Frederik Armknecht,Ghassan Karame,Malcom Mohamed,Christiane Weis

2024-10-18

Abstract:Light clients are gaining increasing attention in the literature since they obviate the need for users to set up dedicated blockchain full nodes. While the literature features a number of light client instantiations, most light client protocols optimize for long offline phases and implicitly assume that the block headers to be verified are signed by highly dynamic validators. In this paper, we show that (i) most light clients are rarely offline for more than a week, and (ii) validators are unlikely to drastically change in most permissioned blockchains and in a number of permissionless blockchains, such as Cosmos and Polkadot. Motivated by these findings, we propose a novel practical system that optimizes for such realistic assumptions and achieves minimal communication and computational costs for light clients when compared to existing protocols. By means of a prototype implementation of our solution, we show that our protocol achieves a reduction by up to $90$ and $40000\times$ (respectively) in end-to-end latency and up to $1000$ and $10000\times$ (respectively) smaller proof size when compared to two state-of-the-art light client instantiations from the literature.

Cryptography and Security

Niusha Moshrefi,Mahyar Daneshpajooh,Chen Feng

DOI: https://doi.org/10.48550/arXiv.2112.03092

2021-12-06

Abstract:Full nodes in a blockchain network store and verify a copy of the whole blockchain. Unlike full nodes, light clients are low-capacity devices that want to validate certain data on a blockchain. They query the data they want from a full node. If light clients do not verify the data they receive, full nodes might deceive them. SPV, introduced in the Bitcoin paper, is a practical solution to this problem currently used in many PoW blockchains. In SPV, the resources needed to verify a full node's response grow linearly with the blockchain size, making it inefficient over the long run. Another issue with SPV is that the full nodes do not get compensated for the services they provide. In this work, we introduce LightSync, a simple and cost-effective solution for light clients to verify the inclusion of certain data in a PoW blockchain. The resources needed for running LightSync remain constant no matter what the size of the blockchain is. LightSync uses an incentive mechanism that encourages full nodes to participate in the protocol. We perform a thorough analysis of the security of LightSync and discuss the details of deploying it in a real-world environment.

Cryptography and Security

Ertem Nusret Tas,David Tse,Lei Yang,Dionysis Zindros

2024-05-04

Abstract:Lazy blockchains decouple consensus from transaction verification and execution to increase throughput. Although they can contain invalid transactions (e.g., double spends) as a result, these can easily be filtered out by full nodes that check if there have been previous conflicting transactions. However, creating light (SPV) clients that do not see the whole transaction history becomes a challenge: A record of a transaction on the chain does not necessarily entail transaction confirmation. In this paper, we devise a protocol that enables the creation of efficient light clients for lazy blockchains. The number of interaction rounds and the communication complexity of our protocol are logarithmic in the blockchain execution time. Our construction is based on a bisection game that traverses the Merkle tree containing the ledger of all - valid or invalid - transactions. We prove that our proof system is succinct, complete and sound, and empirically demonstrate the feasibility of our scheme.

Cryptography and Security

Sean Braithwaite,Ethan Buchman,Ismail Khoffi,Igor Konnov,Zarko Milosevic,Romain Ruetschi,Josef Widder

DOI: https://doi.org/10.48550/arXiv.2010.07031

2020-10-15

Abstract:In Tendermint blockchains, the proof-of-stake mechanism and the underlying consensus algorithm entail a dynamic fault model that implies that the active validators (nodes that sign blocks) may change over time, and a quorum of these validators is assumed to be correct only for a limited period of time (called trusting period). The changes of the validator set are under control of the blockchain application, and are committed in every block. In order to check what is the state of the blockchain application at some height h, one needs to know the validator set at that height so that one can verify the corresponding digital signatures and hashes. A naive way of determining the validator set for height h requires one to: (i) download all blocks before h, (ii) verify blocks by checking digital signatures and hashes and (iii) execute the corresponding transactions so the changes in the validator sets are reproduced. This can potentially be very slow and computationally and data intensive. In this paper we formalize the dynamic fault model imposed by Tendermint, and describe a light client protocol that allows to check the state of the blockchain application that, in realistic settings, reduces significantly the amount of data needed to be downloaded, and the number of required computationally expensive signature verification operations. In addition to mathematical proofs, we have formalized the light client protocol in TLA+, and checked safety and liveness with the APALACHE model checker.

