Bowen Liu,Pawel Szalachowski,Siwei Sun

DOI: https://doi.org/10.48550/arXiv.2003.06127

2020-03-13

Abstract:The recent development of payment channels and their extensions (e.g., state channels) provides a promising scalability solution for blockchains which allows untrusting parties to transact off-chain and resolve potential disputes via on-chain smart contracts. To protect participants who have no constant access to the blockchain, a watching service named as watchtower is proposed -- a third-party entity obligated to monitor channel states (on behalf of the participants) and correct them on-chain if necessary. Unfortunately, currently proposed watchtower schemes suffer from multiple security and efficiency drawbacks. In this paper, we explore the design space behind watchtowers. We propose a novel watching service named as fail-safe watchtowers. In contrast to prior proposed watching services, our fail-safe watchtower does not watch on-chain smart contracts constantly. Instead, it only sends a single on-chain message periodically confirming or denying the final states of channels being closed. Our watchtowers can easily handle a large number of channels, are privacy-preserving, and fail-safe tolerating multiple attack vectors. Furthermore, we show that watchtowers (in general) may be an option economically unjustified for multiple payment scenarios and we introduce a simple, yet powerful concept of short-lived assertions which can mitigate misbehaving parties in these scenarios.

Cryptography and Security

Minze Xu,Yuan Zhang,Sheng Zhong

DOI: https://doi.org/10.1109/srds60354.2023.00026

2023-01-01

Abstract:Payment channels emerge as a promising solution to the scalability issues of blockchain-based digital currency systems, but they implicitly assume that channel owners can periodically monitor the blockchain, which may be impractical for most ordinary users. To address this issue, watchtowers are developed to monitor the blockchain on behalf of its hirers, allowing them to stay offline without security concerns. Despite their usefulness, current watchtower implementations face a security and scalability dilemma. They either require hirers to trust watchtowers, making hirers' funds vulnerable if the watchtower colludes with the counterparty, or require the watchtower to deposit collateral for each hirer, restricting the service scalability due to the watchtower's limited funds. To overcome this dilemma, we propose SilenTower, a mul-tiparty watchtower protocol. It allows a given proportion of collusive protocol participants and provides fund security without collateral. Thus, SilenTower achieves security and scalability simultaneously. Moreover, we propose a quantified definition for watchtower robustness and prove that SilenTower has better robustness than state-of-the-art implementations. We also assess SilenTower's performance through thorough benchmarking and demonstrate that it has lightweight overheads for both partici-pants and hirers.

Minze Xu,Yuan Zhang,Sheng Zhong

DOI: https://doi.org/10.1109/tdsc.2024.3445429

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recently, watchtowers emerge as a critical service within payment channel networks (PCNs). Existing payment channels necessitate that channel owners periodically monitor the blockchain to ensure their fund security, or enlist the watchtower services for this task. Presently, watchtower proposals mandate the implementer to provide collateral as a safeguard against its collusion with potential adversaries. However, this collateral substantially inflates the implementation costs, consequently leading to higher service fees for users. Furthermore, most watchtowers are typically operated by a third-party entity, creating a single point of failure. To ameliorate the status quo, we propose a novel approach where PCN nodes collaboratively implement a watchtower system named “SilenTower.” Our proposal is rooted in the fundamental principles of blockchain systems, emphasizing maintenance by a community with an honest majority. SilenTower's security no longer relies on collateral but rather on the inherent difficulty of a large proportion of collusion. SilenTower also allows inaccessible participants and thus obtains robustness. Through a rigorous theoretical analysis, we demonstrate that participants' optimal strategy is to remain accessible and faithfully adhere to the SilenTower protocol. Furthermore, we assess the practical performance of SilenTower through comprehensive benchmarking, and the results reveal that it introduces lightweight overheads.

Georgia Avarikioti,Felix Laufenberg,Jakub Sliwinski,Yuyi Wang,Roger Wattenhofer

DOI: https://doi.org/10.48550/arXiv.1811.12740

2018-11-30

Abstract:Micropayment channels are the most prominent solution to the limitation on transaction throughput in current blockchain systems. However, in practice channels are risky because participants have to be online constantly to avoid fraud, and inefficient because participants have to open multiple channels and lock funds in them. To address the security issue, we propose a novel mechanism that involves watchtowers incentivized to watch the channels and reveal a fraud. Our protocol does not require participants to be online constantly watching the blockchain. The protocol is secure, incentive compatible and lightweight in communication. Furthermore, we present an adaptation of our protocol implementable on the Lightning protocol. Towards efficiency, we examine specific topological structures in the blockchain transaction graph and generalize the construction of channels to enable topologies better suited to specific real-world needs. In these cases, our construction reduces the required amount of signatures for a transaction and the total amount of locked funds in the system.

