Metaverse-AKA: A Lightweight and PrivacyPreserving Seamless Cross-Metaverse Authentication and Key Agreement Scheme

The recent advances of emerging technologies including artificial intelligence, 5G, 6G, extended reality and blockchain promote the rapid development of next-generation Internet. As an evolving paradigm of next-generation Internet, metaverse, a fully immersive, hyper spatiotemporal and selfsustaining virtual shared space, is moving from imagination to the coming reality. However, its massive data flow, pervasive user profiling activities and other intrinsic features can lead to a lot of security and privacy concerns, which will hinder its further deployment. Specially, since the identities of users/avatars in the metaverse can be illegally stolen, impersonated, and interoperability issues can be encountered in authentication across metaverses, this paper designs a lightweight and privacy-preserving seamless cross-metaverse authentication and key agreement scheme named MetaverseAKA to meet the challenges. Metaverse-AKA can not only realize the seamless cross-metaverse authentication but also assure the users’ privacy by achieving the anonymity and unlinkability. In addition, Metaverse-AKA also has the following advantages: (i) Realizing the traceability for users in physical world. (ii) Resistance to multiple attacks like impersonation attack, man-in-the-middle attack and replay attack. (iii) Adopting lightweight cryptographic prinitives and having better performance through experiment verification and comparison.