Exploring Blockchain Technology through a Modular Lens: A Survey

A leader-based blockchain directly selects a leader to propose the next block without forming a committee or partitioning the nodes in advance. In this category, blockchain development starts from the earliest ancestor Bitcoin to improve scalability and optimize resource consumption.

The emergence of Bitcoin and Ethereum laid the foundation for the development of other blockchain platforms. Bitcoin, which was introduced in 2008, employs a proof-of-work consensus mechanism in which miners compete for computational power and the winner is selected as the leader for a particular time slot. In 2011, Namecoin was introduced as the first alternative cryptocurrency (altcoin), enabling decentralized naming services and providing a merged mining consensus algorithm. In 2014, Ethereum was introduced as a blockchain-based distributed computing platform that includes the (theoretically) Turing-complete Ethereum Virtual Machine (EVM), which enables the creation of smart contracts and expands the capabilities of blockchain beyond payment. Ethereum takes a modified proof-of-work consensus mechanism called Ethash, which is resistant to abnormal mining activities involving specialized hardware such as application-specific integrated circuits (ASICs), graphics processing units (GPUs), and field-programmable gate arrays (FPGAs). The Hyperledger project [7], which was started by the Linux Foundation in December 2015, includes Hyperledger Fabric [22], a permissioned blockchain system that supports configurable consensus algorithms and access mechanisms.

Bitcoin-NG [69] and Fruitchain [147] were both designed to improve the scalability of Bitcoin by modifying its ledger structure. Like Bitcoin, Bitcoin-NG makes use of a proof-of-work consensus algorithm to elect a leader. The leader is responsible for serializing transactions and constantly proposing microblocks at a predefined rate until a new leader takes over and starts a new epoch. With a similar idea, Fruitchain attaches multiple microblocks (called “fruits”) to key blocks.

One concern about proof-of-work (PoW) based blockchains, particularly Bitcoin, is their high energy consumption. It was estimated that Bitcoin consumed more than 26,000 MW of power in November 2019 [14], which is equivalent to the total output of 26 nuclear power plants (with each typically having an output of 1000 MW).¹ To address this issue, the concept of proof-of-stake (PoS) [6] was introduced in the Bitcoin forum. PoS relies on users’ stake rather than computational power to select a leader. Ethereum is striving to transition from PoW to PoS, which means that it intends to bid farewell to the era of large-scale mining and reduce energy consumption by 99.99% in estimation.

Snow White and Ouroboros are leader-based blockchains with provably secure PoS-based consensus protocols. Ouroboros [101] realizes a randomness beacon achieved by the G.O.D Coin tossing algorithm that makes use of a coin-tossing game and verifiable secret sharing [70]. The research group behind Ouroboros (including IOHK [8], the University of Edinburgh, etc.) also built the Ouroboros family that includes the following leader-based designs: Ouroboros (provably secure), Ouroboros Praos (adaptively secure) [53], Ouroboros Genesis (dynamically available) [29], and Ouroboros Crypsinous (privacy-preserving) [98]. CloudChain [191] presents a leader-based consensus algorithm based on a shared-memory model where nodes communicate synchronously by direct memory accesses within a cloud.

Since 2020, leader-based blockchains with new features such as security and fairness have been constructed [97, 156]. Aequitas [97] achieves order-fairness to solve the problem of incorrect final transaction ordering caused by malicious leaders. Saad et al. [156] proposed the e-PoS algorithm to resist the centralization of PoS-based blockchain networks.

A committee aims to improve scalability by selecting a small group of validators to participate in a consensus process. This reduces the communication cost when executing a consensus protocol. Considering that running a Practical Byzantine Fault Tolerance (PBFT) consensus algorithm involves a message complexity of \(O(N^2)\) without a view change, running the PBFT on \(2N\) nodes is four times slower than running it on N nodes. A committee must be elected randomly to avoid adversaries from predicting and attacking the committee members. To achieve randomness, Algorand [81] employs a sortition algorithm that leverages verifiable random functions. Blockene, proposed by Satija et al. [160], is similar to Algorand but discloses the identities of committee members before they participate in the consensus protocol. ELASTICO [126] designates a final committee made up of members who are randomly selected from each shard. ByzCoin [106] adopts a dynamic committee formed by a sliding-window mechanism, which dynamically reorganizes the committee to include new block miners and remove old ones. Snow White [36] presents a provably secure proof-of-stake (PoS) based blockchain protocol that uses epoch-based committee selection to ensure that all nodes have the same view of the updated committee. EOS.IO [5] forms a committee in each round by selecting 21 producers, who then run the delegated proof of stake (DPOS) consensus algorithm.

