Efficient Multi-Layer Credential Revocation Scheme for 6G Using Dynamic RSA Accumulators and Blockchain

Abstract

As a new generation of mobile communication networks, 6G security faces many new security challenges. Vehicle to Everything (V2X) will be an important part of 6G. In V2X, connected and automated vehicles (CAVs) need to frequently share data with other vehicles and infrastructures. Therefore, identity revocation technology in the authentication is an important way to secure CAVs and other 6G scenario applications. This paper proposes an efficient credential revocation scheme with a four-layer architecture. First, a rapid pre-filtration layer is constructed based on the cuckoo filter, responsible for the initial screening of credentials. Secondly, a directed routing layer and the precision judgement layer are designed based on the consistency hash and the dynamic RSA accumulator. By proposing the dynamic expansion of the RSA accumulator and load-balancing algorithm, a smaller and more stable revocation delay can be achieved when many users and terminal devices access 6G. Finally, a trusted storage layer is built based on the blockchain, and the key revocation parameters are uploaded to the blockchain to achieve a tamper-proof revocation mechanism and trusted data traceability. Based on this architecture, this paper also proposes a detailed identity credential revocation and verification process. Compared to existing solutions, this paper’s solution has a combined average improvement of 59.14% in the performance of the latency of the cancellation of the inspection, and the system has excellent load balancing, with a standard deviation of only 11.62, and the maximum deviation is controlled within the range of ±4%.

1. Introduction

With the release of the 6G standard schedule, the research and development of 6G has entered a critical period. 6G networks will incorporate multiple heterogeneous networks, typified by Vehicle to Everything (V2X) [1]. In recent years, there has been an influx of new research in the V2X research direction regarding better control of intelligent vehicles. The authors in [2] propose a novel predictive battery thermal and energy management (p-BTEM) strategy for connected and automated electric vehicles. The study effectively reduces energy consumption in dynamic traffic scenarios by integrating forward-looking constant and time-varying factors, such as vehicle, road, and traffic information, through a cloud-based predictive control framework. The authors in [3] focus on the dynamic characteristics of the V2X environment, which pose significant challenges to ensuring the robustness of intrusion detection systems (IDS). This study examines the adversarial robustness of machine learning-based IDS, analyzes AI-based evasion techniques, data poisoning threats, and challenges in detecting abnormal behavior. The authors in [4] focus on the electromagnetic interference (EMI) effects in V2X and study a harmonic suppression multi-input multi-output (MIMO) antenna, which is expected to help alleviate EMI in congested areas with dense IoT devices. As can be seen, there are currently many research directions for V2X. However, research on identity revocation in 6G V2X scenarios is still relatively lacking.

As an important part of network authentication, identity revocation has a key role in authentication in 6G [5]. Firstly, it is reflected in the aspect of security: identity revocation is an essential line of defense to ensure network security when the user’s identity information is stolen or there are other security risks. Timely identity revocation can prevent illegal users from continuing to use the identity to access the resources in 6G, and to protect the security of 6G and data [6]. Secondly, the criticality of identity revocation is also reflected in privilege management [7]. Identity authentication is usually closely related to privilege management, and identity revocation can accurately control the user’s access to 6G resources [8]. When users and end devices no longer need certain privileges or are no longer qualified to access specific resources in 6G, their corresponding privileges can be canceled immediately through identity revocation [9].

The contributions of this paper are as follows:

• Firstly, we discuss a reasonable identity revocation state update mechanism in 6G scenarios and analyze the defects of a single RSA accumulator scheme. Subsequently, based on the analysis results, we propose an identity credential revocation and revocation checking scheme in 6G scenarios. The architecture of this scheme consists of four layers: a rapid pre-filtration layer, a directed routing layer, a precision judgement layer, and a trustworthy storage layer.
• Secondly, we elaborate, in detail, on the core responsibilities and implementation scheme of each layer in the four-layer architecture. In the first rapid pre-filtration layer, we adopt the cuckoo filter technology, which takes the credentials as the elements in the cuckoo filter and can achieve rapid judgment regarding whether a credential has not completed revocation, which cuts down a part of the revocation checking request and effectively reduces the pressure on the system. In the second and third layers of the directed routing layer and precision judgment layer, we propose a dynamic expansion and load-balancing algorithm based on the consistency hash and RSA accumulator, which dynamically adds or deletes the RSA accumulator according to the actual number of revocation credentials, which can achieve smaller and more stable revocation checking delay. In the fourth trusted storage layer, we adopt blockchain technology as the trusted storage medium for the revocation of important parameters in 6G scenarios to achieve a tamper-proof revocation mechanism and trusted data traceability.
• Finally, based on the above-proposed scheme, we further propose the Identity Credential Revocation and Verification Process, which divides credential revocation into active credential revocation and passive credential revocation, and propose corresponding revocation processes for different mechanisms.

