziso.

Isaziso yiseti ecwangcisiweyo yedatha ebandakanya imimandla esebenzayo kwaye ibandakanya ulwazi malunga nesitshixo sikawonkewonke somnini, ukuphikelela okuqinisekisiwe ngokubekwa kwenye yeerekhodi ezihambelanayo zobhaliso olusasazwayo.

Umbuzo olandelayo onengqondo ngowokuba yenziwa njani intengiselwano enguziro? I-null transaction-njengezo zilandelayo-yi-aggregation yemimandla yedatha emithandathu. Ngethuba lokuqulunqwa kwe-zero transaction, i-key pair of wallet ibandakanyeka (izitshixo eziyimfihlo zikawonkewonke kunye nezidibeneyo). Esi sibini sezitshixo sibonakala ngeli xesha xa umsebenzisi ebhalisa isikhwama sakhe, apho ikhomishini yokubeka i-zero transaction kwi-registry kwaye, emva koko, imisebenzi enezaziso iya kutsalwa.

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Njengoko kubonisiwe kumzobo, i-wallet ye-key digest yoluntu iveliswa ngokusetyenziswa ngokulandelelana kwe-SHA256 kunye ne-RIPEMD160 imisebenzi ye-hash. Apha i-RIPEMD160 inoxanduva lokubonakaliswa kwe-compact yedatha, ububanzi bayo abudluli kwiibhithi ze-160. Oku kubalulekile kuba irejistri ayisiyosiseko sedatha esitshiphu. Isitshixo sikawonke-wonke ngokwaso singeniswa kwintsimi yesihlanu. Indawo yokuqala iqulethe idatha emisela uxhulumaniso kwintengiselwano yangaphambili. Kwintengiselwano ye-zero, le ntsimi ayinanto, eyahlula kwiintengiselwano ezilandelayo. Intsimi yesibini yidatha yokujonga uxhulumaniso lweentengiselwano. Ngokufutshane, siya kubiza idatha kwintsimi yokuqala neyesibini "ikhonkco" kunye "nokukhangela", ngokulandelanayo. Imixholo yale mimandla iveliswa yi-hashing ephindaphindwayo, njengoko kubonisiwe ngokudibanisa utshintshiselwano lwesibini nolwesithathu kumzobo ongezantsi.

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Idatha evela kwimimandla emihlanu yokuqala iqinisekiswa ngesiginesha ye-elektroniki, eyenziwa ngokusebenzisa isitshixo esiyimfihlo se-wallet.

Yiyo loo nto, i-null transaction ithunyelwa echibini kwaye emva kokuqinisekiswa okuyimpumelelo kufakwe kwirejista. Ngoku unako "ukudibanisa" intengiselwano elandelayo kuyo. Makhe siqwalasele ukuba kwenziwa njani iintengiselwano ngaphandle kuka-zero.

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Into yokuqala enokuthi ibambe iliso lakho bubuninzi bezibini eziphambili. Ukongeza kwisitshixo sesitshixo se-wallet esiqhelekileyo, izibini eziqhelekileyo kunye nezitshixo zenkonzo zisetyenziswa.

Isitshixo esiqhelekileyo sikawonke-wonke yinto eyaqalwa ngayo yonke into. Esi sitshixo sibandakanyeka kwiinkqubo ezahlukeneyo kunye neenkqubo eziqhubekayo kwihlabathi langaphandle (ibhanki kunye nezinye iintengiselwano, ukuhamba kwamaxwebhu, njl.). Umzekelo, isitshixo esiyimfihlo esivela kwisibini esiqhelekileyo singasetyenziselwa ukuvelisa iisignesha zedijithali kumaxwebhu ahlukeneyo - imiyalelo yentlawulo, njl. njl., kunye nesitshixo sikawonke-wonke singasetyenziselwa ukungqinisisa lo tyikityo lwedijithali kunye nokuphunyezwa okulandelayo kwale miyalelo, ngaphandle kokuba iyasebenza.

Isibini senkonzo sikhutshwe kwisifundo seDPKI esibhalisiweyo. Igama lesi sibini sihambelana nenjongo yaso. Qaphela ukuba xa usenza/ujonga itransekshini enguziro, amaqhosha enkonzo awasetyenziswa.

