A method, device and system for credential hierarchy management based on RSA accumulator

By introducing primary and secondary trusted nodes into the RSA accumulator and utilizing trust relationships and dedicated parameters, the problems of low efficiency and lack of traceability in credential management in the RSA accumulator are solved, realizing fast credential management and a hierarchical architecture, and ensuring system security.

CN116760548BActive Publication Date: 2026-06-05METERTEK TECH INC

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
METERTEK TECH INC
Filing Date
2023-06-15
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In existing technologies for credential management using RSA accumulators in blockchain, adding or deleting elements requires traversing all elements for calculation, which fails to achieve hierarchical management and makes it impossible to trace the issuer of the credential.

Method used

The system introduces primary and secondary trusted nodes, which are responsible for the management and calculation of credentials respectively. Through trust relationships and exclusive parameters, it enables the rapid addition and deletion of credentials. Furthermore, the primary trusted node can trace evidence back to the secondary trusted node, forming a hierarchical management architecture.

Benefits of technology

It enables the rapid addition and deletion of credentials in the RSA accumulator without traversing all elements, supports hierarchical management and evidence traceability, and ensures the security of the algorithm and the information protection of the trusted system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116760548B_ABST
    Figure CN116760548B_ABST
Patent Text Reader

Abstract

The application discloses a kind of based on RSA accumulator's credential hierarchical management method device and system, introduce one more than one secondary trusted node and primary trusted node, primary trusted node is responsible for increasing and deleting element in RSA accumulator, do not participate in evidence calculation;Secondary trusted node directly calculates and issues corresponding evidence according to the exclusive parameter obtained from the primary trusted node;The present application under trusted system, whether it is primary trusted node or secondary trusted node can well protect the information stored by oneself, and then guarantee the security of algorithm;When adding new credential, secondary trusted node directly calculates using exclusive parameter, without traversing other elements;When deleting credential, primary trusted node directly calculates using parameter, without traversing other elements;Credential addition and deletion and certificate issuance are stripped, multiple secondary nodes can be set, to realize the hierarchical management of credential;Realize traceability, can be completed evidence traceability by primary trusted node, to find evidence issuer.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of cryptography technology, and specifically relates to a method, apparatus, and system for hierarchical management of credentials based on an RSA accumulator. It can be applied to sub-fields such as blockchain and digital certificates, and can be widely used in industries such as finance. Background Technology

[0002] Explanation of related terms:

[0003] 1. The principle of RSA public-key cryptosystem is: According to number theory, it is relatively easy to find two large prime numbers, but it is extremely difficult to factor their product. Therefore, the product can be made public as the encryption key.

[0004] 2. The RSA accumulator is an accumulator based on the RSA principle, which can realize the addition, deletion and proof of existence of members.

[0005] 3. The root of the accumulator represents a publicly exposed state of the accumulator, used for member verification, and can be compared to the Merkle root.

[0006] 4. Certificates: The certificates in the RSA accumulator are non-repeating prime numbers. As for the mapping from certificate information to prime numbers, there are many methods, which will not be discussed in this scheme.

[0007] In a distributed identity system, a certificate holder possesses multiple certificates. A credential is the mathematical representation of these certificates, derived as a prime number from the certificates using a one-way function. The existence of this prime number is used to verify the validity of the certificates. Depending on the scenario, the holder provides one or more credentials to verify the validity of the corresponding certificates.

[0008] Shortcomings of existing technical solutions:

[0009] Existing technical solutions are mainly used in blockchain, especially public chains. Therefore, after generating two prime numbers, only their product N is retained, which is the public key in the RSA encryption algorithm. This has the following three drawbacks.

[0010] a) When adding a new element (credential), it is necessary to traverse almost all elements to calculate the verification evidence corresponding to the new element. If there are N elements, it is necessary to calculate almost N multiplications.

[0011] b) When deleting an element, it is necessary to traverse almost all elements and recalculate the root of the accumulator. If there are N elements, it is necessary to calculate almost N multiplications.