Distributed, Parallel, and Cluster Computing,Logic in Computer Science

Yang Xu,Guojun Wang,Jidian Yang,Ju Ren,Yaoxue Zhang,Cheng Zhang

DOI: https://doi.org/10.1155/2018/2051693

2018-01-01

Wireless Communications and Mobile Computing

Abstract:The emerging network computing technologies have significantly extended the abilities of the resource-constrained IoT devices through the network-based service sharing techniques. However, such a flexible and scalable service provisioning paradigm brings increased security risks to terminals due to the untrustworthy exogenous service codes loading from the open network. Many existing security approaches are unsuitable for IoT environments due to the high difficulty of maintenance or the dependencies upon extra resources like specific hardware. Fortunately, the rise of blockchain technology has facilitated the development of service sharing methods and, at the same time, it appears a viable solution to numerous security problems. In this paper, we propose a novel blockchain-based secure service provisioning mechanism for protecting lightweight clients from insecure services in network computing scenarios. We introduce the blockchain to maintain all the validity states of the off-chain services and edge service providers for the IoT terminals to help them get rid of untrusted or discarded services through provider identification and service verification. In addition, we take advantage of smart contracts which can be triggered by the lightweight clients to help them check the validities of service providers and service codes according to the on-chain transactions, thereby reducing the direct overhead on the IoT devices. Moreover, the adoptions of the consortium blockchain and the proof of authority consensus mechanism also help to achieve a high throughput. The theoretical security analysis and evaluation results show that our approach helps the lightweight clients get rid of untrusted edge service providers and insecure services effectively with acceptable latency and affordable costs.

Steven Cao,Swanand Kadhe,Kannan Ramchandran

DOI: https://doi.org/10.48550/arXiv.2010.00217

2020-10-01

Abstract:Validating a blockchain incurs heavy computation, communication, and storage costs. As a result, clients with limited resources, called light nodes, cannot verify transactions independently and must trust full nodes, making them vulnerable to security attacks. Motivated by this problem, we ask a fundamental question: can light nodes securely validate without any full nodes? We answer affirmatively by proposing CoVer, a decentralized protocol that allows a group of light nodes to collaboratively verify blocks even under a dishonest majority, achieving the same level of security for block validation as full nodes while only requiring a fraction of the work. In particular, work per node scales down proportionally with the number of participants (up to a log factor), resulting in computation, communication, and storage requirements that are sublinear in block size. Our main contributions are light-node-only protocols for fraud proofs and data availability.

Cryptography and Security

Yang Xu,Quanrun Zeng,Ju Ren,Yaoxue Zhang,Guojun Wang,Hao Min

DOI: https://doi.org/10.1109/smartworld.2018.00331

2018-01-01

Abstract:The wide use of network computing technologies has promoted the popularity of outsourced storage services. Meanwhile, the provable data possession (PDP) techniques are widely studied as the outsourcing storage servers are not always trustworthy and dependable in maintaining the outsourced data. However, most existing PDP solutions are either costly for the current Internet of things (IoT) devices, or vulnerable to spoofing attacks. In this paper, we propose a succinct anti-spoofing provable data possession scheme for lightweight clients in network computing. We employ the basic integrity comparison-based verification to fit for the resource-constrained verifiers, and propose a random sentinel metadata setup mechanism and the true-fake blended challenge scheme to improve the robustness against spoofing attacks of untrusted servers. The analyses reveal that our approach is effective in data possession verification with the robustness against spoofing attacks, while the overhead on the verifier side is low.