Masicacise injongo yezitshixo kwakhona:

  1. Izitshixo zewalethi zisetyenziselwa ukuvelisa/ukuqinisekisa zombini intengiselwano eyi-null kunye nayo nayiphi na enye intengiselwano engeyo-null. Isitshixo sangasese se-wallet saziwa kuphela kumnini we-wallet, ongumnikazi wezitshixo ezininzi eziqhelekileyo eziqhelekileyo.
  2. Isitshixo sikawonke-wonke esiqhelekileyo siyafana nenjongo kwisitshixo sikawonke-wonke apho isatifikethi sikhutshwa kwi-PKI esembindini.
  3. Iperi yenkonzo yesitshixo yeye-DPKI. Isitshixo esiyimfihlo sinikezelwa kumaziko abhalisiweyo kwaye sisetyenziswa xa kusenziwa iisignesha zedijithali ukwenzela iitransekshini (ngaphandle kweentengiselwano zero). Uluntu lusetyenziselwa ukungqinisisa isiginitsha yedijithali yetransekshini phambi kokuba ithunyelwe kubhaliso.

Ngaloo ndlela, kukho amaqela amabini amaqhosha. Eyokuqala ibandakanya izitshixo zenkonzo kunye nezitshixo ze-wallet - zinengqiqo kuphela kumxholo we-DPKI. Iqela lesibini libandakanya izitshixo eziqhelekileyo - ububanzi bawo bunokwahluka kwaye bunqunywe yimisebenzi yesicelo apho isetyenziswe khona. Ngelo xesha, i-DPKI iqinisekisa ukunyaniseka kunye nokunyaniseka kwezitshixo eziqhelekileyo zoluntu.

Qaphela: Isibini sesitshixo senkonzo sisenokwaziwa ngamaqumrhu awohlukeneyo e-DPKI. Ngokomzekelo, inokuba yinto efanayo kumntu wonke. Kungenxa yesi sizathu ukuba xa uvelisa utyikityo lwentengiselwano nganye engekho zero, kusetyenziswa izitshixo ezimbini eziyimfihlo, enye yazo isitshixo se-wallet - iyaziwa kuphela kumnini we-wallet, ongumnikazi wezinto ezininzi eziqhelekileyo. izitshixo zikawonke-wonke. Zonke izitshixo zinentsingiselo yazo. Ngokomzekelo, kuhlale kunokwenzeka ukubonisa ukuba ukuthengiselana kwangenwa kwirejistri ngesifundo esibhalisiweyo se-DPKI, ekubeni isignesha nayo yaveliswa kwisitshixo senkonzo eyimfihlo. Kwaye akunakubakho kusetyenziswa kakubi, njengokuhlaselwa kwe-DOS, kuba umnini uhlawula intengiselwano nganye.

Zonke iintengiselwano ezilandela i-zero enye zenziwe ngendlela efanayo: isitshixo sikawonke-wonke (kungekhona i-wallet, njengokuba kwimeko ye-zero transaction, kodwa ukusuka kwisibini esibalulekileyo esiqhelekileyo) siqhutywa ngemisebenzi emibini ye-hash SHA256 kunye ne-RIPEMD160. Yile ndlela idatha yecandelo lesithathu lenziwe ngayo. Intsimi yesine iqulethe ulwazi olukhaphayo (umzekelo, ulwazi malunga nesimo samanje, imihla yokuphelelwa yisikhathi, i-timestamp, i-identifiers ye-crypto-algorithms esetyenziswayo, njl.). Intsimi yesihlanu iqulethe isitshixo sikawonke-wonke esivela kwisitshixo senkonzo. Ngoncedo lwayo, isiginitsha yedijithali iya kujongwa emva koko, ngoko iya kuphinda iphindwe. Masiyithethelele imfuneko yenkqubo enjalo.

Khumbula ukuba intengiselwano ifakwa echibini kwaye igcinwe apho de iqhutywe. Ukugcina echibini kuhambelana nomngcipheko othile - idatha yentengiselwano inokuthi ixoke. Umnini uqinisekisa idatha yentengiselwano ngomsayino wedijithali wedijithali. Isitshixo sikawonke-wonke sokuqinisekisa le siginitsha yedijithali ibonakaliswe ngokucacileyo kwelinye leenkalo zentengiselwano kwaye emva koko ifakwe kwirejista. Izinto ezikhethekileyo zokusetyenzwa kwentengiselwano zezokuba umhlaseli akwazi ukutshintsha idatha ngokubona kwakhe aze ayiqinisekise esebenzisa isitshixo sakhe esiyimfihlo, kwaye abonise isitshixo esidityanisiweyo sikawonke-wonke sokuqinisekisa utyikityo lwedijithali kwintengiselwano. Ukuba ubunyani kunye nemfezeko ziqinisekiswa ngokukodwa ngokusayinwa kwedijithali, loo nkohliso ayisayi kubonwa. Nangona kunjalo, ukuba, ukongeza kwisiginitsha yedijithali, kukho indlela eyongezelelweyo eqinisekisa ukugcinwa kogcino kunye nokuqhubeka kolwazi olugciniweyo, ngoko ukukhohlisa kunokubonwa. Ukwenza oku, kwanele ukufaka isitshixo sikawonke-wonke sangempela somnini kwirejista. Makhe sichaze ukuba kusebenza njani oku.

