Abstract:In data sharing scenarios where users access data resources across domains, their identity legitimacy and secure communication need to be ensured. To this end, this paper proposed a two-factor, i.e., biometrics and passwords, cross-domain authentication and key agreement scheme based on blockchain. Fuzzy extraction technology is used to extract the key and public information of users’ biometrics for authentication participation, avoiding biometric information leakage. The blockchain ledger is used to store users’ identity information including biometric keys and biometric public information, ensuring the consistency of users’ identity information without any tampering. In cross-domain authentication, the authentication server in the authentication domain does not need to communicate with the authentication server in the user registration domain. Instead, it is completed by directly querying the blockchain ledger to obtain users' identity information. Security and performance analysis show that the proposed scheme can provide stronger security with less computational overhead.