Nayancy,Sandip Dutta,Soubhik Chakraborty

DOI: https://doi.org/10.3233/ida-230153

IF: 1.7

2024-02-03

Intelligent Data Analysis

Abstract:Blockchain has attracted tremendous attention in recent years due to its significant features including anonymity, security, immutability, and audibility. Blockchain technology has been used in several nonmonetary applications, including Internet-of-Things. Though blockchain has limited resources, and scalability is computationally expensive, resulting in delays and large bandwidth overhead that are unsuitable for many IoT devices. In this paper, we work on a lightweight blockchain approach that is suited for IoT needs and provides end-to-end security. Decentralization is achieved in our lightweight blockchain implementation by building a network with a lot of high-resource devices collaborate to maintain the blockchain. The nodes in the network is arranged in sorted order w.r.t execution time and count to reduce the mining overheads and is accountable for handling the public blockchain. We propose a distributed execution time-based consensus algorithm that decreases the delay and overhead of the mining process. We also propose a randomized node-selection algorithm for the selection of nodes to verify the mined blocks to eliminate the double-spend and 51% attack. The results are encouraging and significantly reduce the mining overhead and keep a check on the double-spending problem and 51% attack.

computer science, artificial intelligence

Xinying Wang,Abdullah Al-Mamun,Feng Yan,Mohammad Sadoghi,Dongfang Zhao

DOI: https://doi.org/10.48550/arXiv.1905.02157

2019-05-07

Abstract:Blockchain is an enabler of many emerging decentralized applications in areas of cryptocurrency, Internet of Things, smart healthcare, among many others. Although various open-source blockchain frameworks are available, the infrastructure is complex enough and difficult for many users to modify or test out new research ideas. To make it worse, many advantages of blockchain systems can be demonstrated only at large scales, e.g., thousands of nodes, which are not always available to researchers. This demo paper presents a lightweight single-node emulator of blockchain systems, namely \mbox{BlockLite}, designed to be executing real proof-of-work workload along with peer-to-peer network communications and hash-based immutability. BlockLite employs a preprocessing approach to avoid the per-node computation overhead at runtime and thus scales to thousands of nodes. Moreover, BlockLite offers an easy-to-use programming interface allowing for a Lego-like customization to the system, e.g. new ad-hoc consensus protocols.

Databases

Xudong Li,Zhe Yang,Lingbo Wei,Chi Zhang

DOI: https://doi.org/10.1109/ICCChina.2019.8855891

2019-01-01

Abstract:Through decentralized ledger, Bitcoin rebuilds trust and achieves payment verification. However, the verification of Bitcoin transactions requires nodes to download the whole blockchain, which is infeasible for resource-constraint devices. Traditional schemes tried to transfer most of the storage and computation tasks from a lightweight client to a full node. Nevertheless, these schemes would severely violate users' privacy since they would leak transaction ID and public-key address when a lightweight client queries the full node. To address this, we propose a privacy-preserving approach to secure queries of simplified payment verification (SPV) clients. Specifically, we design a d-differentially private mechanism based on trusted hardware such that semi-honest adversaries cannot acquire the real access pattern during shards retrieval phase. Data-oblivious primitives are adopted to prevent the internal search pattern leakage owing to side-channel attacks. Our scheme is more secure than traditional SPV schemes, and it is proved to satisfy d-differential privacy definition. Our prototype implementation with the Bitcoin blockchain dataset shows its practicality.

Qi-Feng Shao,Zhao Zhang,Che-Qing Jin,Ao-Ying Zhou

DOI: https://doi.org/10.1007/s11390-022-1007-2

IF: 1.871

2023-08-09

Journal of Computer Science and Technology

Abstract:Due to limited computing and storage resources, light clients and full nodes coexist in a typical blockchain system. Any query from light clients must be forwarded to full nodes for execution, and light clients verify the integrity of query results returned. Since existing verifiable queries based on an authenticated data structure (ADS) suffer from significant network, storage and computing overheads by virtue of verification objects (VOs), an alternative way turns to the trusted execution environment (TEE), with which light clients do not need to receive or verify any VO. However, state-of-the-art TEEs cannot deal with large-scale applications conveniently due to the limited secure memory space (e.g., the size of the enclave in Intel SGX (software guard extensions), a typical TEE product, is only 128 MB). Hence, we organize data hierarchically in trusted (enclave) and untrusted memory, along with hot data buffered in the enclave to reduce page swapping overhead between two kinds of memory. The cost analysis and empirical study validate the effectiveness of our proposed scheme. The VO size of our scheme is reduced by one to two orders of magnitude compared with that of the traditional scheme.