This paper is organized as follows: In the Review of Related Work section, we review the development history of identity revocation techniques, list representative kinds of studies at various stages, and focus on analyzing the feasibility of combining cryptographic accumulator-based identity revocation techniques with blockchain technology. In the BCMRA Scheme Architecture section, we propose a four-layer architecture scheme for credential revocation and revocation checking. In the BCMRA Scheme-Specific Implementation section, we detail the specific implementation of the BCMRA program based on this scheme. In Identity Credential Revocation and Verification Process Based on the BCMRA Scheme section, we propose a specific process for credential revocation and a specific process for checking whether it has been revoked in 6G scenarios. In the Experimental Results section, we simulate and test the load-balancing effect, checking the latency of the schemes and analyzing their advantages. Finally, in the Conclusion, we briefly summarize this paper’s findings.

2. Review of Related Work

The authors in [10] classified identity revocation methods based on the state of use of identity revocation (online or offline), type of revocation list (blacklist or whitelist), and type of evidence (direct or indirect evidence). The authors in [11] classified identity revocation methods into four main types: list-based, tree-based, Online Certificate Status Protocol (OCSP)-based, and cryptographic accumulator-based. The research related to these four types of identity revocation is presented below in turn.

Certificate Revocation List (CRL) is a list-based verification system introduced by the Telecommunication Standardization Sector of the International Telecommunication Union (ITU-T) in 1988. Certificate Authorities (CAs) verify the revocation status of a certificate by constructing a CRL signature data structure for the client [12]. Revoked certificates are identified using a sequence number in the CRL. The CRL is updated periodically by the CAs. The main drawbacks of this identity revocation method are high system communication overhead and low system availability, and the size of the CRL increases gradually over time. To reduce the amount of data necessary to be transmitted in successive CRL queries. The authors in [13] proposed a sliding-window delta-CRL based approach, where the authenticator receives only the most recent changes in the data, reducing the system communication overhead.

Tree-based identity revocation methods use a sorted tree structure to store revoked identity credentials. CAs and Verification Authorities (VAs) speed up the process of querying for revoked identity credentials by using this tree structure [14]. The authors in [15] proposed a distributed key revocation scheme based on a shared binary tree-based distributed key revocation scheme, which solves the problem of key revocation and updating in an open environment with the help of decentralized management of binary trees; however, the average query time shows a gradual increase with the number of nodes, and the increase is more significant. The authors in [16] proposed a partition-based hash tree structure to improve the search of revoked ID books; this research proposal has high query latency in large-scale revocation of ID books.

OCSP is a certificate revocation system in which a user sends a request to a responder to obtain the revocation status of the current certificate. The responder checks the status of the target certificate from a revocation list it maintains, and then returns the status to the requested user [17]. The OCSP system, in which the user must be connected to the Internet to validate the revocation status, has a high latency, which comes from the response time the responder’s server spends on transmitting the revocation status to the requesting user.

Compared to the above three identity revocation methods, the advantages of the encrypted accumulator-based identity revocation scheme are significant. It can not only efficiently process identity revocation transactions while keeping the overhead at a low level, but also protect the identity revocation data by encryption, effectively avoiding the risk of privacy leakage, which fundamentally enhances the security of the authentication system. The authors in [18] proposed an accumulator based on the RSA (Rivest–Shamir–Adleman) algorithm for anonymous revocation of identity certificates. The authors in [19] argued that, in the cryptographic accumulator-based identity revocation scheme, the user’s proof-of-membership or proof-of-non-membership could not undermine the system’s anonymity, and that an RSA-based anonymous authentication system designed a new zero-knowledge non-membership protocol and proved the security of the protocol.

Blockchain technology, with its unique advantages, opens up a new way to achieve the distributed characteristics and high availability of identity revocation. In this context, many researchers have focused on exploring the in-depth integration of blockchain technology and identity revocation mechanisms, expecting to bring innovation and change in the field of identity management with the help of blockchain’s technological features. The authors in [20] proposed a system that uses blockchain to publish CA-signed certificates and revocation information, an asymmetric cryptographic accumulator-based system is proposed for identity revocation. Reference [11] proposes an ID certificate revocation scheme based on asymmetric cryptographic accumulators, which distributes cryptographic accumulators via blockchain. The research is still in progress, and the corresponding test simulation data has not been published yet. The authors in [21] propose a blockchain-based certificate revocation management and status verification system, which describes the node to which the certificate revocation belongs and the Bloom filter information through the extended fields of the X.509 certificate structure. The query revocation process of this research scheme is cumbersome, and the required query latency increases as the number of revoked certificates increases. The authors in [22] propose an ID certificate revocation scheme based on federated blockchain and chameleon hash, which constructs an editable blockchain through chameleon hash and achieves identity revocation by deleting ID certificates, which replaces the original append revocation scheme. The original append revocation scheme. Although this research scheme has better performance in terms of revocation retrieval delay and storage space-saving, it brings problems such as impaired data integrity and tampering, untraceable history records, and difficulty in consistency maintenance.