Sharding refers to partitioning² a blockchain network to enable faster transaction processing and better scalability. Generally speaking, a blockchain network can be sharded into smaller sub-networks. Ripple [161], Stellar [16], RSCoin [51], Meepo [203], Pyramid [89], and MVCom [91] are examples that implement sharding protocols.

Ripple [161] is one of the earliest sharded blockchains. Particularly, each Ripple node maintains a Unique Node List (UNL) recording a set of other nodes to interact with. Nodes are divided into several shards and all nodes within a shard are connected to each other. Each shard executes the Ripple Protocol Consensus Algorithm (RPCA). In Stellar [16], users are partitioned into overlapping shards (called quorum slices). Stellar adopts a type of Federated Byzantine Agreement (FBA), also referred to as the Stellar Consensus Protocol (SCP). RSCoin [51] was proposed in December 2015 as a Centrally Banked Cryptocurrency, which improves scalability at the cost of decentralization. The central bank delegates the authority of validating transactions to different shards controlled by banks and other institutions. Zheng et al. [203] proposed Meepo, a sharded scheme designed for consortium blockchains, which aims to enhance cross-shard efficiency based on methods named cross-epochs and cross-calls. Pyramid, presented in [89], proposes a sharding approach that involves layers. Unlike Rapidchain [200] and Monoxide [180], which require dividing cross-shard transactions into multiple sub-transactions, Pyramid does not necessitate this; instead, its solution entails certain shards storing the states of other shards to construct a layered structure, which is capable of efficiently processing cross-shard transactions. According to [91], MVCom employs an algorithm for online stochastic exploration to arrange the most dependable committee, leading to an improvement in performance.

Sharding can improve the blockchain scalability at the cost of introducing security risks. Sharding techniques always address these concerns by guaranteeing randomness and atomicity. For example, ELASTICO exploits PoW-based randomness generation to randomly distribute nodes into shards. OmniLedger combines VRF and RandHound [171] for stable and fair sharding, and employs Atomix to guarantee atomic cross-shard operations. Chainspace [19] addresses atomic cross-shard transactions using the S-BAC protocol, which tolerates up to 1/3 Byzantine nodes. RapidChain was presented in 2018 [200], which can surpass ElASTICO and OmniLedger in terms of latency and throughput according to the presented experimental studies. Monoxide [180] improves the blockchain scalability by generating asynchronous shards, called consensus zones, to maintain independent communication, computation, storage, and memory. It introduces eventual atomicity for cross-shard transactions and proposes the use of Chu-ko-nu mining to disperse mining power and reactivate PoW in a sharded blockchain. Monoxide is subject to the “hot-shard” issue, which was addressed in BrokerChain. BrokerChain [92] is account-based, which achieves fine-grained state partition and account segmentation to improve system throughput.

Distributed ledger systems based on Directed Acyclic Graphs (DAGs) are a type of blockchain that expands the conventional linear chain to a two-dimensional graph structure. The “direct” and “acyclic” respectively indicate a time-based sequence of transactions and the absence of conflicting transactions. There are mainly two types of DAG-based blockchains. The first type uses a DAG vertex to represent a transaction. Examples include IOTA [149], Byteball [49], Swirlds Hashgraph [31], Conflux [114], and DAG-Rider [96]. The second type incorporates DAGs into the traditional blockchain model by allowing blocks to have multiple parents, thus improving performance. Examples of this type include the Inclusive Block Chain Protocol [113], SPECTRE [166], Nano [112], and PHANTOM GHOSTDAG [167].