[0012] c) A hierarchical management architecture cannot be formed because all users have equal rights in the public chain and there is no trust between them. Therefore, any user can accumulate credentials and calculate and verify evidence on their own, and the issuer of the credentials cannot be traced. Summary of the Invention

[0013] The purpose of this invention is to provide a method, apparatus and system for hierarchical management of credentials based on an RSA accumulator, thereby solving the aforementioned problems existing in the prior art.

[0014] The advantages of this invention are as follows: It establishes a primary trusted node and a secondary trusted node. The primary trusted node is responsible for adding and deleting credentials. Through trust relationships, the node is allowed to retain RSA parameters, enabling rapid addition and deletion of credentials without traversing all elements. Simultaneously, the primary trusted node issues exclusive parameters to the secondary trusted node, allowing the secondary trusted node to issue corresponding evidence to the element owner. The secondary trusted node also does not need to traverse all elements to calculate the corresponding evidence. Finally, the primary trusted node can reproduce the evidence based on the recorded exclusive parameters, ensuring that each credential can be traced back to the issuing secondary trusted node, ultimately achieving a hierarchical management architecture.

[0015] To achieve the above objectives, the technical solution adopted by the present invention is as follows:

[0016] A credential hierarchical management method based on an RSA accumulator is disclosed. This method introduces a primary trusted node and one or more secondary trusted nodes to ensure secure storage of RSA-related parameters. The primary trusted node is responsible for adding and deleting elements in the RSA accumulator but does not participate in evidence calculation. The secondary trusted nodes directly calculate and issue corresponding evidence based on exclusive parameters obtained from the primary trusted node. The primary trusted node can trace the evidence back to the secondary trusted node that issued it.

[0017] Preferably, the method includes an initialization step, specifically:

[0018] S1, System Initialization:

[0019] S11, Determine the security strength length based on the scenario's security requirements; the length is the length of a prime number in RSA;

[0020] S12, randomly generate two prime numbers p and q of length length;

[0021] S13, calculate parameter n=pq, which is a common parameter of the RSA accumulator;

[0022] S14, calculate parameter lambda=Lcm(p-1,q-1), where Lcm represents finding the least common multiple, and lambda is the private key in the RSA encryption algorithm; the parameter lambda is stored in the first-level trusted node and is not disclosed;

[0023] S15, randomly generate a number of length length, as another parameter g of the RSA accumulator;

[0024] S16, Initialize the value of the RSA accumulator root, Root=g;

[0025] S2, Initialization of the first-level trusted node:

[0026] S21, Initialize parameter exp=1. This parameter is used to record the product of all elements and is dynamically updated according to the addition or deletion of elements in the accumulator;

[0027] S22, initialize root=g, this parameter represents the final state of the RSA accumulator;

[0028] S23 stores the parameters lambda, length, and n;

[0029] S24, Initialize the RSA element record table, which records all the elements accumulated by the accumulator;

[0030] S25, Initialize the tracing parameter table, which is used to record the tracing parameters distributed to the secondary trusted nodes;

[0031] S3, Secondary Trusted Node Initialization:

[0032] S31, Send an application request to the first-level trusted node;

[0033] S32, the first-level trusted node generates a random number a of length length according to the parameter length;

[0034] S33, the first-level trusted node queries whether the traceability parameter table has 'a'. If it exists, return to step S32; if it does not exist, continue to step S34.

[0035] S34, Record the information and parameter a of the secondary trusted node in the traceability parameter table;

[0036] S35, calculate u=a*lambda; where lambda is the lambda from step S14;

[0037] S36, securely send u to the secondary trusted node;

[0038] S37, the secondary trusted node stores parameter u as its exclusive parameter;

[0039] After the secondary trusted node receives and stores the exclusive parameters, the initialization step is completed.