The

Table 1. Comparative analysis of identity revocation methods.

Method	Offline	Anonymity	Distributed	Scalable	Low Latency
CRL [12]	✔	×	×	×	×
Tree-based [15]	✔	×	✔	×	×
OCSP [17]	×	×	✔	×	×
Crypto-Acc [20]	✔	✔	×	×	×
BCMRA	✔	✔	✔	✔	✔

compares related research in the field, where Offline indicates whether offline authentication is supported or not, Anonymity indicates whether privacy preservation is supported, i.e., the revoked data is transmitted in a non-plaintext manner, and Distributed indicates whether the scheme has distributed features to withstand a single point of failure. In summary, the blockchain-based cryptographic accumulator identity revocation scheme has the best performance in terms of query overhead and security. However, the existing related research has all proposed identity revocation schemes for single-structured networks without fully considering the compatibility and interoperability problems that may arise in 6G scenarios, which makes it difficult to maintain the consistency of the revocation information among the 6G and fails to adapt to 6G scenarios with large number of users accessing the 6G with high query overhead or 6G scenarios with massive numbers of users and terminal device access. Therefore, how to achieve a secure, efficient, and compatible identity revocation scheme in 6G scenarios is still valuable for further research.

3. BCMRA Scheme Architecture

Identity revocation is an important part of authentication in 6G. According to the research status study analysis in Section 2, it can be seen that the existing identity revocation research schemes do not fully take into account the compatibility and interoperability problems that may arise in 6G scenarios. Also, it is difficult to maintain the consistency of the identity revocation information between between different trust domains in 6G, and it cannot be adapted to the 6G scenarios with massive accesses in terms of the revocation and verification time delay. In this paper, we propose a credential revocation and verification scheme executed by a trust management committee to solve the compatibility and interoperability problems between different trust domains in 6G scenarios and to achieve lower and more stable revocation verification latency through a dynamic RSA multi-accumulator and load-balancing algorithm.

In this paper, the RSA accumulator is adopted as the minimum verification unit of credential revocation and verification scheme. In the initialization phase of a system, the RSA accumulator needs to generate initialization parameters on which operations such as adding elements, deleting elements, generating proofs of membership, and verifying membership depend. A $N=pq$ is randomly chosen as the modulus of the RSA accumulator, where p and q are large prime numbers. A base g mutually prime with N is chosen as the generating element, usually at random in the cyclic group of modulus N; initial cumulative value is $Ac{c}_0=g^{1}modN$.

Knowing that all members within the set of elements $X=\{x_1,x_2,\dots ,x_n\}$ have been added to the RSA accumulator, the latest cumulative value $Acc$ can be defined as follows:

$$Acc=g^{x_1{x}_2\cdots x_n}modN$$

(1)

Adding a new element $x_{n+1}$ to the above accumulator, the latest accumulated value $Ac{c}^{\prime }$ is updated as follows:

$$Ac{c}^{\prime }=Ac{c}^{x_{n+1}}modN$$

(2)

Further removing an element $x_i$ from the above accumulator, the latest accumulated value $Ac{c}^{″}$ is updated as follows:

$$Ac{c}^{″}={\left(Ac{c}^{\prime }\right)}^{x_i^{-1}}modN$$

(3)

where $x_i^{-1}$ is the multiplicative inverse of $x_i$ in mod $\varphi \left(N\right)$, and $\varphi \left(N\right)$ is the Euler function, denoted by $(p-1)(q-1)$.

For an element $x_i$ in a set, a membership proof $w_i$ can be generated to show that $x_i$ belongs to the set X. The formula for the membership proof $w_i$ is

$$w_i=g^{{\prod }_{j\ne i}{x}_j}modN.$$

(4)

After generating the proof of membership, check whether the equation $w_i^{x_i}\equiv Ac{c}^{″}modN$ holds, and if the equation holds, prove that $x_i$ belongs to the set X.

When verifying the existence of a member with the traditional RSA accumulator, the precondition to reach $O\left(1\right)$ time complexity is that the membership proof $w_i$ of an element $x_i$ is known [18]. When a member joins or exits the RSA accumulator, the proof of membership $w_i$ of an element $x_i$ needs to be updated to $w_i^{\prime }$, with a time complexity of $O\left(n\right)$, which is linearly related to the number of members in the accumulator [18]. When a member joins or exits the accumulator, the proofs of other members in the accumulator are triggered by the following two updates:

• Immediate update: When a member is added or removed from the RSA accumulator, the system immediately computes and generates new member proofs $w_i^{\prime }$ for the other members in the RSA accumulator, with a time complexity of $O\left(n^2\right)$. The time complexity of other member proofs is $O\left(1\right)$.
• Update on verification: when members are added or removed from the RSA accumulator, the system does not update the membership proofs of other members in real-time. When other members perform authentication operations, they need to check the revocation information, and the system updates the member’s proof $w_i^{\prime }$ separately under this moment, with a time complexity of $O\left(n\right)$.