IOTA Tangle, proposed in 2015, is a DAG-based blockchain with a ledger structure called “Tangle”. In Tangle, each vertex corresponds to a transaction, referencing two previous ones. This means that each vertex has to approve two previous transactions that are selected by the Markov chain Monte Carlo (MCMC) algorithm. To maintain consistency in Tangle, pruning is carried out based on the total weights of each path. Launched in 2016, Byteball (now known as Obyte) presents a unique ledger structure known as the “storage unit”, which holds essential data such as signature, amount, and other information, similar to the transactions in IOTA. However, unlike Tangle’s referencing rules, Byteball incentivizes nodes to reference all earlier vertices using rewards, thus increasing bandwidth usage. Hashgraph is a data structure with multiple parallel transaction chains (called “events”) that are interconnected to each other. Each node manipulates a chain, and the interconnections among chains represent the gossip history among nodes. Recently, Keidar et al. [96] introduced DAG-Rider, the first asynchronous Byzantine atomic broadcast protocol with post-quantum security. It has a two-layer structure and can reduce communication complexity compared to Hashgraph while exploiting cryptographic assumptions for increased safety. Conflux is a scalable and high-throughput blockchain system that maintains a total order for transactions. Conflux consensus protocol operates on a tree-graph to provide fast transaction confirmation. OHIE [198] aims to provide a safe but elegant blockchain system, running multiple parallel instances of the Nakamoto consensus protocol. The consensus process ensures the total order of blocks across all instances. The Inclusive Block Chain Protocol is a pioneer second type DAG-based blockchain, which establishes a formalized blockDAG model. SPECTRE employs a Proof-of-Work (PoW) consensus algorithm and a voting mechanism to determine the order of the blocks in a DAG, thereby guaranteeing consistency. Nano uses a block-lattice, a type of DAG-based ledger in which each account has its own blockchain to track its transactions and balance history. PHANTOM makes further progress towards establishing a robust total order of all transactions by demonstrating that the set of blocks created by honest miners is well-connected. A drawback of PHANTOM is that computing a well-connected set (called the Maximum k-cluster SubDAG) is NP-hard; thus it takes a practical solution using a greedy algorithm called GHOSTDAG.

We divide off-chain techniques into three categories, namely off-chain channels, Blockstack, and Rollup.

The off-chain channel technology is originated from the lightning network [148], a system that allows two users who frequently make transactions with each other to create an off-chain payment channel that only updates the balances between them without recording any transaction on the blockchain. This can improve scalability and lower transaction fees. There are several versions of the lightning network, including LND, c-lightning, and eclair.³ Besides, there have been several off-chain channel developments, including state channels and virtual channels, which offer different features such as versatility, re-balancing, high capacity, and privacy protection [26, 62, 63, 64, 82, 99, 115, 128, 145].

Blockstack [1] offers a layer-2 solution to enhance scalability. It involves the Stacks blockchain (layer 1) and a user-controlled storage system called Gaia (layer 2). Gaia can be hosted on a cloud server or locally, and allows users to create separate storage buckets for different applications. It stores data securely with encryption and signatures, while the Stacks blockchain only stores pointers to the data. One potential drawback of Blockstack is the storage and processing overhead required for cryptographic operations. However, Blockstack claims that the storage overhead is only 5% larger than the original file size, which limits the CPU overhead for reads and writes.

Rollup is a system that aims to improve the efficiency of transactions by compressing multiple transactions into a single package and moving the computation of these transactions off the blockchain, while still keeping all the transaction data on the blockchain. This can improve security and scalability. One type of Rollup, called zk-Rollup [67], uses zero-knowledge proofs to efficiently compress and verify a large number of transactions. zkSync [129] and Loopring [124] are platforms that use zk-Rollup. Another type of Rollup, called Optimistic Rollup [66], assumes that transactions are legitimate unless proven otherwise through the submission of fraud proofs. Optimism [142] and Arbitrum [111] are platforms that employ Optimistic Rollup.

Current cross-chain schemes can be divided into chain-based ones and bridge-based ones.

Chain-based cross-chain schemes refer to those that utilize the chain’s own mechanism without requiring other entities such as sidechains [164] and hashed timelock contracts (HTLC) [148]. A sidechain is a blockchain that is connected to a main blockchain, also known as the master chain. It is considered as a slave chain because it depends on the main chain for its security and functionality. Pegged Sidechain [28] is a technique that enables cross-chain transactions using a two-way peg method. In a symmetrical setting, assets on the main chain can be transferred to a special output that locks the assets and generates a Simplified Payment Verification (SPV) proof for a particular sidechain. Proof-of-Stake Sidechains [79] and Proof-of-Work Sidechains [102] are two alternatives proposed by the same research group for handling cross-chain transactions. They both generalize the definition of sidechains so that cross-chain transfers can be performed between any two chains, not just between parent and child chains. In Proof-of-Work Sidechains, the cross-chain proof required for the cross-transfer is generated using Non-Interactive Proofs of Proof-of-Work (NIPoPoWs), while in Proof-of-Stake Sidechains it is generated using Ad-hoc Threshold Multi-signatures (ATMS).