Vumela umhlaseli enze idatha yentengiselwano. Ngokwembono yezitshixo kunye notyikityo lwedijithali, olu khetho lulandelayo lunokwenzeka:

1. Umhlaseli ubeka isitshixo sakhe sikawonkewonke kwintengiselwano ngelixa utyikityo lwedijithali lomnini luhlala lungatshintshi.
2. Umhlaseli udala isignesha yedijithali kwisitshixo sakhe sangasese, kodwa ushiya isitshixo sikawonkewonke somnini singatshintshi.
3. Umhlaseli udala isignesha yedijithali kwisitshixo sakhe sangasese kwaye ubeke isitshixo sikawonke-wonke esidityanisiweyo kwintengiselwano.

Ngokucacileyo, iinketho ze-1 kunye ne-2 azinantsingiselo, kuba ziya kuhlala zibhaqwa ngexesha lokuqinisekisa utyikityo lwedijithali. Kuphela ukhetho lwe-3 lunengqiqo, kwaye ukuba umhlaseli wenza isignesha yedijithali kwisitshixo sakhe esiyimfihlo, ngoko unyanzelekile ukuba agcine isitshixo sikawonkewonke esidibeneyo kwintengiselwano, eyahlukileyo kwisitshixo sikawonkewonke somnini. Le kuphela kwendlela yokuba umhlaseli anyanzelise idatha engeyonyani.

Makhe sicinge ukuba umniniyo unesitshixo esisisigxina - sabucala kunye noluntu. Vumela idatha iqinisekiswe ngesiginitsha yedijithali usebenzisa isitshixo esiyimfihlo esivela kwesi sibini, kwaye isitshixo sikawonke-wonke sibonakaliswe kwintengiselwano. Masicinge kwakhona ukuba esi sitshixo sikawonke-wonke siye sangeniswa kwirejista kwaye ukunyaniseka kwaso kuye kwaqinisekiswa ngokuthembekileyo. Emva koko i-forgery iya kuboniswa yinyaniso yokuba isitshixo sikawonke-wonke esivela kwi-transaction asihambelani nesitshixo sikawonke-wonke esivela kwirejista.

Shwa nkathela. Xa kusetyenzwa idatha yokuqala yentengiselwano yomnini, kuyafuneka ukuba kuqinisekiswe ubunyani beqhosha likawonke-wonke elingeniswayo kubhaliso. Ukwenza oku, funda isitshixo esisuka kwirejista kwaye usithelekise nesitshixo sikawonke-wonke somnini ngaphakathi komda wokhuseleko (indawo yokungachaphazeleki kwesihlobo). Ukuba ukunyaniseka kwesitshixo kuqinisekisiwe kwaye ukunyamezela kwayo kuqinisekisiwe ekubekweni, ngoko ukunyaniseka kwesitshixo ukusuka kwintengiselwano elandelayo kunokuqinisekiswa ngokulula / ukuphikiswa ngokuthelekisa kunye nesitshixo esivela kwirejista. Ngamanye amazwi, isitshixo esisuka kwirejistri sisetyenziswa njengesampulu yereferensi. Zonke ezinye iitransekshini zomnini zisetyenzwa ngokufanayo.

Intengiselwano iqinisekiswa ngesiginesha yedijithali yedijithali - oku kulapho izitshixo eziyimfihlo zifunekayo, kwaye kungekhona enye, kodwa ezimbini ngexesha elinye - isitshixo senkonzo kunye nesitshixo se-wallet. Ngombulelo wokusetyenziswa kwezitshixo ezimbini eziyimfihlo, umgangatho oyimfuneko wokhuseleko uqinisekisiwe - emva koko, isitshixo semfihlo senkonzo siyakwazi ukwaziwa kwabanye abasebenzisi, ngelixa iqhosha eliyimfihlo lesikhwama liyaziwa kuphela kumnini wesibini esitshixo esiqhelekileyo. Sayibiza loo tyikityo yezitshixo ezimbini ngokuba β€œngumsayino odityanisiweyo” wedijithali.