The above two accumulator-member proof-updating methods have their own advantages and disadvantages, of which the immediate updating mechanism is more real-time, to ensure that all the member proofs in the system are always in the latest valid state. However, the accompanying cost is the exponential growth of time complexity, and the consumption of computational and time resources on the system is large. The real-time nature of the update mechanism during verification is relatively weak, the amount of computation for each update is linearly related to the number of members, and the overall resource consumption is relatively low.

In the 6G scenario, the number of users and terminal devices is huge, and the member proves that the update-on-verification mechanism is more suitable for the 6G scenario from the three perspectives of real-time demand, resource consumption, and network communication burden. Secondly, a single simple accumulator structure cannot satisfy fast credential revocation and revocation checking, and scheme improvement and optimization are needed.

Therefore, this section proposes a credential revocation and revocation checking scheme BCMRA (Blockchain, Cuckoo Filter, Multi-RSA Accumulator) based on blockchain, cuckoo filter, consistent hash routing technique, and RSA multi-accumulator, and the following describes in detail the BCMRA scheme architecture, the identity credential revocation scheme, and the revocation credential checking scheme.

The BCMRA scheme, as shown in Figure 1, is divided into a four-layer architecture according to different functions, with the fast pre-filtering layer, the directed routing layer, the precise judgement layer, and the trusted storage layer in descending order from the top layer. The four different layers are differentiated by different colours. To better understand the meaning of this architecture diagram, one can look at it from the top down, with the data to be withdrawn flowing from the top of the diagram into the first layer of the diagram, and in turn completing all the processes of the BCMRA scheme from top to bottom. The core responsibilities and key technologies of the four-layer architecture are described in detail below.

4. BCMRA Scheme-Specific Implementation

4.1. Rapid Pre-Filtration Layer Based on Cuckoo Filter

The fast pre-filtering layer uses a cuckoo filter to store the identifier $I{D}_{cred}$ of revoked user credentials and intercept authentication requests for unrevoked credentials. Since there are cases of false positives, the BCMRA scheme cannot determine that a user’s credentials have been revoked by the output of only one cuckoo filter. On the contrary, the cuckoo filter can quickly determine that the credentials of a certain user have not been revoked, and can effectively intercept the checking requests for unrevoked credentials.

4.2. Directed Routing Layer Based on Consistent Hashing

The directed routing layer is responsible for mapping the identifier $I{D}_{cred}$ of a revoked user credential to the corresponding RSA accumulator $Ac{c}_{id}$ number. The number of RSA accumulators in the BCMRA scheme changes dynamically according to the number of elements, so the mapping algorithm of the directed routing layer needs to reduce the number of elements that need to be re-mapped when the number of RSA accumulators changes, in addition, to satisfy the one-to-one relationship. The number of elements is to be mapped when the number of RSA accumulators changes. The simple modulo hash algorithm is expressed as $H\left(I{D}_{cred}\right)modk$, where k is the number of RSA accumulators when the number of RSA accumulators decreases or increases to $k^{\prime }$, and almost all RSA accumulator elements need to re-calculate hash values and migrate. The consistent hash algorithm maps individual RSA accumulators onto a virtual ring space so that when an RSA accumulator is added or removed, only the elements adjacent to it in the ring space need to be remapped. Therefore, the directional routing layer uses the consistent hash algorithm as a method for routing RSA accumulators. The flow of the RSA accumulator mapping mechanism based on a consistent hash algorithm is as follows:

• Define the hash space: The length of the hash value is 256 bits, and the corresponding hash space ranges from $[0, 2^{256}-1]$, forming a logical closed-loop space.
• Deploying virtual nodes: Each RSA accumulator corresponds to V virtual nodes $vnode$; the virtual node hash value $H_{vnode}$ is calculated as $H_{vnode}=H(Ac{c}_{id}+Replic{a}_{id})$, where $Replic{a}_{id}$ is the virtual node replica serial number, with a range of $[0, V-1]$.
• Build the hash ring: Sort the hash values $H_{vnode}$ of all virtual nodes to form a consistent hash ring; each virtual node corresponds to the interval $[H_{vnod{e}_i},H_{vnod{e}_{i+1}})$ on the ring, where $H_{vnod{e}_i}$ is the virtual node’s own hash value and $H_{vnod{e}_{i+1}}$ is the hash of the next virtual node after sorting.
• Locating a virtual node: Calculate the hash value $H_{cred}$ of the identifier $I{D}_{cred}$ of the credential to be revoked, get the position of $I{D}_{cred}$ in the consistency hash ring, and, from that position, start to look up along the consistency hash ring in the clockwise direction and find the first virtual node $vnod{e}_m$ where a hash value greater than $H_{cred}$. $vnod{e}_m$ is satisfied:

  $$vnod{e}_m=min\left\{vnod{e}_i\right|H_{vnod{e}_i}\ge H_{cred},i=0,1,\dots ,V-1\}$$