As a type of chain-based cross-chain scheme, HTLC is originated from Bitcoin’s lightning network and is based on a smart contract with a hash lock and a time lock. The purpose of the hash lock is to lock the corresponding assets in a contract, while the time lock sets a constraint on the locked assets, specifying that the assets can only be withdrawn within a certain time limit, to ensure the atomicity of the scheme. The goal of HTLC is to exchange different blockchain assets between two users across platforms, e.g., exchanging Ether for Bitcoin. MAD-HTLC [177] effectively resists incentive manipulation attacks through its blockchain-based incentive mechanism. XCLAIM [201] reduces HTLC’s strong assumptions such as the requirements for both parties to be online and for clocks to be synchronized. Cross-Channel [85] is the first off-chain channel that supports cross-chain services using a hierarchical structure with a settlement protocol and a fair exchange protocol. Thyagarajan et al. [174] proposed an approach to use VTS (Verifiable Timed Signature) instead of time locks, which makes HTLC no longer dependent on smart contracts, thereby improving universality.

Bridge-based cross-chain schemes require the introduction of a bridge to help the chains interact. Example bridge schemes include notary [73], relay chains, and DPKC (distributed private key control) [34]. A notary scheme, which is popular in the Interledger project, involves finding a trusted third party that both sides of a cross-chain interaction trust, to verify and forward transactions. The implementation of a notary scheme is simple, but it has a single point of failure problem. Yin et al. [197] developed an open, distributed notary cross-chain platform named Bool Network, which combines security hardware (e.g., Intel SGX) and cryptographic technologies (e.g., MPC and NIZK) to ensure security. The relay chain aims to construct a third-party public chain that connects other chains in a blockchain network through a cross-chain message-passing protocol. It essentially redirects transactions from one chain to another through a trusted relay. Cosmos [2] and Polkadot [186] are representative platforms based on the relay chain mechanism. Compared to each other, Cosmos has an advantage in scalability, but Polkadot is more secure. A more detailed introduction to both will be presented in Section 4.2. As a scheme based on Cosmos, zkBridge [188] was proposed in 2022, which employs zero-knowledge proof technology to enhance its system security. DPKC is a cross-chain technology based on secure multi-party computation and threshold keys. It uses nodes in a distributed network to control the private keys of accounts storing digital assets on a blockchain, separates the use rights and ownership of digital assets, and maps the original assets on one chain to another chain, thereby enabling asset exchanges between different blockchain systems. Current example schemes based on DPKC include Fusion [72] and Wanchain [179].

The modular blockchain analytic framework is a general one created for analyzing existing blockchain systems and guiding the design of new ones. This modular framework decouples a blockchain system to facilitate in-depth analysis. As shown in Figure 4, in the network module, the network formation algorithm takes an unstructured network as input and produces a structured blockchain overlay network consisting of blockchain nodes. These nodes run a consensus protocol (consensus module) to agree on who should produce the next block and verify the legitimacy of the new block. The new block is temporarily appended in the distributed ledger (ledger module) after validation, waiting to be confirmed later. The incentive mechanism (incentive module) rewards or penalizes blockchain nodes for maintaining the stability and sustainability of the whole blockchain system.

We use the modular blockchain analytic framework presented above to analyze Bitcoin as an example to provide readers with a guided tour.

Bitcoin is a decentralized payment system that was introduced in 2008 by Satoshi Nakamoto and was launched in early 2009. It operates without a central bank and allows users to freely join in and leave. Bitcoin’s structured blockchain overlay network is formed by a registration process, during which a node can become a miner. The overlay network is therefore “flat”, with miners serving as consensus nodes and having identical functionality. Users can make payments by digitally signing transactions, which are further ordered by miners (satisfying the total order property) and recorded on Bitcoin’s blockchain. Before broadcasting a newly formed block, a miner must solve a hash puzzle to provide proof of work, namely Proof-of-Work (PoW) consensus (a.k.a. Nakamoto consensus). PoW is close to Hashcash, relying on a moderately hard computation [61]. The hash puzzle in Bitcoin requires that the miners find a nonce such that the concatenation of the nonce, the previous hash, the timestamp, and other data in the block header, hashed twice using SHA-256, is smaller than a target value. The idea behind Proof-of-Work is to randomly select a leader with low probability on average, based on computational power, to decide the next block. A block, as a result of the PoW consensus, is appended to the chain of blocks, which is stored on all nodes. Typically, it takes about one hour to confirm a block in Bitcoin. This design preserves the persistence and liveness properties and thus protects Bitcoin from double-spending attacks and Sybil attacks. Bitcoin also has two types of incentive mechanisms: the new block reward and the transaction fee, with the former being offered to miners who create a new valid block, and the latter being included in each transaction to incentivize miners to include the transactions in the next block.