computer science, software engineering, hardware & architecture

Yining Qi,Zhen Yang,Yubo Luo,Yongfeng Huang,Xing Li

DOI: https://doi.org/10.32604/cmc.2022.027939

2022-01-01

Abstract:Provable Data Possession (PDP) schemes have long been proposed to solve problem of how to check the integrity of data stored in cloud service without downloading. However, with the emerging of network consisting of low performance devices such as Internet of Things, we find that there are still two obstacles for applying PDP schemes. The first one is the heavy computation overhead in generating tags for data blocks, which is essential for setting up any PDP scheme. The other one is how to resist collusion attacks from third party auditors with any possible entities participating the auditing. In this paper, we propose a novel blockchain-based light-weighted PDP scheme for low performance devices, with an instance deployed on a cloud server. We design a secure outsourced tag generating method for low performance devices, which enables a kind of "hash-sign-switch" two-phase tag computing. With this method, users with low performance devices can employ third party auditors to compute modular exponential operations that accounts for the largest portion of computation overhead in tag generation, without leaking their data content. Chaincodes in blockchain network ensure the correctness of such outsourcing and prevent collusion attacks. The security analysis and performance evaluation prove that our scheme is both secure and efficient.

S.A. Mohammed Uveise,S.M.H. Sithi Shameem Fathima

DOI: https://doi.org/10.1080/03772063.2024.2400599

IF: 1.8768

2024-09-19

IETE Journal of Research

Abstract:Blockchain (BC) technology has attracted a lot of interest due to its excellent security and privacy features as well as its immutability. While BC can address security and privacy challenges in IoT, it is often computationally expensive, suffers from limited scalability, and introduces bandwidth overheads and delays, making it unsuitable for IoT applications. This paper proposes a novel lightweight and scalable blockchain (LIGHT-SB) designed specifically for IoT environments. In a smart IoT ecosystem, low-resource devices benefit from a centralized manager that handles communication keys and manages requests. LIGHT-SB enhances decentralization while maintaining robust privacy and security through a hybrid consensus algorithm combining permissionless proof-of-capacity and permissioned Byzantine fault tolerance (PoC-PBFT). Secure message delivery is achieved using SHA-256 and RSA cryptographic techniques. IoT device authentication, communication, and storage are safeguarded within the network. Distributed throughput management is implemented to monitor and adjust BC usage, ensuring it remains efficient. Qualitative evaluations demonstrate that LIGHT-SB effectively mitigates several security threats.

telecommunications,engineering, electrical & electronic

Yahya Hassanzadeh-Nazarabadi,Alptekin Küpçü,Öznur Özkasap

DOI: https://doi.org/10.48550/arXiv.1904.00375

2020-12-21

Abstract:As an append-only distributed database, blockchain is utilized in a vast variety of applications including the cryptocurrency and Internet-of-Things (IoT). The existing blockchain solutions have downsides in communication and storage efficiency, convergence to centralization, and consistency problems. In this paper, we propose LightChain, which is the first blockchain architecture that operates over a Distributed Hash Table (DHT) of participating peers. LightChain is a permissionless blockchain that provides addressable blocks and transactions within the network, which makes them efficiently accessible by all the peers. Each block and transaction is replicated within the DHT of peers and is retrieved in an on-demand manner. Hence, peers in LightChain are not required to retrieve or keep the entire blockchain. LightChain is fair as all of the participating peers have a uniform chance of being involved in the consensus regardless of their influence such as hashing power or stake. LightChain provides a deterministic fork-resolving strategy as well as a blacklisting mechanism, and it is secure against colluding adversarial peers attacking the availability and integrity of the system. We provide mathematical analysis and experimental results on scenarios involving 10K nodes to demonstrate the security and fairness of LightChain. As we experimentally show in this paper, compared to the mainstream blockchains like Bitcoin and Ethereum, LightChain requires around 66 times less per node storage, and is around 380 times faster on bootstrapping a new node to the system, while each LightChain node is rewarded equally likely for participating in the protocol.