Cryptography and Security,Computer Science and Game Theory

Ke Xiao,Jiayang Li,Yunhua He,Xu Wang,Chao Wang

DOI: https://doi.org/10.1016/j.future.2024.01.012

IF: 7.307

2024-01-13

Future Generation Computer Systems

Abstract:With the increasing demand for digital currencies and other blockchain transactions, the contradiction between the growing demand and the limited blockchain space has become increasingly prominent, and the scalability of the blockchain urgently needs to be resolved. The existing off-chain payment channel solutions do not give enough consideration to the multi-party parallel transaction process, and the transaction process lacks supervision, making it difficult to meet the actual demand. In this paper, we propose a multi-party secure, flexible, concurrent and supervisable off-chain payment channel scheme. Our scheme not only optimizes the current transaction process so that the participants and channel balance within the channel can be flexibly changed without affecting the normal transaction process, but also designs a multi-level collaborative supervision mechanism from multiple perspectives of positive and negative, active and passive, and multiple layers of on-chain and off-chain to ensure the safety and convenience of the transaction process. The security of the scheme was also analyzed, especially the possible collusion in the channel. We simulated the operation of the channel in the blockchain simulation and testing software Simblock and tested the scheme from various aspects. The experiments show that our scheme is able to achieve secure supervision within the channel with a modest overhead (about 15%). Testing of the mentioned smart contracts further illustrates the feasibility of the scheme.

computer science, theory & methods

Yuxian Li,Jian Weng,Wei Wu,Ming Li,Yingjiu Li,Haoxin Tu,Yongdong Wu,Robert.H. Deng

DOI: https://doi.org/10.1016/j.jpdc.2023.104721

IF: 4.542

2023-06-03

Journal of Parallel and Distributed Computing

Abstract:Blockchain systems, one of the most popular distributed systems, are well-applied in various scenarios, e.g., logistics and finance. However, traditional blockchain systems suffer from scalability issues. To tackle this issue, Payment Channel Hubs (PCHs) are proposed. Recent efforts, such as A2L (SP'21) and Teechain (SOSP'19), enhance the privacy, reusability, and interoperability properties of PCHs. Nevertheless, these solutions have intrinsic limitations: they rely on trusted hardware or suffer from the deposit lock-in problem. Furthermore, the functionalities of some of these solutions are restricted to fixed-amount payments and do not support multi-party participation. These aforementioned problems limit their capabilities to alleviate blockchain scalability issues. In this paper, we propose PRI, a novel PCH solution that simultaneously guarantees transaction P rivacy (i.e., relationship unlinkability and value confidentiality), deposit R eusability, and blockchain I nteroperability, which can mitigate the aforementioned problems. PRI is constructed by several new building blocks, including (1) an atomic deposit protocol that enforces user and hub to deposit equivalent assets in a shared address for building a fair payment channel; (2) a privacy-preserving deposit certification scheme that leverages the Pointcheval and Sanders signature and non-interactive zero-knowledge proof to resolve the deposit lock-in issue in maintaining payment channels; (3) a range proof which ensures the legality and confidentiality of transaction values. We conduct extensive experimental evaluations of PRI, demonstrating that it improves the state-of-the-art approaches in terms of performance.

computer science, theory & methods

Qianwen Wei,Shujun Li,Wei Li,Hong Li,Mingsheng Wang

DOI: https://doi.org/10.1007/978-3-030-23597-0_29

2019-01-01

Abstract:In Bitcoin, the knowledge of private key equals to the ownership of bitcoin, which occurs two problems: the first problem is that the private key must be kept properly, and the second one is that once the private key is given, it can't be taken back, hence the bitcoin system can only implement the transfer function. In this paper, we first propose a new digital signature algorithm and use it to design an online wallet, which can help the user derive the signature without obtaining the user's private key. Secondly, using our proposed online wallet, we extend the application of private key so that the cryptocurrency system can implement the authorization function. In more detail, we define a new primitive that we call decentralized hierarchical authorized payment scheme (DHAP scheme). We next propose a concrete instantiation and prove its correctness. Finally, we analyze the security and usability of our scheme. For security, we prove our scheme to be secure under the random oracle model. For usability, we examine its performance and compare it with bitcoin's performance.