  (5)
• Mapping the RSA accumulator: Locate the virtual node $vnod{e}_m$; the physical node corresponding to this virtual node is the target RSA accumulator. The physical node, represented by an RSA accumulator, corresponds to multiple virtual nodes. By increasing the number of virtual nodes, the virtual nodes can be distributed more evenly over the consistency hash ring, thus allowing for the credential identifier $I{D}_{cred}$ to be revoked to be distributed more evenly across the RSA accumulators. However, the greater the number of virtual nodes, the greater the burden on the system, so the number of virtual nodes should be selected according to the actual situation.

4.3. Precision Judgment Layer Based on a Multiple-RSA Accumulator

The precision judgment layer is responsible for storing the identifier $I{D}_{cred}$ of the revoked user credentials and handling the authentication requests for the revoked user credentials. The core of the BCMRA scheme is the Multi-Accumulator Mechanism based on the Dynamic Scaling and Load-Balancing algorithms, which are described below in terms of the Multi-Accumulator Mechanism and the Dynamic Scaling and Load-Balancing, respectively.

The precision judgment layer contains a set of k RSA accumulators $\{Ac{c}_1,\dots ,Ac{c}_k\}$, initialized with uniform parameters $<p,q,N,g>$, with the same initial accumulation value $Ac{c}_0$, where p and q are large prime numbers, $N=pq$, and g is the generating element. The ith RSA accumulator contains a collection of elements $\{x_1^i,x_2^i,\dots ,x_{n_i}^i\}$ with number $n_i$, where each element corresponds to an identifier $I{D}_{cred}$ of a revoked user credential. The accumulated value $Ac{c}_i$ of the ith RSA accumulator is denoted as

$$Ac{c}_i=g^{x_1^i{x}_2^i\cdots x_{n_i}^i}modN$$

(6)

The BCMRA scheme proposed in this section adopts the mechanism of updating the proof of membership at the time of verification; when the RSA accumulator $Ac{c}_i$ changes due to the addition or deletion of an element, the element $x_j^i$ that still exists in the RSA accumulator $Ac{c}_i$ does not need to update the proof of membership $w_j^i$ immediately; instead, it will re-generate the newest proof of membership ${\left(w_j^i\right)}^{\prime }$ at the time of the application of verification:

$${\left(w_j^i\right)}^{\prime }=g^{{\prod }_{j\ne z}{x}_z^i}modN$$

(7)

The static RSA accumulator scheme has limitations: When the number of revoked users is still small, the number of elements in the RSA accumulator is small, and there may even be RSA accumulators in an idle state, resulting in a waste of space resources in the system. 6G scenarios have a notable feature that the upper limit of the number of accessed users is high, and when the number of revoked users reaches a large scale, the number of elements in the individual RSA accumulator is too large, and the number of elements in the single RSA accumulator is too high, and the number of users and terminal devices in the system is too large. When the number of revoked users reaches a large scale, the number of elements in a single RSA accumulator is too large, and it takes a lot of time to generate new membership certificates during the revocation checking. Therefore, the dynamic expansion and load-balancing algorithm is proposed to dynamically adjust the number of RSA accumulators and reduce the number of user revocation credentials that need to be transferred.

• Add a new RSA accumulator: As shown in Algorithm 1, when the number of revocation credentials stored in any one RSA accumulator exceeds the load maximum threshold $Loa{d}_{max}$, trigger the operation of adding a new RSA accumulator, add a new RSA accumulator with the same initialization parameters, generate the corresponding virtual node, and insert it into the consistency hash ring. Starting from the position of the added RSA accumulator on the hash ring, the next RSA accumulator is found in a clockwise direction, and the revocation credentials between these two RSA accumulators are migrated to the added RSA accumulator.
• Reduce RSA accumulators: As shown in Algorithm 1, when the number of revocation credentials stored in any of the RSA accumulators falls below the load minimum threshold $Loa{d}_{min}$, trigger a reduced RSA accumulator operation. Remove all virtual nodes of that RSA accumulator from the consistency hash ring; subsequently, find all credentials originally mapped to that RSA accumulator, recalculate the hash values of those credentials, and map them to the new RSA accumulator.