Distributed, Parallel, and Cluster Computing

Ben Weintraub,Satwik Prabhu Kumble,Cristina Nita-Rotaru,Stefanie Roos

2024-05-03

Abstract:The Lightning Network, a payment channel network with a market cap of over 192M USD, is designed to resolve Bitcoin's scalability issues through fast off-chain transactions. There are multiple Lightning Network client implementations, all of which conform to the same textual specifications known as BOLTs. Several vulnerabilities have been manually discovered, but to-date there have been few works systematically analyzing the security of the Lightning Network.

Cryptography and Security

Zain Ul Islam Adil,Majid Iqbal Khan,Kahkishan Sanam,Saif U. R. Malik,Syed Atif Moqurrab,Gautam Srivastava

DOI: https://doi.org/10.1111/exsy.13756

IF: 3.3

2024-11-17

Expert Systems

Abstract:Counterfeit medical devices pose a threat to patient safety, necessitating a secure device authentication system for medical applications. Resource‐constrained sensory nodes are vulnerable to hacking, prompting the need for robust security measures. Token‐based authentication schemes, such as one‐time passwords (OTPs), smart cards, key fobs, and mobile authentication apps, along with certificate‐based authentication methods, such as client and code‐signing, employ cryptographic frameworks like elliptical curve cryptography (ECC) and physical unclonable functions (PUF). However, these methods face challenges, including block sequence issues and susceptibility to side‐channel attacks. To address these issues, we propose a framework for mutual authentication using private Ethereum. This framework integrates private Ethereum and cryptographic techniques for encrypting and decrypting data using mathematical algorithms to overcome block sequence issues and side‐channel attacks. Similarly, fog nodes are utilised to enhance local computing, storage, and networking capabilities for sensors. The framework is evaluated using metrics such as communication costs, execution costs, and computation costs based on Ethereum gas consumption. The performance of the LightAuth framework is compared with that of the Smart Contracts Against Counterfeit IoMT (SCACIoMT) framework, designed for Internet of Medical Things (IoMT) devices. The effectiveness of LightAuth is verified through formal security analysis using BAN logic.

computer science, artificial intelligence, theory & methods

Abba Garba,David Khoury,Patrick Balian,Samir Haddad,Jinane Sayah,Zhong Chen,Zhi Guan,Hani Hamdan,Jinan Charafeddine,Khalid Al-Mutib

DOI: https://doi.org/10.1109/access.2023.3259068

IF: 3.9

2023-01-01

IEEE Access

Abstract:The proliferation of the internet of things (IoT) within the emergence of five-generation (5G) networks has received a huge attention in both industrial and academic domains. A 5G network is a cornerstone of realizing the full potential of the IoT, which interconnects billions of devices wirelessly. However, wireless communication in IoT devices reveals tremendous security risks in different dimensions and precisely in the distribution of the user certificates. The existing X.509 PKI, or the proposed decentralized PKI based on blockchain solutions have lacked practicality, and continue to have security flaws, or have not yet gained widespread acceptance owing to complexity and deployment issues. We present a lightweight certificate in size (LightCert4IoTs) that is not issued by Certification Authorities (CAs) due to the cost and complexity of the assignment of a signed certificate. In LightCert4IoTs first, an end-user (i.e., mobile and IoT devices) issues a self-signed certificate and lets Local Registration Authorities (LRAs)/EDGE nodes to verify and validate the binding identity-self signed certificate of the users through the Ethereum blockchain where The Ethereum network is used as the global notary for the IoT light certificates by saving them in the blockchain immutable ledger. The LightCert4IoTs leverages the advantages of blockchain technology and smart contracts to address the existing challenges of PKI certificates in IoT devices, which neatly achieve certificate issuance, update, and revocation more securely and efficiently. Finally, the LightCert4IoTs experimental results show that LightCert, as compared to relevant solutions/baselines, achieves reasonable overheads and is suitable for use in low- constrained IoT devices where the memory and processor power are optimized.