[0040] Preferably, the method includes the step of adding a new voucher, specifically:

[0041] 1) The client sends the newly added credential e to the secondary trusted node;

[0042] 2) The secondary trusted node forwards the request for the new credential e to the primary trusted node;

[0043] 3) The first-level trusted node resolves the request and obtains credential e;

[0044] 4) The first-level trusted node queries the RSA element record table for e. If it exists, it responds to the second-level node to refuse to add the new element and continues to step 9); if it does not exist, it continues to step 5).

[0045] 5) The first-level trusted node appends element e to the RSA element record table;

[0046] 6) The first-level trusted node calculates and updates exp = exp * e mod lambda;

[0047] 7) The first-level trusted node calculates and updates root = g exp mod n;

[0048] 8) The first-level trusted node responds to the second-level trusted node with a new root;

[0049] 9) Based on the received response, if the secondary trusted node rejects the addition, it sends a failure response to the user, and the process ends; if the addition is successful, it continues to step 10).

[0050] 10) The proof evidence calculated by the secondary trusted node is calculated as follows:

[0051] a) Calculate the intermediate variable inv = e -1 mod u, where e is a prime number, this calculation is the modular inverse operation in mathematics;

[0052] b) Calculate proof = root inv mod n;

[0053] 11) The secondary trusted node responds to the user with a proof message and information indicating successful addition;

[0054] In the above steps, "mod" represents the modulo operation in mathematics.

[0055] Preferably, the method includes the step of deleting credentials, specifically:

[0056] 1) The client sends the credential d to be deleted to the secondary trusted node;

[0057] 2) The secondary trusted node forwards the request for the credential to be deleted, d, to the primary trusted node;

[0058] 3) The first-level trusted node resolves the request and obtains the credential information d;

[0059] 4) The first-level trusted node queries the RSA element record table for d. If it does not exist, it responds to the second-level trusted node with a deletion failure message and jumps to step 9); if it exists, it continues to step 5).

[0060] 5) The first-level trusted node deletes element d from the RSA element record table;

[0061] 6) The first-level trusted node calculates and updates exp = exp * d -1 mod lambda, where d is a prime number;

[0062] 7) The first-level trusted node calculates and updates root = g exp mod n;

[0063] 8) The primary trusted node responds to the secondary trusted node that the deletion was successful;

[0064] 9) The secondary trusted node sends a corresponding response to the client.

[0065] Preferably, the method includes the step of tracing the source of evidence, specifically:

[0066] 1) The client sends the combined information {e1,proof1,root1} to the first-level trusted node, where e1 represents a certain credential, proof1 represents the evidence corresponding to the credential, and root1 represents the root of the corresponding RSA accumulator;

[0067] 2) The first-level trusted node compares the value of root1 with the historical value of the RSA accumulator. If the value exists, proceed to step 3). If the value does not exist, the tracing is rejected and the process ends.

[0068] 3) Calculate r = proof1 e1 mod n;

[0069] 4) Compare r with root1 to see if they are equal; if they are equal, proceed to step 5); if they are not equal, reject the source tracing and end the process.

[0070] 5) The first-level trusted node traversal and tracing parameter table, for each piece of data traversed, denoted as a for the i-th piece of data traversed. i Perform the following operations:

[0071] a) Calculate u i = ai * lambda;

[0072] b) Calculate inv = e1 -1 mod u i ;

[0073] c) Calculate proof = root1 inv mod n

[0074] d) Compare whether proof and proof1 are equal. If they are equal, output a. i The value is used in step 6), ending the traversal; if they are not equal, continue traversing to the next one;

[0075] 6) Based on a found in step 5) i By combining the traceability parameter table, the corresponding secondary trusted node information is found;

[0076] 7) The primary trusted node responds to the client with secondary trusted node information to complete evidence tracing.

[0077] Preferably, when the client sends the combined information, it directly transmits the secondary trusted node information, then step 5) does not require traversal, and only calculation and verification steps are performed.

[0078] The present invention also discloses a credential hierarchical management device based on an RSA accumulator, comprising: a client, a primary trusted node, and one or more secondary trusted nodes;

[0079] The client is used to send a request to add or delete credentials to the primary node and to receive response information from the secondary node.

