Youquan XIAN Lianghaojie ZHOU Jianyong JIANG Boyi WANG Hao HUO Peng LIU
In recent years, blockchain has been widely applied in the Internet of Things (IoT). Blockchain oracle, as a bridge for data communication between blockchain and off-chain, has also received significant attention. However, the numerous and heterogeneous devices in the IoT pose great challenges to the efficiency and security of data acquisition for oracles. We find that the matching relationship between data sources and oracle nodes greatly affects the efficiency and service quality of the entire oracle system. To address these issues, this paper proposes a distributed and efficient oracle solution tailored for the IoT, enabling fast acquisition of real-time off-chain data. Specifically, we first design a distributed oracle architecture that combines both Trusted Execution Environment (TEE) devices and ordinary devices to improve system scalability, considering the heterogeneity of IoT devices. Secondly, based on the trusted node information provided by TEE, we determine the matching relationship between nodes and data sources, assigning appropriate nodes for tasks to enhance system efficiency. Through simulation experiments, our proposed solution has been shown to effectively improve the efficiency and service quality of the system, reducing the average response time by approximately 9.92% compared to conventional approaches.
This article describes the idea of utilizing Attested Execution Secure Processors (AESPs) that fit into building a secure Self-Sovereign Identity (SSI) system satisfying Sybil-resistance under permissionless blockchains. Today’s circumstances requiring people to be more online have encouraged us to address digital identity preserving privacy. There is a momentum of research addressing SSI, and many researchers approach blockchain technology as a foundation. SSI brings natural persons various benefits such as owning controls; on the other side, digital identity systems in the real world require Sybil-resistance to comply with Anti-Money-Laundering (AML) and other needs. The main idea in our proposal is to utilize AESPs for three reasons: first is the use of attested execution capability along with tamper-resistance, which is a strong assumption; second is powerfulness and flexibility, allowing various open-source programs to be executed within a secure enclave, and the third is that equipping hardware-assisted security in mobile devices has become a norm. Rafael Pass et al.’s formal abstraction of AESPs and the ideal functionality $\color{brown}{\mathcal{G}_\mathtt{att}}$ enable us to formulate how hardware-assisted security works for secure digital identity systems preserving privacy under permissionless blockchains mathematically. Our proposal of the AESP-based SSI architecture and system protocols, $\color{blue}{\Pi^{\mathcal{G}_\mathtt{att}}}$, demonstrates the advantages of building a proper SSI system that satisfies the Sybil-resistant requirement. The protocols may eliminate the online distributed committee assumed in other research, such as CanDID, because of assuming AESPs; thus, $\color{blue}{\Pi^{\mathcal{G}_\mathtt{att}}}$ allows not to rely on multi-party computation (MPC), bringing drastic flexibility and efficiency compared with the existing SSI systems.
Kota CHIN Keita EMURA Shingo SATO Kazumasa OMOTE
In an open-bid auction, a bidder can know the budgets of other bidders. Thus, a sealed-bid auction that hides bidding prices is desirable. However, in previous sealed-bid auction protocols, it has been difficult to provide a “fund binding” property, which would guarantee that a bidder has funds more than or equal to the bidding price and that the funds are forcibly withdrawn when the bidder wins. Thus, such protocols are vulnerable to a false bidding. As a solution, many protocols employ a simple deposit method in which each bidder sends a deposit to a smart contract, which is greater than or equal to the bidding price, before the bidding phase. However, this deposit reveals the maximum bidding price, and it is preferable to hide this information. In this paper, we propose a sealed-bid auction protocol that provides a fund binding property. Our protocol not only hides the bidding price and a maximum bidding price, but also provides a fund binding property, simultaneously. For hiding the maximum bidding price, we pay attention to the fact that usual Ethereum transactions and transactions for sending funds to a one-time address have the same transaction structure, and it seems that they are indistinguishable. We discuss how much bidding transactions are hidden. We also employ DECO (Zhang et al., CCS 2020) that proves the validity of the data to a verifier in which the data are taken from a source without showing the data itself. Finally, we give our implementation which shows transaction fees required and compare it to a sealed-bid auction protocol employing the simple deposit method.