Algorithm 1 Dynamic Expansion and Load-Balancing

Require:  V, $RsaAccLoad=\{loa{d}_1,loa{d}_2,\dots ,loa{d}_k\}$, $Loa{d}_{max}$, $Loa{d}_{min}$ Ensure:  $RsaAc{c}^{\prime }=\{Ac{c}_1^{\prime },Ac{c}_2^{\prime },\dots ,Ac{c}_{k^{\prime }}^{\prime }\}$ 1: $statue\leftarrow$ “Good” 2: while$true$do 3:     for each $loadinRsaAccLoad$ do 4:         if $load>loa{d}_{max}$ then 5:            $statue\leftarrow$ “Add” 6:            $\mathbf{break}$ 7:         else if $load<loa{d}_{min}$ then 8:            $statue\leftarrow$ “Remove” 9:            $\mathbf{break}$ 10:       end if 11:   end for 12: end while 13: if $statue=$“Add” then 14:     $createVirtualNodes\left(newRsaAcc\right(),V)$ 15:     $RsaAc{c}^{\prime }\leftarrow rebalanceAfterAdd\left(newRsaAcc\right)$ 16: end if 17: if $statue=$“Remove” then 18:     $removeVirtualNodes\left(rsaAccToRemove\right(\left)\right)$ 19:     $RsaAc{c}^{\prime }\leftarrow rebalanceAfterRemove\left(rsaAccToRemove\left(\right)\right)$ 20: end if 21: $statue\leftarrow$ “Good” 22: $\mathbf{return}RsaAc{c}^{\prime }$

4.4. Trusted Storage Layer Based on Blockchain

The BCMRA scheme, as an important part of the authentication scheme, needs to satisfy 6G scheme interoperability with its output credential revocation parameters and results. Therefore, the trusted storage layer is responsible for storing the latest accumulated value $Ac{c}_i^{\prime }$ of each RSA accumulator in the precision judgment layer, and $Ac{c}_i^{\prime }$ is automatically uploaded by the authenticator in the trust domain in the form of transactions through smart contracts to the blockchain network maintained by the nodes in the trust domain. The authenticator can obtain the relevant parameters from the blockchain when performing the authentication and revocation of credential checking.

5. Identity Credential Revocation and Verification Process Based on BCMRA Scheme

5.1. Identity Credential Revocation Process

Identity credential revocation can be divided into two types, according to the different ways of triggering revocation:

• Active credential revocation: The user submits an application for identity credential revocation independently.
• Passive credential revocation: The user’s identity credentials expire or the user commits a malicious act resulting in a decrease in the integrated trust value, and the system detects that the user’s integrated trust value is lower than the minimum tolerance limit of the trust domain.

Take the example of user A in trust domain X actively applying for the revocation of credentials: the active revocation of credentials process is shown in Figure 2, and the specific steps are as follows:

• User A initiates an unsolicited revocation of credential request to an authenticator within the same trust domain containing the user’s identifier and the credential identifier $I{D}_{cred}$, encrypted by the authenticator’s public key.
• The authenticator receives the unsolicited revocation of credential request from user A and verifies the legitimacy of the request using the private key.
• The authenticator parses the user’s identity and credential information from the request and verifies the legitimacy of user A in the blockchain within the same trust domain.
• After the request of user A in step 1, the identity information in step 2, and the credential information in step 3 are verified, the verifier sends the credential identifier $I{D}_{cred}$ of user A to the cuckoo filter in the fast pre-filtering layer.
• The cuckoo filter performs an insert element operation to calculate the fingerprint and candidate bucket position of $I{D}_{cred}$ and insert it into the corresponding slot.
• In order to avoid a revocation credential validation misjudgment, $I{D}_{cred}$, is further sent to the directed routing layer.
• The target RSA accumulator number is computed in the directed routing layer by means of a consistent hash algorithm.
• Based on the calculated target RSA accumulator number, the $I{D}_{cred}$ is further sent to the precision judgement layer.
• An insert element operation is performed by the RSA accumulator in the precision judgement layer to generate the latest accumulated value.
• The blockchain node in the trusted storage layer writes the latest cumulative value of the RSA accumulator into the blockchain network in the form of a smart contract transaction to complete the credential revocation operation of user A.
• The blockchain node returns the credential revocation result to the client of user A.

The user credential passive revocation process differs from the user active revocation process in the trigger judgement phase, as shown in Figure 3, where Steps 5–12 in the passive revocation process are the same as Steps 4–11 in the user active revocation process in Figure 2, both of which use the BCMRA scheme proposed in this section. The following therefore addresses Steps 1–4 of the user credential passive revocation process.