[0080] The primary trusted node is used to add and delete elements in the RSA accumulator, store the calculated parameter lambda, and send exclusive parameters to the secondary trusted node according to the request of the secondary trusted node. It also stores and maintains the RSA element record table and the traceability parameter table. Furthermore, it is used to trace evidence and correspond it to the secondary trusted node that issued the evidence.

[0081] The secondary trusted node is used to interact with the client and directly calculate and issue corresponding evidence based on the exclusive parameters obtained from the primary trusted node.

[0082] Preferably, the dedicated parameter sent to the secondary trusted node is calculated by the primary trusted node based on the parameter lambda, and the secondary trusted node stores the dedicated parameter.

[0083] This invention also discloses a credential hierarchical management system based on an RSA accumulator, comprising:

[0084] One or more processors;

[0085] Storage device for storing one or more programs;

[0086] When the one or more programs are executed by the one or more processors, the one or more processors implement the credential hierarchical management method based on RSA accumulator as described in any of the preceding claims.

[0087] The beneficial effects of this invention are:

[0088] 1. In a trusted system, both primary and secondary trusted nodes can effectively protect the information they store, thereby ensuring the security of the algorithm.

[0089] 2. When adding a new voucher, the secondary trusted node directly calculates using exclusive parameters without traversing other elements;

[0090] 3. When deleting vouchers, the first-level trusted node directly uses the parameters for calculation, without traversing other elements;

[0091] 4. Separating the creation and deletion of credentials from the issuance of certificates allows for the setting of multiple secondary nodes, completing a multi-level network structure, and realizing hierarchical management of credentials;

[0092] 5. To achieve traceability, evidence can be traced through a primary trusted node to find the issuer of the evidence. Attached Figure Description

[0093] Figure 1 This is a flowchart of the initialization steps in the credential hierarchical management method based on RSA accumulator of the present invention;

[0094] Figure 2 This is a flowchart of the steps for adding a new voucher in the voucher hierarchical management method based on RSA accumulator of the present invention;

[0095] Figure 3 This is a flowchart of the voucher deletion steps in the voucher hierarchical management method based on RSA accumulator of the present invention. Detailed Implementation

[0096] To make the objectives, technical solutions, and advantages of this invention clearer, the following description is provided in conjunction with the appendix. Figure 1-3 The present invention will be further described in detail below. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

[0097] 1. System initialization (as shown in the attached document) Figure 1 (as shown)

[0098] 1) Determine the security strength length based on the security requirements of the scenario; the length is the length of a prime number in RSA, which is currently generally 1024 or 2048;

[0099] 2) Randomly generate two prime numbers p and q of length length;

[0100] 3) Calculate parameter n=pq, which is a common parameter of the RSA accumulator; this parameter is known to all participants during system deployment, and the method is not limited.

[0101] 4) Calculate the parameter lambda=Lcm(p-1,q-1), where Lcm represents the least common multiple and lambda is the private key in the RSA encryption algorithm. This parameter is stored in the first-level trusted node during system deployment and cannot be made public.

[0102] 5) Randomly generate a number of length `length` as another parameter `g` of the RSA accumulator; this parameter can be made public.

[0103] 6) Initialize the value of the RSA accumulator root, Root=g.

[0104] 7) Initialization of Level 1 Trusted Nodes:

[0105] a) Initialize parameter exp=1. This parameter records the product of all elements. This parameter is required and is dynamically updated based on the addition or deletion of elements in the accumulator.

[0106] b) Initialize root=g, which represents the final state of the RSA accumulator;

[0107] c) Store parameters lambda, length, and n;

[0108] d) Initialize the RSA element record table, which records all the elements accumulated by the accumulator;

[0109] e) Initialize the tracing parameter table, which is used to record the tracing parameters distributed to the secondary trusted nodes.

[0110] During initialization, the initialization of the main parameters is consistent with the RSA algorithm initialization process; it is only necessary to ensure the safe storage of lambda.