Vu-Trung-Duong LE Hoai-Luan PHAM Thi-Hong TRAN Yasuhiko NAKASHIMA
Blockchain-based Internet of Things (IoT) applications require flexible, fast, and low-power hashing hardware to ensure IoT data integrity and maintain blockchain network confidentiality. However, existing hashing hardware poses challenges in achieving high performance and low power and limits flexibility to compute multiple hash functions with different message lengths. This paper introduces the flexible and energy-efficient crypto-processor (FECP) to achieve high flexibility, high speed, and low power with high hardware efficiency for blockchain-based IoT applications. To achieve these goals, three new techniques are proposed, namely the crypto arithmetic logic unit (Crypto-ALU), dual buffering extension (DBE), and local data memory (LDM) scheduler. The experiments on ASIC show that the FECP can perform various hash functions with a power consumption of 0.239-0.676W, a throughput of 10.2-3.35Gbps, energy efficiency of 4.44-14.01Gbps/W, and support up to 8916-bit message input. Compared to state-of-art works, the proposed FECP is 1.65-4.49 times, 1.73-21.19 times, and 1.48-17.58 times better in throughput, energy efficiency, and energy-delay product (EDP), respectively.
Longle CHENG Xiaofeng LI Haibo TAN He ZHAO Bin YU
Blockchain systems rely on peer-to-peer (P2P) overlay networks to propagate transactions and blocks. The node management of P2P networks affects the overall performance and reliability of the system. The traditional structure is based on random connectivity, which is known to be an inefficient operation. Therefore, we propose MSLT, a multiscale blockchain P2P network node management method to improve transaction performance. This approach involves configuring the network to operate at multiple scales, where blockchain nodes are grouped into different ranges at each scale. To minimize redundancy and manage traffic efficiently, neighboring nodes are selected from each range based on a predetermined set of rules. Additionally, a node updating method is implemented to improve the reliability of the network. Compared with existing transmission models in efficiency, utilization, and maximum transaction throughput, the MSLT node management model improves the data transmission performance.
Javier Jose DIAZ RIVERA Waleed AKBAR Talha AHMED KHAN Afaq MUHAMMAD Wang-Cheol SONG
Zero Trust Networking (ZTN) is a security model where no default trust is given to entities in a network infrastructure. The first bastion of security for achieving ZTN is strong identity verification. Several standard methods for assuring a robust identity exist (E.g., OAuth2.0, OpenID Connect). These standards employ JSON Web Tokens (JWT) during the authentication process. However, the use of JWT for One Time Token (OTT) enrollment has a latent security issue. A third party can intercept a JWT, and the payload information can be exposed, revealing the details of the enrollment server. Furthermore, an intercepted JWT could be used for enrollment by an impersonator as long as the JWT remains active. Our proposed mechanism aims to secure the ownership of the OTT by including the JWT as encrypted metadata into a Non-Fungible Token (NFT). The mechanism uses the blockchain Public Key of the intended owner for encrypting the JWT. The blockchain assures the JWT ownership by mapping it to the intended owner's blockchain public address. Our proposed mechanism is applied to an emerging Zero Trust framework (OpenZiti) alongside a permissioned Ethereum blockchain using Hyperledger Besu. The Zero Trust Framework provides enrollment functionality. At the same time, our proposed mechanism based on blockchain and NFT assures the secure distribution of OTTs that is used for the enrollment of identities.
Peer-to-peer (P2P) technology has gained popularity as a way to enhance system performance. Nodes in a P2P network work together by providing network resources to one another. In this study, we examine the use of P2P technology for video streaming and develop a distributed incentive mechanism to prevent free-riding. Our proposed solution combines WebTorrent and the Solana blockchain and can be accessed through a web browser. To incentivize uploads, some of the received video chunks are encrypted using AES. Smart contracts on the blockchain are used for third-party verification of uploads and for managing access to the video content. Experimental results on a test network showed that our system can encrypt and decrypt chunks in about 1/40th the time it takes using WebRTC, without affecting the quality of video streaming. Smart contracts were also found to quickly verify uploads in about 860 milliseconds. The paper also explores how to effectively reward virtual points for uploads.