• After user B within trust domain X commits a malicious act, a member of the trust management committee from trust domain X checks whether the composite trust value of user B is lower than the minimum trust threshold of trust domain X, and then applies to the trust management blockchain node to query and calculate the composite trust value of user B.
• The trust management blockchain node calculates the composite trust value by means of a node trust assessment scheme based on the identity identifier of user B and the trust domain identifier in which user B is located.
• The trust management blockchain node sends the integrated trust value of user B to the members of the trust management committee.
• The member of the trust management committee determines whether the credentials of user B need to be revoked based on the returned composite trust value, and if the result of the determination is that passive revocation of the credentials needs to be performed on user B, it continues to execute the BCMRA scheme of Steps 5–12 and completes the process of revoking the credentials of the user B.

5.2. Verification Process for Revoked Credentials

Revocation of credential verification is an important part of the 6G authentication scheme. When verifying the legitimacy of the user’s identity and the validity of the user’s credentials, the verifier first needs to verify whether the user’s credentials have been revoked, and only if it is confirmed that the user’s credentials have not been revoked can the verifier further perform the subsequent operations. The process of the verifier checking whether the user credentials have been revoked is shown in Figure 4.

• The validator first performs a quick validation operation, calling the query element interface of the cuckoo filter.
• The cuckoo filter performs a query element operation with input parameter $I{D}_{cred}$ to be verified and outputs the query result as either $I{D}_{cred}$ exists or $I{D}_{cred}$ does not exist.
• If the validator receives a validation result of $I{D}_{cred}$ does not exist, the validation process ends with the result that the credential to be validated has not been revoked. If the validation result received is that $I{D}_{cred}$ exists, the subsequent steps continue.
• The validator sends a request for exact validation to the blockchain node within the same trust domain with $I{D}_{cred}$ and is encrypted by the validator’s private key.
• The blockchain node verifies the legitimacy of the request via the authenticator’s public key and subsequently computes the number $I{D}_{acc}$ of the target RSA accumulator via a consistent hash algorithm.
• The blockchain node queries the latest accumulation value $Ac{c}^{\prime }$ of the target RSA accumulator via the number of the accumulator, generates the latest proof of membership $w^{\prime }$, and sends the latest accumulation value and the proof of membership to the verifier.
• The validator verifies the validity of the latest membership proof $w^{\prime }$ through the validation parameters returned by the blockchain node and finally completes the entire process of verifying whether the user credentials have been revoked.

The BCMRA scheme can complete the validation with only one query element operation in the most ideal case, and even if a second precise validation is required, the validation latency can still be reduced by adopting the BCMRA scheme proposed in this section.

6. Experimental Results

In this paper, we propose a credential revocation and revocation checking scheme, BCMRA. This subsection tests the load-balancing effect of the BCMRA scheme and compares the revocation credential checking latency of the BCMRA scheme with that of the traditional single-RSA accumulator scheme. The hardware environment in which the experiments were carried out was an Intel i7-11700 CPU, 16GB of RAM, and a 512GB SSD. The system used is Ubuntu 18.04. In terms of experimental parameter settings, since the query latency of a single most basic RSA accumulator unit is linear, the size of $Loa{d}_{max}$ needs to be controlled not to be too high, and it is usually set to a few hundred, which is more appropriate. Meanwhile, the number of virtual nodes $vnode$ also affects the latency. The load maximum threshold $Loa{d}_{max}$ of the BCMRA scheme is set to 550, and the number $vnode$ of virtual nodes corresponding to each RSA accumulator is set to 5000. Firstly, the special case of revocation credential checking is introduced, i.e., the user credentials have not been revoked yet, and the judgment in the BCMRA scheme can be completed only by a fast pre-filtering layer. The test results show that when the cuckoo filter stores elements of the order of magnitude $O\left({10}^5\right)$, the latency of checking is only single-digit milliseconds. Therefore, to ensure the fairness and reasonableness of the experiment, this subsection will test the latency of the complete execution of the whole BCMRA scheme.

The core of the BCMRA scheme is to dynamically adjust the mapping between the number of RSA accumulators in the precision judgment layer and the mapping in the directional routing layer by means of a load-balancing algorithm. As shown in Figure 5, the curve represents the total time spent on load-balancing as the number of revoked credentials increases, corresponding to the vertical axis on the left side. The bar graph represents the total number of credentials to be migrated, corresponding to the vertical axis on the right side. The time spent on load-balancing is the time spent on migrating credentials. When the number of revoked credentials is 1000, there are two RSA accumulators in the precision judgment layer, and load-balancing is not required; as the number of revoked credentials increases to 1500, the number of elements stored in the RSA accumulators exceeds the load maximum threshold of $Loa{d}_{max}$, and BCMRA starts load-balancing and dynamically increases the number of RSA accumulators to three and transfers a portion of the credentials. The time required to perform load-balancing when the number of revoked credentials grows from 1000 to 1500 in Figure 5 is expressed as the value of the curve at 1500 minus the value of the curve at 1000. It can be seen that as the number of revoked credentials increases, the time taken by the BCMRA scheme to perform load-balancing each time remains more-or-less the same.