Xiaohua Wu,Hongji Ling,Huan Liu,Fangjian Yu

DOI: https://doi.org/10.1007/s12083-022-01317-4

2022-03-29

Abstract:The consortium blockchain has three challenges in terms of performance, security, and privacy when adopting the Practical Byzantine Fault Tolerance (PBFT) protocol. The throughput and scalability of consortium blockchain are focused on meanwhile the privacy protection can hardly be ignored. This work proposes a privacy-preserving multi-signature and hierarchical Byzantine consensus protocol. Specifically, the signature combines a ring signature and a Schnorr one to provide three levels of privacy protection. The consensus protocol layers the network nodes into different clusters, which overcomes the shortcomings of PBFT and Schnorr signature. The theoretical analysis proves the security and privacy of the protocol and expounds the application scenarios, and the efficiency evaluation shows that the signature verification speed is 6.28 times faster than the Schnorr scheme, and the consensus in a 250-nodes network is 51.3% faster than the Schnorr-based PBFT consensus.

computer science, information systems,telecommunications

Wenqian Shang,Yulong Gao,Xueting Chen

DOI: https://doi.org/10.1109/SNPD61259.2024.10673921

2024-07-05

Abstract:This paper presents a new blockchain scheme using a linkable ring signature algorithm based on lattice cryptography. This scheme counters quantum attacks on blockchain transaction signatures. The signature algorithm ensures correctness, anonymity, and unforgeability using trap generation and rejection sampling. It’s resilient to quantum attacks due to lattice cryptography’s hardness. Compared to other lattice-based algorithms, it offers reduced signature generation and verification time, minimized signature length, lower storage requirements, and better scalability. Implementing this scheme supports blockchain transaction security and privacy, promoting blockchain’s sustainable development and widespread application. This research enhances blockchain security against quantum attacks, paving the way for more secure and efficient blockchain-based apps.

Computer Science

Zhiwei Wang,Jiaxing Fan

DOI: https://doi.org/10.1109/tcc.2020.2974954

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:Edge computing can process data at the network edge rather than in the remote cloud. To protect the security of the collected data, blockchain can be used in edge computing. Any request sent from an edge server requesting data storage is a transaction added into the blockchain, which should include the data owners' signature. For protecting the privacy of data owners, a threshold ring signature can be utilized for the blockchain. In this article, we propose a flexible threshold ring signature scheme in chronological order that has two advantages for solving the update problem and chronological problem in practice. Our scheme is a nontrivial extension of Yuen et al.'s signature scheme and has three security properties: unforgeability, anonymity, and chronological sorting. We prove our scheme without random oracles and test our scheme over the Intel Edison development platform simulating practical edge servers.

computer science, information systems, theory & methods

Qian Zhang,Yong Yu,Huilin Li,Jiguo Yu,Lei Wang

DOI: https://doi.org/10.1016/j.ins.2023.02.069

IF: 8.1

2023-03-02

Information Sciences

Abstract:Auction, widely used by firms and governments, has facilitated trillions of dollars in the world economy. However, when price is the only factor determining the winner, how to guarantee the trustworthiness of the auction outcomes, and at the same time preserve the privacy of losing bidders is a challenging issue. In this paper, to address this issue, we present a sealed-bid auction protocol with privacy preserving and public verifiability atop blockchain. No bidder is able to repudiate or change any bidding to outbid others and all public information comes with proof that even observers are able to validate the auction. Proofs post along the way to validate biddings and identify the winner are in the form of group elements with communication complexity O(log⁡(nm)) , n,m denoting the upper bound bit length of the bidding price and the number of bidders respectively. The logarithmic complexity significantly reduces the communication cost and makes it practical for large-scale auction. Moreover, our protocol can be easily extended to any type of ordinal-price sealed-bid auction such as second-price with privacy preserving. We provide detailed security proofs or analysis of the required security goals. The evaluation of time cost in off-chain operations and gas cost in on-chain functions demonstrate the practicality of our protocol in real-world applications.