[0111] 2. Initialization of the secondary trusted node:

[0112] 1) Send an application request to the primary trusted node;

[0113] 2) The first-level trusted node generates a random number 'a' of length 'length' based on the parameter 'length';

[0114] 3) The first-level trusted node queries whether the traceability parameter table 'a' exists. If it exists, return to step 2); otherwise, continue to step 4).

[0115] 4) Record the secondary trusted node information, parameter a, in the traceability parameter table;

[0116] 5) Calculate u = a * lambda; where lambda is the lambda calculated during system initialization;

[0117] 6) Securely send u to the secondary trusted node;

[0118] 7) The second-level trusted node stores the parameter u as its exclusive parameter.

[0119] Once the secondary node receives the specified parameters, initialization can be completed.

[0120] 3. Add voucher e (as attached) Figure 2 (as shown)

[0121] In this process, the identities of both parties need to be verified using traditional communication certificates during information exchange, but this will not be explicitly shown in the process. At the same time, it is assumed that the credential 'e' is a normally generated prime number.

[0122] 1) The client sends the newly added credential e to the secondary trusted node;

[0123] 2) The secondary trusted node forwards the request for the new credential e to the primary trusted node;

[0124] 3) The first-level trusted node resolves the request and obtains the credential information e;

[0125] 4) The primary trusted node queries the RSA element record table for e. If it exists, it responds to the secondary trusted node with a rejection message and proceeds to step 9. If it does not exist, it continues with step 5.

[0126] 5) The first-level trusted node appends element e to the RSA element record table;

[0127] 6) The first-level trusted node calculates and updates exp = exp * e mod lambda, where mod represents the modulo operation in mathematics, and the same applies below;

[0128] 7) The first-level trusted node calculates and updates root = g exp mod n;

[0129] 8) The primary trusted node responds to the secondary trusted node with the new root;

[0130] 9) Based on the received response, if the secondary trusted node rejects the new addition, it will respond to the user with a failure message, and the process will end; if the addition is successful, it will continue with process 10).

[0131] 10) The proof evidence is calculated at the second-level trusted node, and the calculation method is as follows:

[0132] a) Calculate the intermediate variable inv = e -1 mod u, since e is a prime number, this calculation is the modular inverse operation in mathematics;

[0133] b) Calculate proof = root inv mod n;

[0134] 11) The secondary trusted node responds to the user with proof and information about successful addition.

[0135] From the above process, we can see that proof e = root inv*e = root 1 = root mod n, which satisfies the verification process of the RSA accumulator.

[0136] On the other hand, evidence computation does not require traversing all elements, but rather performs direct computation.

[0137] 4. Delete voucher d (as attached) Figure 3 (as shown)

[0138] In this process, the identities of both parties need to be verified using traditional communication certificates during information exchange, but this will not be explicitly shown in the process. At the same time, it is assumed that the credential d is a normally generated prime number.

[0139] 1) The client sends the credential d to be deleted to the secondary trusted node;

[0140] 2) The secondary trusted node forwards the request for the credential d to be deleted to the primary trusted node;

[0141] 3) The first-level trusted node resolves the request and obtains the credential information d;

[0142] 4) The primary trusted node queries the RSA element record table for d. If it does not exist, it responds to the secondary trusted node with a deletion failure message and jumps to process 9); if it exists, it continues to process 5).

[0143] 5) The first-level trusted node deletes element d from the RSA element record table;

[0144] 6) The first-level trusted node calculates and updates exp = exp * d -1Since d is a prime number, the modular inverse can be calculated using the expression modulo lambda.

[0145] 7) The first-level trusted node calculates and updates root = g exp mod n;

[0146] 8) The primary trusted node sends a message to the secondary trusted node confirming successful deletion;

[0147] 9) The secondary trusted node sends the corresponding response to the user (client).

[0148] In summary, a first-level trusted node can quickly delete elements to update the root value.