In a nutshell, a node joins the flat Bitcoin network via registration to become either a full node (participating in the consensus process and storing the full blockchain) or a light one (only storing the chain of block headers). A miner, as a consensus node, runs the PoW consensus algorithm to compete for the right of constructing the next block. A new block is appended to the current blockchain after being verified by all miners and later confirmed into the chain. Bitcoin adopts two incentive mechanisms to promote consensus. The distributed ledger of Bitcoin is precisely a chain of blocks.

In the following sections, we delve into each of the framework’s key modules.

In 1994, Nick Szabo proposed the concept of smart contracts as computerized protocols that execute complex term structures in a standardized contract. This idea was revisited with the emergence of cryptocurrencies. Bitcoin allows for the use of a script, which is a stack-based language that extends the capabilities of the Bitcoin protocol [23, 35, 110]. However, the Bitcoin script has limitations in its ability to support sophisticated protocols due to its lack of Turning completeness and fine-grained manipulations. Specifically, scripts are inefficient in computing loops and not user-friendly for programmers. Additionally, a script only supports a coarse-grained manipulation of the variables, so fine-grained and multi-stage state transitions are not possible [43]. To address these issues, blockchain systems such as Ethereum, Ripple, Hyperledger, Arbitrum, and Enigma, come with smart contracts that use turning-complete languages⁵ and virtual machines.

Ethereum, which was launched in 2015, has an exciting module called the Ethereum Virtual Machine (EVM), which is a turning-complete machine that provides a runtime environment for smart contracts. A piece of EVM code is a set of bytecode instructions that can be run on an EVM to change the state of the Ethereum network (regarded as a large state machine). The cost of any computation on the EVM is universally determined by pre-defined formulas in units of gas. For example, adding two 64-bit integers costs 100 gas. Ether is the currency used in the Ethereum network to buy gas and pay for computation efforts. A state in Ethereum is made up of accounts that contain a nonce, ether balance, contract code, and storage. Accounts can be either externally owned or contract accounts. Externally owned accounts do not have code and are used to show balance and issue transactions, while contract accounts have code and control local storage. This allows Ethereum to extend the capabilities of distributed payment systems to a distributed computing platform, but it also introduces new problems and challenges. The EVM and the sophisticated smart contracts lead to new security issues, as exemplified by the DAO hack, in which 97% of ETH holders reached a consensus to hard fork and undo the theft of about 1.5 million ether. Additionally, Ethereum’s proof-of-work (PoW)-based consensus algorithm and fee schedule policy make it expensive to run large computations due to the high gas cost. As a result, applications based on Ethereum are limited by their performance. To address these issues, Ethereum is switching to a proof-of-stake (PoS)-based consensus algorithm.

Arbitrum makes use of a virtual machine (VM) to implement smart contracts and an incentive mechanism to reach an agreement off-chain regarding what the VM should do. This addresses the miners’ free-riding issue due to the high cost of computation for verification and the possibility of a greedy miner consuming others’ execution time for profit by including a transaction with a heavy workload. An alternative solution is to implement a participation game like TrueBit, but this can lead to the risk of a participant launching a Sybil attack by registering multiple verifier identities. The Enigma protocol [4] offers secret smart contracts programmed in Rust and running on a modified Ethereum Virtual Machine. These smart contracts protect information from the public by encrypting inputs and outputs. Only the application user can execute the contract, and the workload is assigned to a worker node that computes using a modified Web Assembly interpreter (WASMI) running in a Trusted Execution Environment (TEE). The TEE protects the computation process and provides a trusted cryptographic proof as an evidence of a successful completion and verification of the task and its results.

There are ways to improve the efficiency of smart contracts. One of these methods is implemented by Saber, which employs parallel and asynchronous executions to scale smart contracts, as discussed in the article by Liu et al. [121]. By separating the consensus and execution processes, Saber can delegate resource-intensive execution tasks to multiple execution nodes that can work in parallel. Additionally, the nodes can collaborate asynchronously to execute complicated transactions in a non-blocking manner. The latency-first smart contract is a method that optimistically accepts committed transactions during high-demand periods, allowing users to complete the verification of the transactions when the blockchain is in low demand [150]. This approach reduces latency by temporarily overclocking the system, improving efficiency, and freeing up resources for other transactions.

Zero-knowledge proof (ZKP) is a protocol through which a prover can convince a verifier that it knows a value without revealing any related information. ZKP can be beneficial for blockchain systems in two ways: hiding sensitive information to protect user privacy, such as identity and privacy-preserving transactions, and simplifying the verification process to improve efficiency, for example, by using a ZKP-based authentication.