computer science, information systems

Yuefeng Du,Huayi Duan,Anxin Zhou,Cong Wang,Man Ho Au,Qian Wang

DOI: https://doi.org/10.48550/arXiv.2005.05531

2020-08-07

Abstract:How to audit outsourced data in centralized storage like cloud is well-studied, but it is largely under-explored for the rising decentralized storage network (DSN) that bodes well for a billion-dollar market. To realize DSN as a usable service in a truly decentralized manner, the blockchain comes in handy -- to record and verify audit trails in forms of proof of storage, and based on that, to handle fair payments with necessary dispute resolution. Leaving the audit trails on the blockchain offers transparency and fairness, yet it 1) sacrifices privacy, as they may leak information about the data under audit, and 2) overwhelms on-chain resources, as they may be practically large in size and expensive to verify. Prior auditing designs in centralized settings are not directly applicable here. A handful of proposals targeting DSN cannot satisfactorily address these issues either. We present an auditing solution that addresses on-chain privacy and efficiency, from a synergy of homomorphic linear authenticators with polynomial commitments for succinct proofs, and the sigma protocol for provable privacy. The solution results in, per audit, 288-byte proof written to the blockchain, and constant verification cost. It can sustain long-term operation and easily scale to thousands of users on Ethereum.

Cryptography and Security

Yumeng Xie,Qing Fan,Chuan Zhang,Tong Wu,Yuao Zhou,Debiao He,Liehuang Zhu

DOI: https://doi.org/10.1109/tifs.2024.3428848

IF: 7.231

2024-07-26

IEEE Transactions on Information Forensics and Security

Abstract:Threshold signatures as a method to realize multi-party cooperation and trust distribution in blockchain have been widely studied in recent years. However, among these researches, few threshold signature schemes achieve all the properties of accountability, privacy, and key protection for the EdDSA-based blockchain systems. To fill this gap, we propose an EdDSA-based accountable threshold signature protocol with privacy and proactive refresh, named TAPS-PR. Meanwhile, we define new security models and give a detailed analysis to prove protocol security. In TAPS-PR, the threshold is variable and hidden with the signing quorum from the public view. However, the signing quorum can be traced when threshold signatures related to fraudulent events are generated. We also enhance the key security of each signer by proactive refresh, which realizes updating the private key while the public key remains unchanged. Apart from that, we present ATS-PR with increased efficiency and reduced communication cost at the cost of weaker security. The theoretical analysis and experimental results indicate that our protocols perform efficiently in terms of communication and computation overhead. Furthermore, we use Tezos, a blockchain project employing EdDSA, as a case study to demonstrate the compatibility of our protocol with real-world blockchain applications.

computer science, theory & methods,engineering, electrical & electronic

Hao Yin,Zijian Zhang,Jialing He,Liran Ma,Liehuang Zhu,Meng Li,Bakh Khoussainov

DOI: https://doi.org/10.1109/jiot.2021.3115568

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Bitcoin first proposed the Nakamoto consensus that applies proof of work into the blockchain structure to build a trustless append-only ledger. The Nakamoto consensus solves the distributed consistency problem in the public network but wastes too much computing power. Instead of consuming computing resources, many improved consensus schemes address this problem by leveraging miners' storage resources. However, these schemes fail to let miners store data constantly and usually rely on a dealer to assign data, which is hard to build a reliable decentralized storage system. In this article, we first design a variant consensus algorithm named Proof of Continuous Work (PoCW) with a storage-related incentive mechanism. Miners can accumulate mining advantage by continuously submitting proofs of storage. Then, we present a hash ring-based data allocation algorithm using the blockchain's state. Combined with both of them, we build a reliable blockchain-based storage system without relying on any third parties. The theoretical analysis and simulation results demonstrate that the proposed system has higher reliability than those existing systems, and we also give practical suggestions about system parameters. Finally, we discuss additional benefits that our system brings.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chao Li,Balaji Palanisamy

2024-05-14

Abstract:In blockchains such as Bitcoin and Ethereum, transactions represent the primary mechanism that the external world can use to trigger a change of blockchain state. Transactions serve as key sources of evidence and play a vital role in forensic analysis. Timed transaction refers to a specific class of service that enables a user to schedule a transaction to change the blockchain state during a chosen future time-frame. This paper proposes T-Watch, a decentralized and cost-efficient approach for users to schedule timed execution of any type of transaction in Ethereum with privacy guarantees. T-Watch employs a novel combination of threshold secret sharing and decentralized smart contracts. To protect the private elements of a scheduled transaction from getting disclosed before the future time-frame, T-Watch maintains shares of the decryption key of the scheduled transaction using a group of executors recruited in a blockchain network before the specified future time-frame and restores the scheduled transaction at a proxy smart contract to trigger the change of blockchain state at the required time-frame. To reduce the cost of smart contract execution in T-Watch, we carefully design the proposed protocol to run in an optimistic mode by default and then switch to a pessimistic mode once misbehaviors occur. Furthermore, the protocol supports users to form service request pooling to further reduce the gas cost. We rigorously analyze the security of T-Watch and implement the protocol over the Ethereum official test network. The results demonstrate that T-Watch is more scalable compared to the state of the art and could reduce the cost by over 90% through pooling.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Yunshu Liu,Zhixuan Fang,Man Hon Cheung,Wei Cai,Jianwei Huang