Veeramani KARTHIKA Suresh JAGANATHAN
Considering the growth of the IoT network, there is a demand for a decentralized solution. Incorporating the blockchain technology will eliminate the challenges faced in centralized solutions, such as i) high infrastructure, ii) maintenance cost, iii) lack of transparency, iv) privacy, and v) data tampering. Blockchain-based IoT network allows businesses to access and share the IoT data within their organization without a central authority. Data in the blockchain are stored as blocks, which should be validated and added to the chain, for this consensus mechanism plays a significant role. However, existing methods are not designed for IoT applications and lack features like i) decentralization, ii) scalability, iii) throughput, iv) faster convergence, and v) network overhead. Moreover, current blockchain frameworks failed to support resource-constrained IoT applications. In this paper, we proposed a new consensus method (WoG) and a lightweight blockchain framework (iLEDGER), mainly for resource-constrained IoT applications in a permissioned environment. The proposed work is tested in an application that tracks the assets using IoT devices (Raspberry Pi 4 and RFID). Furthermore, the proposed consensus method is analyzed against benign failures, and performance parameters such as CPU usage, memory usage, throughput, transaction execution time, and block generation time are compared with state-of-the-art methods.
With the rise of social network service (SNS) in recent years, the security of SNS users' private information has been a concern for the public. However, due to the anonymity of SNS, identity impersonation is hard to be detected and prevented since users are free to create an account with any username they want. This could lead to cybercrimes like fraud because impersonation allows malicious users to steal private information. Until now, there are few studies about this problem, and none of them can perfectly handle this problem. In this paper, based on an idea from previous work, we combine blockchain technology and security protocol to prevent impersonation in SNS. In our scheme, the defects of complex and duplicated operations in the previous work are improved. And the authentication work of SNS server is also adjusted to resist single-point, attacks. Moreover, the smart contract is introduced to help the whole system runs automatically. Afterward, our proposed scheme is implemented and tested on an Ethereum test network and the result suggests that it is acceptable and suitable for nowadays SNS network.
Takeshi MIYAMAE Fumihiko KOZAKURA Makoto NAKAMURA Masanobu MORINAGA
The total number of solar power-producing facilities whose Feed-in Tariff (FIT) Program-based ten-year contracts will expire by 2023 is expected to reach approximately 1.65 million in Japan. If the facilities that produce or consume renewable energy would increase to reach a large number, e.g., two million, blockchain would not be capable of processing all the transactions. In this work, we propose a blockchain-based electricity-tracking platform for renewable energy, called ‘ZGridBC,’ which consists of mutually cooperative two novel decentralized schemes to solve scalability, storage cost, and privacy issues at the same time. One is the electricity production resource management, which is an efficient data management scheme that manages electricity production resources (EPRs) on the blockchain by using UTXO tokens extended to two-dimension (period and electricity amount) to prevent double-spending. The other is the electricity-tracking proof, which is a massive data aggregation scheme that significantly reduces the amount of data managed on the blockchain by using zero-knowledge proof (ZKP). Thereafter, we illustrate the architecture of ZGridBC, consider its scalability, security, and privacy, and illustrate the implementation of ZGridBC. Finally, we evaluate the scalability of ZGridBC, which handles two million electricity facilities with far less cost per environmental value compared with the price of the environmental value proposed by METI (=0.3 yen/kWh).
Minhaz KAMAL Chowdhury Mohammad ABDULLAH Fairuz SHAIARA Abu Raihan Mostofa KAMAL Md Mehedi HASAN Jik-Soo KIM Md Azam HOSSAIN
The literature presents a digitized pension system based on a consortium blockchain, with the aim of overcoming existing pension system challenges such as multiparty collaboration, manual intervention, high turnaround time, cost transparency, auditability, etc. In addition, the adoption of hyperledger fabric and the introduction of smart contracts aim to transform multi-organizational workflow into a synchronized, automated, modular, and error-free procedure.
Seiya NUTA Jacob C. N. SCHULDT Takashi NISHIDE
We present a forward-secure public-key encryption (PKE) scheme without key update, i.e. both public and private keys are immutable. In contrast, prior forward-secure PKE schemes achieve forward security by constantly updating the secret keys. Our scheme is based on witness encryption by Garg et al. (STOC 2013) and a proof-of-stake blockchain with the distinguishable forking property introduced by Goyal et al. (TCC 2017), and ensures a ciphertext cannot be decrypted more than once, thereby rendering a compromised secret key useless with respect to decryption of past ciphertext the legitimate user has already decrypted. In this work, we formalize the notion of blockchain-based forward-secure PKE, show the feasibility of constructing a forward-secure PKE scheme without key update, and discuss interesting properties of our scheme such as post-compromise security.