ZKP has been implemented in several popular blockchain systems. Zerocoin [131] and Zerocash [159] (the corresponding implementation is Zcash [90]) employ ZKP to provide anonymity guarantees by preventing transaction graph analysis. Zerocash allows users to send anonymous transactions with hidden amounts and reduces the size and verification time of transactions. Quorum, a blockchain platform developed by J.P. Morgan, supports private smart contracts with hidden business logic and uses ZKP to address double-spending attacks through the Zero-knowledge Security Layer (ZSL). Hyperledger Fabric uses ZKP for anonymous authentication through its Identity Mixer and for privacy-preserving asset exchanges through Zero-Knowledge Asset Transfer (ZKAT). Monero [10] is a privacy-focused blockchain system that uses a UTXO model and employs ring signatures [155] and Bulletproofs [42] to protect the privacy of both participants and transaction amounts. Solidus [45] is a blockchain system that follows the account model and is suitable for confidential transactions on public blockchains. It uses Generalized Schnorr Proofs to achieve public verification of on-chain transactions. zkLedger [139] is a blockchain system specifically designed for banks, which supports private transactions and public auditing using Schnorr-type non-interactive zero-knowledge proofs. BlockMaze [83] is a blockchain system based on the account model rather than the UTXO model, and uses the zero-knowledge balance and zk-SNARKs to hide transaction amounts and relationships. zkRollup is a layer 2 scaling solution based on zero-knowledge proofs, which performs complex calculations and proof generations off-chain while verifing proofs and storing partial data on-chain to ensure data availability.

Trusted hardware components have been utilized in blockchains to enhance security and facilitate new designs. The meaning of trusted components is broad and contentious. This article mainly focuses on two major trusted hardware solutions: Trusted Platform Module (TPM) and Trusted Execution Environment (TEE). TPM is a hardware component with a rigid definition and exclusive implementation by the ISO and the Trusted Computing Group (TCG). It is physically isolated from the rest of a system and performs specific cryptographic computations without allowing any internal programming or modification. TEE (e.g., Intel SGX, Arm TrustZone) is an area on a chipset that provides secure computation services similar to TPM, but developers can program the exact implementation.

The following studies have employed TPM and TEE. Hardjono and Smith [87] made use of Enhanced Privacy ID (EPID) TPM to enable anonymous identities in permissioned blockchains. Smith et al. [165] employed a TPM secure boot module to build a secure blockchain client that can verify and add external ledger transactions. Jesus [94] used a virtual TPM to create a root-of-trust in a blockchain system. Milutinovic et al. [133] took Intel SGX to create a secure Proof of Luck Consensus Protocol as an alternative to Proof-of-Work. Lind et al. [117] made use of Intel SGX to develop an off-chain payment protocol for efficient, secure, and scalable fund transfers on top of a blockchain. Liu et al. [119] introduced a framework that extends trust from on-chain to off-chain. This framework involves a system that uses sensors connected to TEE to continuously monitor the environment and generate anti-forgery data. It also includes a consistency protocol that allows the environment status data to be uploaded from the TEE system to the blockchain in a way that is truthful, real-time, and fault-tolerant. Ayoade et al. [27] employed TEE to verify the integrity of local data storage for decentralized IoT data management.

The first application of blockchain is the decentralized cryptocurrency, namely Bitcoin. Since then, thousands of alternatives to Bitcoin (called altcoins) and other cryptocurrencies appear in the market. Figure 8 shows the market capitalization distribution of 20,539 cryptocurrencies as of August 11, 2022.⁶ It’s worth noting that many cryptocurrencies are not just employed for exchanging money but also have a wide range of other uses. In the following examples, we focus on their role as cryptocurrencies.

Litecoin [9] is a cryptocurrency that makes use of Scrypt encryption instead of Bitcoin’s SHA-256 to make it resistant to ASIC mining. Dogecoin [3] is based on Litecoin but has higher block rewards, an uncapped supply (leading to inflation), and lightweight blocks that only contain TXIDs. Litecoin and Dogecoin have block confirmation rates of 2.5 minutes and 1 minute, respectively. Namecoin [12] is the first cryptocurrency that is based on a fork of Bitcoin and introduces a decentralized naming service. It also brought into being the concept of merged mining, which allows a miner to work on multiple blockchains at the same time. Peercoin is the first cryptocurrency employing a hybrid consensus algorithm that combines Proof-of-Work (PoW) and Proof-of-Stake (PoS), and Nxt is the first cryptocurrency to use a pure PoS consensus algorithm. In 2015, Ethereum introduced the Ether cryptocurrency, which is used to pay for “gas”, or the computation needed to perform transactions and run smart contracts. Binance [38], a cryptocurrency exchange platform, was founded in 2017 and introduced the Binance Coin (BNB) cryptocurrency. In 2018, the EOS cryptocurrency was created by block.one and has been used on the EOSIO platform.