[0149] 5. Evidence tracing:

[0150] 1) The client sends the combined information {e1,proof1,root1} to the primary trusted node, where e1 represents a certain credential, proof1 represents the evidence corresponding to the credential, and root1 represents the root of the corresponding RSA accumulator;

[0151] 2) The first-level trusted node compares the value of root1 with the historical value of the RSA accumulator. If it does exist, it continues with process 3). If it does not exist, it refuses to trace the source and the process ends. Obviously, since the value of root1 has never appeared, it is impossible to determine whether e1 is the element accumulated by the accumulator.

[0152] 3) Calculate r = proof1 e1 mod n;

[0153] 4) Compare r with root1. If they are equal, continue to step 5); if they are not equal, reject the source tracing and end the process. Obviously, if they are not equal, it means there is a problem with the data and it cannot be determined.

[0154] 5) The first-level trusted node traversal and tracing parameter table: For each piece of data traversed, let the i-th piece of data be denoted as a. i Perform the following operations:

[0155] a) Calculate u i = a i * lambda;

[0156] b) Calculate inv = e1 -1 mod u i ;

[0157] c) Calculate proof = root1 inv mod n

[0158] d) Compare whether proof and proof1 are equal. If they are equal, output a. i The value is used in process 6), ending the traversal; if they are not equal, continue traversing to the next one;

[0159] 6) Based on a found in step 5) i By combining the traceability parameter table, the corresponding secondary trusted node information is found.

[0160] 7) The primary trusted node responds to the user (client) with information from the secondary trusted node, thus completing the evidence tracing.

[0161] Clearly, the issuer of the evidence can be found through the above process. Furthermore, reaching step 5 indicates that the data is valid and the corresponding secondary trusted node can definitely be found.

[0162] In a more preferred embodiment, when sending combined information, the secondary node information can be directly passed in, so there is no need to traverse in step 5), only calculation and verification are required.

[0163] By adopting the above-disclosed technical solution of this invention, the following beneficial effects are obtained:

[0164] 1. In a trusted system, both primary and secondary trusted nodes can effectively protect the information they store, thereby ensuring the security of the algorithm.

[0165] 2. When adding a new voucher, the secondary trusted node directly calculates using exclusive parameters without traversing other elements;

[0166] 3. When deleting vouchers, the first-level trusted node directly uses the parameters for calculation, without traversing other elements;

[0167] 4. Separating the creation and deletion of credentials from the issuance of certificates allows for the setting of multiple secondary nodes, completing a multi-level network structure, and realizing hierarchical management of credentials;

[0168] 5. To achieve traceability, evidence can be traced through a primary trusted node to find the issuer of the evidence.

[0169] The above description is only a preferred embodiment of the present invention. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of the present invention, and these improvements and modifications should also be considered within the scope of protection of the present invention.

Claims

1. A method for hierarchical management of vouchers based on RSA accumulators, characterized in that, The method introduces a primary trusted node and one or more secondary trusted nodes to ensure the secure storage of RSA parameters; the primary trusted node is responsible for adding and deleting elements in the RSA accumulator, but does not participate in evidence calculation. The secondary trusted node directly calculates and issues the corresponding evidence based on the exclusive parameters obtained from the primary trusted node; The primary trusted node can trace the evidence back to the secondary trusted node that issued the evidence; The first-level trusted node is responsible for adding and deleting elements in the RSA accumulator, does not participate in evidence calculation, stores the RSA private key lambda, and maintains the RSA element record table and the traceability parameter table. The first-level trusted node generates a random number a, calculates the exclusive parameter u = a × lambda, and securely sends the exclusive parameter u to the second-level trusted node. At the same time, it records the correspondence between the information of the second-level trusted node and the parameter a in the traceability parameter table. The secondary trusted node calculates the intermediate variable inv = e⁻¹ mod u using the exclusive parameter u obtained from the primary trusted node through modular inverse operation, where e is the credential to be managed, and calculates the proof proof = root. inv mod n, where n is a common parameter of the RSA accumulator, and root represents the current state of the RSA accumulator. The corresponding evidence is directly issued, and the secondary trusted node does not need to store the parameter lambda. The primary trusted node recalculates u=a×lambda by traversing the traceability parameter table and using the parameter a corresponding to each secondary trusted node, and reproduces the evidence calculation process. The calculated evidence is compared with the evidence to be traced, and then the evidence is traced back to the secondary trusted node that issued the evidence.