Proof of Work (PoW), which is a consensus algorithm for blockchain, entails a large number of meaningless hash calculations and wastage of electric power and computational resources. In 2021, it is estimated that the PoW of Bitcoin consumes as much electricity as Pakistan's annual power consumption (91TWh). This is a serious problem against sustainable development goals. To solve this problem, this study proposes Meaningful-PoW (mPoW), which involves a meaningful calculation, namely the application of a genetic algorithm (GA) to PoW. Specifically, by using the intermediate values that are periodically generated through GA calculations as an input to the Hashcash used in Bitcoin, it is possible to make this scheme a meaningful calculation (GA optimization problem) while maintaining the properties required for PoW. Furthermore, by applying a device-binding technology, mPoW can be ASIC resistant without the requirement of a large memory. Thus, we show that mPoW can reduce the excessive consumption of both power and computational resources.
Shoji KASAHARA Jun KAWAHARA Shin-ichi MINATO Jumpei MORI
This paper analyzes a blockchain network forming a directed acyclic graph (DAG), called a DAG-type blockchain, from the viewpoint of graph algorithm theory. To use a DAG-type blockchain, NP-hard graph optimization problems on the DAG are required to be solved. Although various problems for undirected and directed graphs can be efficiently solved by using the notions of graph parameters, these currently known parameters are meaningless for DAGs, which implies that it is hopeless to design efficient algorithms based on the parameters for such problems. In this work, we propose a novel graph parameter for directed graphs called a DAG-pathwidth, which represents the closeness to a directed path. This is an extension of the pathwidth, a well-known graph parameter for undirected graphs. We analyze the features of the DAG-pathwidth and prove that computing the DAG-pathwidth of a DAG (directed graph in general) is NP-complete. Finally, we propose an efficient algorithm for a variant of the maximum k-independent set problem for the DAG-type blockchain when the DAG-pathwidth of the input graph is small.
Tatsuya SATO Taku SHIMOSAWA Yosuke HIMURA
Enterprises have paid attention to consortium blockchains like Hyperledger Fabric, which is one of the most promising platforms, for efficient decentralized transactions without depending on any particular organization. A consortium blockchain-based system will be typically built across multiple organizations. In such blockchain-based systems, system operations across multiple organizations in a decentralized manner are essential to maintain the value of introducing consortium blockchains. Decentralized system operations have recently been becoming realistic with the evolution of consortium blockchains. For instance, the release of Hyperledger Fabric v2.x, in which individual operational tasks for a blockchain network, such as command execution of configuration change of channels (Fabric's sub-networks) and upgrade of chaincodes (Fabric's smart contracts), can be partially executed in a decentralized manner. However, the operations workflows also include the preceding procedure of pre-sharing, coordinating, and pre-agreeing the operational information (e.g., configuration parameters) among organizations, after which operation executions can be conducted, and this preceding procedure relies on costly manual tasks. To realize efficient decentralized operations workflows for consortium blockchain-based systems in general, we propose a decentralized inter-organizational operations method that we call Operations Smart Contract (OpsSC), which defines an operations workflow as a smart contract. Furthermore, we design and implement OpsSC for blockchain network operations with Hyperledger Fabric v2.x. This paper presents OpsSC for operating channels and chaincodes, which are essential for managing the blockchain networks, through clarifying detailed workflows of those operations. A cost evaluation based on an estimation model shows that the total operational cost for executing a typical operational scenario to add an organization to a blockchain network having ten organizations could be reduced by 54 percent compared with a conventional script-based method. The implementation of OpsSC has been open-sourced and registered as one of Hyperledger Labs projects, which hosts experimental projects approved by Hyperledger.
Daiki OGAWA Koichi KOBAYASHI Yuh YAMASHITA
Design of distributed energy management systems composed of several agents such as factories and buildings is important for realizing smart cities. In addition, demand response for saving the power consumption is also important. In this paper, we propose a design method of distributed energy management systems with real-time demand response, in which both electrical energy and thermal energy are considered. Here, we use ADMM (Alternating Direction Method of Multipliers), which is well known as one of the powerful methods in distributed optimization. In the proposed method, demand response is performed in real-time, based on the difference between the planned demand and the actual value. Furthermore, utilizing a blockchain is also discussed. The effectiveness of the proposed method is presented by a numerical example. The importance of introducing a blockchain is pointed out by presenting the adverse effect of tampering the actual value.