Soubhik Deb,Robert Raynor,Sreeram Kannan

2024-01-11

Abstract:As of July 15, 2023, Ethererum, which is a Proof-of-Stake (PoS) blockchain [1] has around 410 Billion USD in total assets on chain (popularly referred to as total-value-locked, TVL) but has only 33 Billion USD worth of ETH staked in securing the underlying consensus of the chain [2]. A preliminary analysis might suggest that as the amount staked is far less (11x less) than the value secured, the Ethereum blockchain is insecure and "over-leveraged" in a purely cryptoeconomic sense. In this work, we investigate how Ethereum, or, more generally, any PoS blockchain can be made secure despite this apparent imbalance. Towards that end, we attempt to formalize a model for analyzing the cryptoeconomic safety of PoS blockchain, which separately analyzes the cost-of-corruption, the cost incurred by an attacker, and the profit-from-corruption, the profit gained by an attacker. We derive sharper bounds on profit-from-corruption, as well as new confirmation rules that significantly decrease this upper-bound. We evaluate cost-of-corruption and profit-from-corruption only from the perspective of attacking safety. Finally, we present a new "insurance" mechanism, STAKESURE, for allocating the slashed funds in a PoS system, that has several highly desirable properties: solving common information problem in existing blockchains, creating a mechanism for provably safe bridging, and providing the first sharp solution for automatically adjusting how much economic security is sufficient in a PoS system. Finally, we show that the system satisfies a notion of strong cryptoeconomic safety, which guarantees that no honest transactor ever loses money, and creates a closed system of Karma, which not only ensures that the attacker suffers a loss of funds but also that the harmed parties are sufficiently compensated.

Cryptography and Security,Networking and Internet Architecture

Yukun Niu,Chi Zhang,Lingbo Wei,Yankai Xie,Xia Zhang,Yuguang Fang

DOI: https://doi.org/10.1109/globecom38437.2019.9013131

2019-01-01

Abstract:In Bitcoin, lightweight clients outsource most of storage and computation tasks to full nodes in order to run on resource-limited devices. In the interaction with the full node, the lightweight client leaks considerable information about which address or transaction is relevant to it. The existing schemes to solve this problem do not support efficient yet privacy-preserving transaction search due to the fact that the blockchain is inherently inefficient for transaction query and proposed schemes perform transaction search in a block-by-block manner. Therefore, we propose an efficient transaction query scheme for the privacy-preserving lightweight client with the Intel SGX enclave running on the full node. Our main idea is to leverage the secure enclave to serve transaction-query requests from lightweight clients. However, the usage of secure enclave alone does not achieve our goals. Our scheme reorganizes the blockchain and leverages prefix tree to increase transaction-search efficiency. Due to limited capacity, the secure enclave stores reorganized blockchain data in the untrusted full node. Thus, our scheme integrates prefix tree and oblivious searching technologies to simultaneously support efficient transaction search and protect access pattern of externally stored blockchain data for the secure enclave. Security analysis and performance evaluation show that our scheme provides efficient transaction search and verification functionalities for lightweight Bitcoin clients in a privacy-preserving way.

Federico Matteo Benčić,Ivana Podnar Žarko

DOI: https://doi.org/10.3390/s22051835

2022-02-25

Abstract:Light clients for distributed ledger networks can verify blockchain integrity by downloading and analyzing blockchain headers. They are designed to circumvent the high resource requirements, i.e., the large bandwidth and memory requirements that full nodes must meet, which are unsuitable for consumer-grade hardware and resource-constrained devices. Light clients rely on full nodes and trust them implicitly. This leaves them vulnerable to various types of attacks, ranging from accepting maliciously forged data to Eclipse attacks. We introduce Aurora-Trinity, a novel version of light clients that addresses the above-mentioned vulnerability by relying on our original Aurora module, which extends the Ethereum Trinity client. The Aurora module efficiently discovers the presence of malicious or Byzantine nodes in distributed ledger networks with a predefined and acceptable error rate and identifies at least one honest node for persistent or ephemeral communication. The identified honest node is used to detect the latest canonical chain head or to infer the state of an entry in the ledger without downloading the header chain, making the Aurora-Trinity client extremely efficient. It can run on consumer-grade hardware and resource-constrained devices, as the Aurora module consumes about 0.31 MB of RAM and 1 MB of storage at runtime.