Ukuqinisekiswa kweentengiselwano ezingekho-null kwenziwa ngokusebenzisa izitshixo ezimbini zoluntu: i-wallet kunye neqhosha lenkonzo. Inkqubo yokuqinisekisa inokwahlulwa ibe zizigaba ezibini eziphambili: eyokuqala ijonga ukugaywa kwesitshixo sikawonke-wonke se-wallet, kwaye eyesibini ijonga isiginitsha yedijithali ye-elektroniki yentengiselwano, enye edityanisiweyo efanayo eyayenziwe kusetyenziswa izitshixo ezimbini eziyimfihlo ( isipaji kunye nenkonzo). Ukuba ukuqinisekiswa kwesignesha yedijithali kuqinisekisiwe, ngoko emva kokuqinisekiswa okongeziweyo ukuthengiselana kungeniswa kwirejista.

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Umbuzo onengqiqo unokuvela: njani ukujonga ukuba ukuthengiselana kungokwekhonkco elithile kunye "nengcambu" ngendlela ye-zero transaction? Ngenxa yale njongo, inkqubo yokuqinisekisa yongezwa ngenqanaba elinye ngaphezulu - ukujonga uqhagamshelwano. Apha kulapho siya kuyidinga khona idatha esuka kwiinkalo ezimbini zokuqala, esingazange sizihoye ngoku.

Makhe sicinge ukuba kufuneka sijonge ukuba i-transaction No. 3 ngokwenene iza emva kwentengiselwano No. Ukwenza oku, usebenzisa indlela ye-hashing edibeneyo, ixabiso lomsebenzi we-hash libalwe kwidatha ukusuka kwindawo yesithathu, yesine neyesihlanu ye-transaction No. Emva koko i-concatenation yedatha evela kwintsimi yokuqala ye-transaction No. 2 kunye nexabiso le-hash elifunyenwe ngaphambili elidityanisiweyo ledatha evela kwintsimi yesithathu, yesine neyesihlanu ye-transaction No. 2. Konke oku kuqhutywa ngemisebenzi emibini yeehashi SHA3 kunye ne-RIPEMD2. Ukuba ixabiso elifunyenweyo lihambelana nedatha kwintsimi yesibini yokuthengiselana No. Oku kuboniswa ngokucacileyo kula manani angezantsi.

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain
I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Ngokubanzi, iteknoloji yokuvelisa kunye nokufaka isaziso kwirejista ibonakala ngokufana nale. Umzekeliso obonakalayo wenkqubo yokwenza uthotho lwezaziso uboniswe kulo mfanekiso ulandelayo:

I-DPKI: ukuphelisa ukusilela kwe-PKI ephakathi usebenzisa i-blockchain

Kulo mbhalo, asizukuhlala kwiinkcukacha, ngokungathandabuzekiyo ezikhoyo, kwaye sibuyele ekuxoxeni kanye ngembono yesiseko esingundoqo soluntu.

Ngoko ke, ekubeni umenzi-sicelo ngokwakhe efaka isicelo sokubhaliswa kwezaziso, ezingagcinwanga kwi-database ye-CA, kodwa kwirejista, amacandelo aphambili oyilo lwe-DPKI kufuneka athathelwe ingqalelo:

1. Irejista yezaziso ezisebenzayo (RDN).
2. Irejista yezaziso ezirhoxisiweyo (RON).
3. Irejista yezaziso ezimisiweyo (RPN).

Ulwazi malunga nezitshixo zikawonke-wonke zigcinwe kwi-RDN/RON/RPN ngokohlobo lwamaxabiso omsebenzi we-hash. Kwakhona kubalulekile ukuqaphela ukuba ezi zinokuba ziirejista ezahlukeneyo, okanye amatyathanga ahlukeneyo, okanye ikhonkco elinye njengenxalenye yobhaliso olunye, xa ulwazi malunga nobume besitshixo esiqhelekileyo sikawonke-wonke (ukurhoxiswa, ukunqunyanyiswa, njl. njl.) Intsimi yesine yesakhiwo sedatha ngendlela yexabiso lekhowudi ehambelanayo. Kukho iinketho ezininzi ezahlukeneyo zokuphunyezwa koyilo lwe-DPKI, kwaye ukhetho lwesinye okanye olunye luxhomekeke kwizinto ezininzi, umzekelo, iindlela ezinjalo zokuphucula njengeendleko zememori yexesha elide yokugcina izitshixo zoluntu, njl.