2021-01-01

Abstract:Miners in a blockchain system are suffering from the ever-increasing storage costs, which in general have not been properly compensated by the users' transaction fees. In the long run, this may lead to less participation of miners in the system and jeopardize the blockchain security. In this work, we mitigate such a blockchain storage sustainability issue by proposing a social welfare maximization mechanism, which encourages each user to pay sufficient transaction fees for the storage costs and consider the waiting time costs imposing on others. We model the interactions between the protocol designer, users, and miners as a three-stage Stackelberg game. In Stage I, the protocol designer optimizes the consensus parameters associated with the transaction fee per byte values and waiting time costs to maximize the social welfare. In Stage II, the users decide the transaction generation rates to maximize their payoffs. In Stage III, the miners select the transactions and record them into the blockchain to maximize their payoffs. Through characterizing the Nash equilibrium of the three-stage game, we find that the protocol designer can not only achieve maximum social welfare in Stage II and III of the model, but also incentivize each user pays sufficient transaction fees for storage costs. We also find that for users who generate transactions at lower rates, they may pay higher waiting time price per transaction for the waiting time costs they impose on other users. Ethereum-based numerical results showed that our proposed mechanism dominates the existing protocol in both social welfare and fees, achieves a higher fairness index than the existing protocol, and performs well even under heterogeneous-storage-cost miners.

Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Yu Guo,Yuxin Xi,Yifang Zhang,Mingyue Wang,Shengling Wang,Xiaohua Jia

DOI: https://doi.org/10.1109/tsc.2024.3441471

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:Decentralized storage is recognized as a promising blockchain application for building trustworthy data-sharing services. Recently, privacy-preserving decentralized storage has attracted tremendous attention from the research community, due to the inherent transparent access properties of blockchain. That is, multi-users can search over encrypted data from multi-owners via untrusted storage servers. Private Set Intersection (PSI) is regarded as an ideal cryptographic scheme for this scenario because it allows multiple parties to collaboratively execute private set computations without revealing additional information. However, existing solutions do not consider the necessary verification and fault tolerance of PSI results, which is the indispensable security requirements in decentralized storage. To fill the gap, in this work, we introduce the first reliable PSI scheme for decentralized storage that provides results verifiability and fault tolerance for private set operations. Our design leverages authenticated indexing structures and Shamir's secret sharing algorithm for constructing our reliable PSI scheme with fault tolerance. To address the potential malicious behaviors of dishonest users or servers, we also propose a blockchain-assisted arbitration protocol that enables public arbitration in a privacy-preserving manner. We rigorously provide security analysis and complete the prototype implementation on Fabric. Extensive results demonstrate its practicability and feasibility for existing decentralized storage.

computer science, information systems, software engineering

Zhanshan Wang,Xiaofeng Ma

DOI: https://doi.org/10.3390/math12101544

IF: 2.4

2024-05-16

Mathematics

Abstract:Private set intersection (PSI) enables two parties to determine the intersection of their respective datasets without revealing any information beyond the intersection itself. This paper particularly focuses on the scenario of unbalanced PSI, where the sizes of datasets possessed by the parties can significantly differ. Current protocols for unbalanced PSI under the malicious security model exhibit low efficiency, rendering them impractical in real-world applications. By contrast, most efficient unbalanced PSI protocols fail to guarantee the correctness of the intersection against a malicious server and cannot even ensure the client's privacy. The present study proposes a blockchain-based unbalanced PSI protocol with public verification and financial security that enables the client to detect malicious behavior from the server (if any) and then generate an irrefutable and publicly verifiable proof without compromising its secret. The proof can be verified through smart contracts, and some economic incentive and penalty measures are executed automatically to achieve financial security. Furthermore, we implement the proposed protocol, and experimental results demonstrate that our scheme exhibits low online communication complexity and computational overhead for the client. At the same time, the size of the generated proof and its verification complexity are both O(logn), enabling cost-effective validation on the blockchain.

mathematics