2. The method for hierarchical management of vouchers based on RSA accumulator according to claim 1, characterized in that, The method includes an initialization step, specifically: S1, System Initialization: S11, Determine the security strength length based on the scenario's security requirements; the length is the length of a prime number in RSA; S12, randomly generate two prime numbers p and q of length length; S13, calculate parameter n=pq, which is a common parameter of the RSA accumulator; S14, calculate the parameter lambda=Lcm(p-1,q-1), where Lcm represents the least common multiple and lambda is the private key in the RSA encryption algorithm; The parameter lambda is stored in the first-level trusted node and is not publicly disclosed; S15, randomly generate a number of length length, as another parameter g of the RSA accumulator; S16, Initialize the value of the RSA accumulator root, Root=g; S2, Initialization of the first-level trusted node: S21, Initialize parameter exp=1. This parameter is used to record the product of all elements and is dynamically updated according to the addition or deletion of elements in the accumulator; S22, initialize root=g, this parameter represents the final state of the RSA accumulator; S23 stores the parameters lambda, length, and n; S24, Initialize the RSA element record table, which records all the elements accumulated by the accumulator; S25, Initialize the tracing parameter table, which is used to record the tracing parameters distributed to the secondary trusted nodes; S3, Secondary Trusted Node Initialization: S31, Send an application request to the first-level trusted node; S32, the first-level trusted node generates a random number a of length length according to the parameter length; S33, the first-level trusted node queries whether the traceability parameter table has 'a'. If it exists, return to step S32; if it does not exist, continue to step S34. S34, Record the information and parameter a of the secondary trusted node in the traceability parameter table; S35, calculate u=a*lambda; where lambda is the lambda from step S14; S36, securely send u to the secondary trusted node; S37, the secondary trusted node stores parameter u as its exclusive parameter; After the secondary trusted node receives and stores the exclusive parameters, the initialization step is completed.

3. The method for hierarchical management of vouchers based on RSA accumulator according to claim 1, characterized in that, The method includes the step of adding a new voucher, specifically: 1) The client sends the newly added credential e to the secondary trusted node; 2) The secondary trusted node forwards the request for the new credential e to the primary trusted node; 3) The first-level trusted node resolves the request and obtains credential e; 4) The first-level trusted node queries the RSA element record table for e. If it exists, it responds to the second-level node to refuse to add the new element and continues to step 9); if it does not exist, it continues to step 5). 5) The first-level trusted node appends element e to the RSA element record table; 6) The first-level trusted node calculates and updates exp = exp * e mod lambda; 7) The first-level trusted node calculates and updates root = g exp mod n, where g is the initial parameter of the RSA accumulator; 8) The first-level trusted node responds to the second-level trusted node with a new root; 9) If the secondary trusted node receives a response rejecting the new application, it will send a failure message to the user, and the process will end. If the addition is successful, continue to step 10). 10) The proof evidence calculated by the secondary trusted node is calculated as follows: a) Calculate the intermediate variable inv = e -1 mod u, where e is a prime number, this calculation is the modular inverse operation in mathematics; b) Calculate proof = root inv mod n; 11) The secondary trusted node responds to the user with a proof message and information indicating successful addition; In the above steps, "mod" represents the modulo operation in mathematics.