Non-fungible tokens (NFTs) are digital ownership records that are stored on a blockchain. They are similar to conventional proof-of-purchase documents, such as paper invoices or electronic receipts. NFTs can trace ownership information, which also ensures the authenticity and rarity of digital works [37]. The first project similar to NFT is Colored Coin [185], which was created in 2012 and could represent various assets such as property, coupons, and company shares. After the development of several years, the market potential of NFTs began to show and experienced a breakthrough in 2021. According to Dappradar, the volume of NFT trades in Q3 2021 was almost $10.7 billion, a 704% increase from the previous quarter. The volume of NFT trades for the entire year of 2021 exceeded $23 billion [52]. There are currently many NFT trading platforms, including OpenSea [141], SuperRare [107], and Foundation [74], with more emerging as time goes.

Web 3.0 is a decentralized web that is not controlled by any platform owner, but instead empowers content creators by giving them the ownership of their work and the corresponding rewards. This is made possible by utilizing blockchain as the foundation for Web 3.0’s token economy. In recent years, there has been a emergence of blockchain-based works aimed at enhancing the efficiency, optimizing costs, and improving security of Web 3.0. Lin et al. [116] proposed a blockchain-semantic framework for Web 3.0 to improve interaction efficiency in the field of wireless edge intelligence. Doe et al. [56] proposed an incentive mechanism to increase the sustainability of blockchain in Web 3.0. Xu et al. [192] introduced a framework based on quantum blockchain to improve the security of Web 3.0. The idea of a metaverse, which seeks to merge the real and virtual worlds, has attracted a lot of interest, but security and privacy concerns present significant obstacles to its realization. Metaverses utilize various techniques, each with its own vulnerabilities, which make them vulnerable to various attacks. However, blockchain has emerged as a crucial component of metaverses, offering tamper-resistant decentralized ledgers that enable transparent and trustworthy computing environments. Yang et al. [196] discussed how blockchain and Artificial Intelligence (AI) fuse with the metaverse. Gai et al. [76] introduced a multi-signature lock system based on blockchain technology to improve the security of access controls within the metaverse. Xu et al. [189] explored the potential of blockchain in the metaverse, and proposed an innovative trustless architecture for a blockchain-enabled metaverse. Cheng et al. [48] introduced an adaptive and modular blockchain-enabled architecture designed for decentralized metaverses.

Trusted Computing is a concept that was first introduced by the Trusted Computing Group (TCG) to address computer security problems through hardware enhancements and associated software modifications. Various similar concepts have been proposed, including trusted systems and trustworthy systems. A trusted blockchain-enabled computing environment can provide trusted computation, storage, and access control services to all users, with the aid of cryptographic primitives such as Multi-Party Computation (MPC), Functional Encryption (FE), Verifiable Computing (VC), Homomorphic Encryption (HE), and Verifiable Storage (VS).

Trusted computation is a popular and significant area in the field of blockchain technologies. The work in [4] makes use of secure multi-party computation along with a verifiable secret-sharing scheme to share and compute user data without compromising privacy. The scheme in [152] combines a lossy compression scheme with MPC to achieve scalability in blockchain-enabled secure computing. Andrychowicz et al. [24] specifically designed an MPC scheme to be used on the Bitcoin blockchain, along with Bitcoin transaction scripts to emulate a smart-contract-like secure logic on Bitcoin, which can be used for secure online gambling or decentralized autonomous organizations (DAOs). Federated learning and decentralized learning employ blockchain technologies to ensure the correctness and accuracy of the trained models when nodes may be faulty [183, 195].

In addition to trusted computations, secure storage in the context of blockchain technologies is another popular topic. Filecoin is a decentralized storage platform that employs its own cryptocurrency to facilitate the buying and selling of storage spaces. The Filecoin network is built on top of the InterPlanetary File System (IPFS), a peer-to-peer protocol for file sharing and storage. Filecoin aims to provide a more efficient and cost-effective alternative to traditional cloud storage services by allowing users to access unused storage capacity on devices around the world. FileDAG [84] is a decentralized storage network that takes a blockchain-based DAG for file-level deduplication and efficient updates. It stores only changes made to a file, if the file exists in the system, and employs a two-layer DAG-based blockchain for flexible and storage-saving file indexing. FileDAG outperforms other DSNs in terms of storage cost and latency. Zyskind et al. [209] combined blockchain and off-blockchain storage to build a personal data management platform that focuses on preserving user privacy. They also added an MPC-enabled protocol for secure post-storage processing. Kishigami et al. [105] studied a blockchain-enabled digital rights management (DRM) scheme for secure digital content distribution. Dubovitskaya et al. [59] proposed a blockchain-enabled system for securely and easily sharing patient electronic medical records (EMRs).