Ke, i-DPKI inokujika ibe, ukuba ayilulanga, ngoko ke ithelekiswe nesisombululo esisembindini ngokwemiqathango yobunzima bokwakha.

Umbuzo ophambili usahleli - Yeyiphi irejista efanelekileyo yokuphumeza iteknoloji?

Imfuno ephambili yobhaliso kukukwazi ukuvelisa ukuthengiselana naluphi na uhlobo. Owona mzekelo udumileyo weleja yinethiwekhi yeBitcoin. Kodwa xa kuphunyezwa itekhnoloji echazwe ngasentla, kuvela ubunzima obuthile: imida yolwimi olukhoyo lokubhala, ukungabikho kweendlela eziyimfuneko zokuseta iiseti zedatha, iindlela zokwenza ukuthengiselana kohlobo oluthile, kunye nokunye okuninzi.

Thina kwi-ENCRY sizame ukusombulula iingxaki eziqulunqwe ngasentla kwaye saphuhlisa irejistri, leyo, ngokoluvo lwethu, ineengenelo ezininzi, ezizezi:

  • ixhasa iintlobo ezininzi zentengiselwano: inokutshintshiselana zombini ii-asethi (oko kukuthi, ukwenza utshintshiselwano lwezemali) kunye nokudala ukuthengiselana ngesakhiwo esingenasizathu,
  • abaphuhlisi banokufikelela kulwimi lwenkqubo yePrismLang, ebonelela ngokuguquguquka okuyimfuneko xa kusonjululwa iingxaki ezahlukeneyo zobuchwepheshe,
  • Kunikiwe isixhobo sokuseta iiseti zedatha ezingafanelekanga.

Ukuba sithatha indlela elula, ke ulandelelwano lwezenzo lulandelayo lwenzeka:

  1. Umfaki-sicelo ubhalisa kunye ne-DPKI kwaye ufumana i-wallet yedijithali. Idilesi yesipaji lixabiso le-hash yesitshixo sikawonke-wonke sesipaji. Isitshixo sangasese se-wallet saziwa kuphela kumfaki-sicelo.
  2. Isihloko esibhalisiweyo sinikwe ukufikelela kwiqhosha lenkonzo eliyimfihlo.
  3. Isihloko sivelisa i-zero transaction kwaye siqinisekisa ngesignesha yedijithali usebenzisa isitshixo esiyimfihlo se-wallet.
  4. Ukuba intengiselwano ngaphandle kwe-zero yenziwe, iqinisekiswa ngumsayino wedijithali wedijithali usebenzisa izitshixo ezimbini eziyimfihlo: i-wallet kunye nenkonzo enye.
  5. Isihloko singenisa intengiselwano echibini.
  6. I-node yenethiwekhi ye-ENCRY ifunda ukuthengiselana kwi-pool kwaye ihlola isignesha yedijithali, kunye nokudibanisa kwentengiselwano.
  7. Ukuba isignesha yedijithali ivumelekile kwaye uxhulumaniso luqinisekisiwe, ngoko lulungiselela ukuthengiselana ngokungena kwirejista.

Apha irejistri isebenza njengesiseko sedatha esisasazwayo esigcina ulwazi malunga nezaziso ezisebenzayo, ezicinyiweyo nezimisiweyo.

Kakade ke, ukunatyiswa amagunya akulonyango. Ingxaki engundoqo yokuqinisekiswa komsebenzisi oyintloko ayipheli naphi na: ukuba okwangoku ukuqinisekiswa komfaki-sicelo kuqhutyelwa yi-CR, ngoko kwi-DPKI kucetywayo ukunikezela ukuqinisekiswa kumalungu oluntu, kwaye kusetyenziswe ukukhuthaza imali ukuvuselela umsebenzi. Itekhnoloji yokuqinisekisa umthombo ovulekileyo iyaziwa. Ukusebenza kokuqinisekiswa okunjalo kuye kwaqinisekiswa ekusebenzeni. Masikhumbule kwakhona inani lophando olukwinqanaba eliphezulu olwenziwe lushicilelo lwe-intanethi iBellingcat.

Kodwa ngokubanzi, lo mfanekiso ulandelayo uvela: I-DPKI yithuba lokulungisa, ukuba akunjalo, ngoko ezininzi iintsilelo ze-PCI ephakathi.

Bhalisa kwiHabrablog yethu, siceba ukuqhubeka nokugubungela uphando lwethu kunye nophuhliso, kwaye silandele Twitter, ukuba awufuni ukuphosakela ezinye iindaba malunga neeprojekthi ze-ENCRY.

umthombo: www.habr.com

Yongeza izimvo