When the number of revoked credentials reaches 5000, as shown in Figure 6, the number of RSA accumulators in the precision judgment layer is 10, and the maximum difference in the number of revoked credentials stored in each RSA accumulator is only 40. The experimental results show that the BCMRA scheme proposed in this paper is able to ensure a more uniform load-balancing.

Figure 7 shows the time required for revocation credential checking. The blue curve in the figure shows the test results of the single RSA accumulator scheme proposed in [19], where the checking latency increases linearly with the number of stored credentials when only a single RSA accumulator is used for the revocation of credential storage. The purple curve in the figure is the blockchain-based revocation management scheme proposed in [21]. As the number of stored credentials increases, the chain formed by the blocks grows longer, and the checking latency increases linearly. The green curve in the figure represents the checking latency of BCMRA, which also remains relatively stable when the number of revoked credentials increases with the BCMRA load-balancing algorithm. In general, most of the revocation of verification requests will not be initiated at the same time as the load-balancing; the system can complete the load-balancing in the absence of requests or low request volume, but does not rule out the case of simultaneous load-balancing and verification revocation during peak periods. The red curve in the figure shows the latency of simultaneous load-balancing and verification cancellation, and it can be seen that even if verification cancellation is performed immediately after load-balancing, the total latency is still lower than the original scheme and can be controlled within 1 s, which does not cause obvious system lag in 6G scenarios with large-scale users and terminal devices.

In terms of security, the revocation system needs to be analyzed for a single point of failure. A single point of failure is due to server failure or downtime, resulting in the inability to carry out identity revocation and verification normally. The BCMRA scheme in this paper deploys blockchain nodes using a distributed architecture, and analyses the anti-single point of failure characteristics of blockchain nodes.

Let $A_{sys}$ be the system steady-state availability parameter, which indicates the probability that the system is in an available state in long-term operation, and its value range is $[0,1]$; if $A_{sys}=0.9999$, it means that the system is available 99.99% of the time, and the annual unavailability time is about 52 min. The single-node availability model is first given, assuming that the failure and repair of a single node obeys a continuous time Markov chain, introducing a failure rate $\lambda$ and a repair rate $\mu$, where $\lambda$ denotes the probability of a node failing per unit of time, and $\mu$ denotes the probability of a faulty node being recovered per unit of time, and the steady-state availability of a single node is $A_{node}={\displaystyle \frac{\mu }{\lambda +\mu }}$.

For a blockchain system consisting of N independent nodes, assuming that the node failure events are independent of each other and the system adopts a $(N,k)$ redundancy strategy, at least k nodes are normal to keep the system running normally, the system availability formula is as follows:

$$A_{\mathrm{sys}}=\sum _{i=k}^N\left({\displaystyle \genfrac{}{}{0pt}{}{N}{i}}\right)A_{\mathrm{node}}^i{(1-A_{\mathrm{node}})}^{N-i},$$

(8)

where the probability of each node being normal is $A_{node}$, the probability of a failure is $1-A_{node}$, and the probability that exactly i nodes are normal is calculated, and a summation operation is performed. Assume that the blockchain network adopts a PBFT consensus mechanism with $N=4$ nodes and requires at least $k=3$ nodes to survive to reach consensus. If the annual failure rate of a single node $\lambda =0.1$/year and the repair time is 4 h, the corresponding repair rate $\mu =2190$/year. Calculation based on the above parameters gives $A_{sys}\approx 0.999999998749$, which corresponds to an annual unavailability time of about 0.39 s. Therefore, it can be concluded that the blockchain-based BCMRA scheme does not have a single point of failure in its underlying design, and the system can still maintain normal operation when some nodes fail.

7. Conclusions

In this paper, we propose a BCMRA scheme with a four-layer architecture to address the challenges of 6G access by a large number of users and terminal devices, put forward the dynamic expansion of the RSA accumulator and load-balancing algorithm, and elaborate the detailed credential revocation process and revocation of the credential checking process. Test results show that the BCMRA scheme can achieve dynamic load-balancing, and has smaller and more stable credential revocation and revocation verification latency in 6G scenarios with a large number of users. In conclusion, the experimental results show that in 6G scenarios with massive access, a single architecture is not effective in providing smaller and stable delays, and the use of a layered architecture incorporating multiple techniques can achieve results. In future research, cryptographic enhancement designs against quantum computing attacks need to be considered. Existing schemes rely on traditional cryptographic algorithms, but the rapid development of quantum computing poses a potential threat to long-term security. Future research is needed to investigate the fusion mechanism between post-quantum cryptographic algorithms and blockchain architectures to ensure the quantum resistance of identity revocation systems.