Current access control schemes for IoT devices are mainly based on authorization, and the majority lack accountability for access activities. This implies that once an access is granted, it is technically unlimited for a wide time span, with no restrictions. Such a mechanism grants an unlimited access privilege to the device’s access server in stead of its owner by the device manufacturer, resulting in growing concerns in recent years. To address this issue, Tokoin [120] instantiates the access power into accountable cryptographic assets. This shifts the access control scheme from an unlimited, authorization-based approach to an accountable, activity-based one, allowing device owners to have confidence that only the desired access takes place, and all access activities are audited.

Blockchain technologies have the potential to improve the Internet of Things (IoT) in two ways. First, the decentralized and distributed nature of blockchain networks makes them well-suited for IoT. Currently, most IoT networks are centralized, which makes them vulnerable to single points of failures and can lead to increased communication latency as the number of devices grows. By contrast, a decentralized and distributed network topology could lead to a more efficient, automated, and self-governed IoT network. Second, blockchain technologies can address a number of security and privacy issues that remain unsolved using traditional methods. Its properties of immutability, traceability, and audibility make it well-suited for improving security and privacy of IoT networks. However, integrating IoT and blockchain is challenging due to the resource constraints of IoT devices, the complexity of managing heterogeneous devices and big data, and the scalability of blockchain systems. Below are some notable solutions to these challenges.

Dorri et al. [57] proposed an optimized hierarchical architecture that combines a centralized private Immutable Ledger (IL) with a decentralized blockchain to reduce overhead and increase trust. This architecture was implemented in the context of a smart home. Huh et al. [93] connected IoT devices to an Ethereum network for managing the devices. Novo [140] addressed the issue of access management for IoT devices by having them interact with an Ethereum network through a management hub. Curb [193] is a group-based SDN control plane that smoothly integrates blockchain and BFT consensus on edge, and supports dependable flow rule updates and adaptable controller reassignment. Liu et al. [118] used a blockchain network to address the problem of verifying the integrity of IoT data. Ouaddah et al. [143] proposed a theoretical framework for privacy-preserving access control in IoT networks. DistBlockNet [163] is an IoT architecture that combines Software Defined Networking (SDN) and blockchain technology to provide protection and mitigate attacks. For more solutions, we recommend surveys such as [21], which covers the use of blockchain in IoT, [153] and [144], which focus on the integration of blockchain and IoT, and [100] and [58], which address IoT security and privacy.

Blockchain was originally developed to create a decentralized cryptocurrency called Bitcoin. However, it has many features that make it well-suited for creating a secure and distributed ledger of digital assets, which has led to an interest in adopting it to improve various industries beyond cryptocurrency. The supply chain industry is one that has the potential to benefit from blockchain technologies in many ways, particularly in improving trust through decentralization, traceability, transparency, and immutability. There have been a number of studies on using blockchain in supply chain, which have focused on both general problems and specific questions within the supply chain.

The study in [109] systematically examines the ways in which blockchain can be used in supply chain and how it affects supply chain management objectives such as cost, quality, speed, dependability, risk reduction, sustainability, and flexibility. Kim and Laskowski [103] proposed an ontology-driven approach to modeling the use of blockchain in supply chain. This approach employs both informal ontologies to improve blockchain development and business practices, and formal ontologies to aid in the creation of smart contracts. Korpela et al. [108] investigated the process and data integration with blockchain technologies in supply chain. Saberi et al. [157] discussed how blockchain can enhance the sustainability (economic, environmental, and social performance) of supply chain. Hackius and Petersen [86] conducted a survey on the benefits of blockchain technologies for both supply chain management and logistics industries.

There are several industries in which their supply chains have the potential to be transformed by blockchain technologies, including manufacturing, agriculture, food, and shipping. For example, the potential benefits of using blockchain in the manufacturing supply chain have been analyzed in [18], and a scheme for using blockchain in the agri-food supply chain was proposed in [175]. Companies such as IBM, Deloitte, Corda, and Consensys have been working on transforming traditional supply chains with blockchain technologies.