4. The method for hierarchical management of vouchers based on RSA accumulator according to claim 1, characterized in that, The method includes the step of deleting credentials, specifically: 1) The client sends the credential d to be deleted to the secondary trusted node; 2) The secondary trusted node forwards the request for the credential to be deleted, d, to the primary trusted node; 3) The first-level trusted node resolves the request and obtains the credential information d; 4) The first-level trusted node queries the RSA element record table for d. If it does not exist, it responds to the second-level trusted node with a deletion failure message and jumps to step 9); if it exists, it continues to step 5). 5) The first-level trusted node deletes element d from the RSA element record table; 6) The first-level trusted node calculates and updates exp = exp * d -1 mod lambda, where d is a prime number; 7) The first-level trusted node calculates and updates root = g exp mod n, where g is the initial parameter of the RSA accumulator; 8) The primary trusted node responds to the secondary trusted node that the deletion was successful; 9) The secondary trusted node sends a corresponding response to the client.

5. The method for hierarchical management of vouchers based on RSA accumulator according to claim 1, characterized in that, The method includes the step of evidence tracing, specifically: 1) The client sends the combined information {e1,proof1,root1} to the first-level trusted node, where e1 represents a certain credential, proof1 represents the evidence corresponding to the credential, and root1 represents the root of the corresponding RSA accumulator; 2) The first-level trusted node compares the value of root1 with the historical value of the RSA accumulator. If the value exists, proceed to step 3). If the value does not exist, the tracing is rejected and the process ends. 3) Calculate r = proof1 e1 mod n; 4) Compare r with root1 to see if they are equal; if they are equal, proceed to step 5); if they are not equal, reject the source tracing and end the process. 5) The first-level trusted node traversal and tracing parameter table, for each piece of data traversed, denoted as a for the i-th piece of data traversed. i Perform the following operations: a) Calculate u i = a i * lambda; b) Calculate inv = e1 -1 mod u i ; c) Calculate proof = root1 inv mod n d) Compare whether proof and proof1 are equal. If they are equal, output a. i The value is used in step 6), ending the traversal; if they are not equal, continue traversing to the next one; 6) Based on a found in step 5) i By combining the traceability parameter table, the corresponding secondary trusted node information is found; 7) The primary trusted node responds to the client with secondary trusted node information to complete evidence tracing.

6. The method for hierarchical management of vouchers based on RSA accumulator according to claim 5, characterized in that, If the client directly transmits the secondary trusted node information when sending the combined information, then step 5) does not require traversal of the process, and only calculation and verification steps are performed.

7. A credential hierarchical management device based on an RSA accumulator, characterized in that... include: Client, primary trusted node, and one or more secondary trusted nodes; The client is used to send a request to add or delete credentials to the primary node and to receive response information from the secondary node. The primary trusted node is used to add and delete elements in the RSA accumulator, store the calculated parameter lambda, and send dedicated parameters to the secondary trusted node according to the request of the secondary trusted node. It also stores and maintains the RSA element record table and the traceability parameter table. Furthermore, it is used to generate a random number a, calculate the dedicated parameter u = a × lambda, securely send it to the secondary trusted node, and record the correspondence between the secondary trusted node and the parameter a in the traceability parameter table. By traversing the traceability parameter table, u=a×lambda is recalculated using each parameter a and the evidence calculation process is reproduced. The calculated evidence is compared with the evidence to be traced to complete the evidence traceability and corresponds to the secondary trusted node that issued the evidence. The secondary trusted node is used to interact with the client and, based on the exclusive parameter u obtained from the primary trusted node, calculates the intermediate variable inv = e⁻¹ mod u, where e is the credential to be managed, and then calculates proof = root. inv mod n, where n is a common parameter of the RSA accumulator, and root represents the current state of the RSA accumulator. It directly calculates and issues the corresponding evidence without storing the parameter lambda.

8. The credential hierarchical management device based on RSA accumulator according to claim 7, characterized in that, The exclusive parameter sent to the secondary trusted node is calculated by the primary trusted node based on the parameter lambda, and the secondary trusted node stores the exclusive parameter.

9. A credential hierarchical management system based on an RSA accumulator, comprising: One or more processors; Storage device for storing one or more programs; The feature is that, when the one or more programs are executed by the one or more processors, the one or more processors implement the credential hierarchical management method based on the RSA accumulator as described in any one of claims 1-6.