Gyeongjin RA Su-hyun KIM Imyeong LEE
Recently, the adoption of the industrial Internet of things (IIoT) has optimized many industrial sectors and promoted industry “smartization.” Smart factories and smart industries connect the real and virtual worlds through cyber-physical systems (CPS). However, these linkages will increase the cyber security danger surface to new levels, putting millions of dollars' worth of assets at risk if communications in big network systems like IIoT settings are left unsecured. To solve these problems, the fundamental method is security, such as authentication and confidentiality, and it should require the encryption key. However, it is challenging the security performance with the limited performance of the sensor. Blockchain-based identity management is emerging for lightweight, integrity and persistence. However, the key generation and management issues of blockchain face the same security performance issues. First, through blockchain smart contracts and hierarchical deterministic (HD) wallets, hierarchical key derivation efficiently distributes and manages keys by line and group in the IIoT environment. Second, the pairing verification value based on an elliptic curve single point called Root Signature performs efficient public key certificate registration and verification and improves the key storage space. Third, the identity log recorded through the blockchain is the global transparency of the key lifecycle, providing system reliability from various security attacks. Keyless Signature Infrastructure (KSI) is adopted to perform efficiently via hash-based scheme (hash calendar, hash tree etc.). We analyze our framework compared to hash-based state commitment methods. Accordingly, our method achieves a calculation efficiency of O(nlog N) and a storage space saving of 60% compared to the existing schemes.
This paper presents the design, implementation, and verification of a blockchain-based online electronic voting system that ensures accuracy and reliability in electronic voting and its application to various types of voting using blockchain technologies, such as distributed ledgers and smart contracts. Specifically, in this study, the connection between the electronic voting system and blockchain nodes is simplified using the REST API design, and the voting opening and counting information is designed to store the latest values in the distributed ledger in JSON format, using a smart contract that cannot be falsified. The developed electronic voting system can provide blockchain authentication, secret voting, forgery prevention, ballot verification, and push notification functions, all of which are currently not supported in existing services. Furthermore, the developed system demonstrates excellence on all evaluation items, including 101 transactions per second (TPS) of blockchain online authentication, 57.6 TPS of secret voting services, 250 TPS of forgery prevention cases, 547 TPS of read transaction processing, and 149 TPS of write transaction processing, along with 100% ballot verification service, secret ballot authentication, and encryption accuracy. Functional and performance verifications were obtained through an external test certification agency in South Korea. Our design allows for blockchain authentication, non-forgery of ballot counting data, and secret voting through blockchain-based distributed ledger technology. In addition, we demonstrate how existing electronic voting systems can be easily converted to blockchain-based electronic voting systems by applying a blockchain-linked REST API. This study greatly contributes to enabling electronic voting using blockchain technology through cost reductions, information restoration, prevention of misrepresentation, and transparency enhancement for a variety of different forms of voting.
Kosuke TODA Naomi KUZE Toshimitsu USHIO
To maintain blockchain-based services with ensuring its security, it is an important issue how to decide a mining reward so that the number of miners participating in the mining increases. We propose a dynamical model of decision-making for miners using an evolutionary game approach and analyze the stability of equilibrium points of the proposed model. The proposed model is described by the 1st-order differential equation. So, it is simple but its theoretical analysis gives an insight into the characteristics of the decision-making. Through the analysis of the equilibrium points, we show the transcritical bifurcations and hysteresis phenomena of the equilibrium points. We also design a controller that determines the mining reward based on the number of participating miners to stabilize the state where all miners participate in the mining. Numerical simulation shows that there is a trade-off in the choice of the design parameters.
Wenjuan LI Yu WANG Weizhi MENG Jin LI Chunhua SU
To safeguard critical services and assets in a distributed environment, collaborative intrusion detection systems (CIDSs) are usually adopted to share necessary data and information among various nodes, and enhance the detection capability. For simplifying the network management, software defined networking (SDN) is an emerging platform that decouples the controller plane from the data plane. Intuitively, SDN can help lighten the management complexity in CIDSs, and a CIDS can protect the security of SDN. In practical implementation, trust management is an important approach to help identify insider attacks (or malicious nodes) in CIDSs, but the challenge is how to ensure the data integrity when evaluating the reputation of a node. Motivated by the recent development of blockchain technology, in this work, we design BlockCSDN — a framework of blockchain-based collaborative intrusion detection in SDN, and take the challenge-based CIDS as a study. The experimental results under both external and internal attacks indicate that using blockchain technology can benefit the robustness and security of CIDSs and SDN.