Search Results (94)

This study proposes an privacy-protection method for blockchain transactions based on lightweight homomorphic encryption, aiming to ensure the security of transaction data and user privacy, and improve transaction efficiency. We have built a blockchain infrastructure and, based on its structural characteristics, adopted zero-knowledge proof technology to verify the legitimacy of data, ensuring the authenticity and accuracy of transactions from the application end to the smart-contract end. On this basis, the Paillier algorithm is used for key generation, encryption, and decryption, and intelligent protection of blockchain transaction privacy is achieved through a secondary encryption mechanism. The experimental results show that this method performs well in privacy and security protection, with a data leakage probability as low as 2.8%, and can effectively defend against replay attacks and forged-transaction attacks. The degree of confusion remains above 0.9, with small fluctuations and short running time under different key lengths and moderate CPU usage, achieving lightweight homomorphic encryption. This not only ensures the security and privacy of transaction data in blockchain networks, but also reduces computational complexity and resource consumption, better adapting to the high-concurrency and low-latency characteristics of blockchain networks, thereby ensuring the efficiency and real-time performance of transactions. Full article

Authentication is a crucial security service on the Internet. In real-world applications, multiple independent trust domains often exist, with each recognizing only certain identities within their own systems. During cross-domain access, users cannot directly use their original certificates, which presents a cross-domain authentication problem. Traditional centralized schemes typically employ a trusted third party (TTP) to facilitate the transfer of identity trust across domains. These schemes inevitably inherit the vulnerabilities associated with single points of failure. In contrast, blockchain-based decentralized schemes effectively eliminate the potential threats posed by TTPs. However, the openness and transparency of the blockchain also bring new security issues, such as privacy leakage. In this paper, we propose a zk-SNARK-based anonymous scheme on the blockchain for cross-domain authentication. Specifically, our scheme adopts an authorization-then-proof structure, which strikes a delicate balance between anonymity and revocability. We provide theoretical proofs for the security of our scheme and explain how it achieves proactive revocability. Experimental evaluation results demonstrated that our scheme is both secure and efficient, and the revocation could be accomplished by introducing only 64 bytes of on-chain storage with one hash comparison. Full article

Zero-knowledge proofs have emerged as a powerful tool for enhancing privacy and security in blockchain applications. However, the efficiency and scalability of proof systems remain a significant challenge, particularly in the context of Merkle tree inclusion proofs. Traditional proof aggregation techniques based on AND logic suffer from a high verification complexity and data communication overhead, limiting their practicality for large-scale applications. In this paper, we propose a novel proof aggregation approach based on OR logic, which enables the generation of compact and universally verifiable proofs for Merkle tree inclusion. By adapting and extending the concept of OR composition from Sigma protocols, we achieve a proof size that is independent of the number of leaves in the tree, and verification can be performed using any single valid leaf hash. This represents a significant improvement over AND aggregation, which requires the verifier to process all leaf hashes. We formally define the OR aggregation logic; describe the process of generating universal proofs; and provide a comparative analysis that demonstrates the advantages of our approach in terms of proof size, verification data, and universality. Furthermore, we discuss the potential of combining OR and AND aggregation logics to create complex acceptance functions, enabling the development of expressive and efficient proof systems for various blockchain applications. The proposed techniques have the potential to significantly enhance the scalability, efficiency, and flexibility of zero-knowledge proof systems, paving the way for more practical and adaptive solutions in large-scale blockchain ecosystems. Full article

This study examines the issues of privacy protection, data security, and query efficiency in blockchain-based electronic medical record (EMR) sharing. It proposes a secure storage and sharing scheme for EMR based on Hyperledger Fabric and the InterPlanetary File System (IPFS). To mitigate the privacy risks of data mining that could reveal patient identities, we establish an attribution channel in Hyperledger Fabric to store EMR ownership information and a data channel to store the storage location, digest, and usage records of medical data. Encrypted medical data are stored in the IPFS. To improve query efficiency in the blockchain, we integrate queryable medical data attributes into a composite key for conditional queries, avoiding complex data filtering processes. Additionally, we use a zero-knowledge proof combined with smart contracts for decentralized identity verification, eliminating reliance on third-party centralized verification services and enhancing system security. We also integrate AES and proxy re-encryption techniques to ensure data security during sharing. This scheme provides a more secure, efficient, and privacy-preserving approach for EMR systems, with significant practical implications and broad application potential. Full article

With the continuous advancement of information technology, a growing number of works, including articles, paintings, and music, are being digitized. Digital content can be swiftly shared and disseminated via the Internet. However, it is also vulnerable to malicious plagiarism, which can seriously infringe upon the rights of creators and dampen their enthusiasm. To protect creators’ rights and interests, a sophisticated method is necessary to authenticate digital intellectual property rights. Traditional authentication methods rely on centralized, trustworthy organizations that are susceptible to single points of failure. Additionally, these methods are prone to network attacks that can lead to data loss, tampering, or leakage. Moreover, the circulation of copyright information often lacks transparency and traceability in traditional systems, which leads to information asymmetry and prevents creators from controlling the use and protection of their personal information during the authentication process. Blockchain technology, with its decentralized, tamper-proof, and traceable attributes, addresses these issues perfectly. In blockchain technology, each node is a peer, ensuring the symmetry of information. However, the transparent feature of blockchains can lead to the leakage of user privacy data. Therefore, this study designs and implements an Ethereum blockchain-based intellectual property authentication scheme with privacy protection. Firstly, we propose a method that combines elliptic curve cryptography (ECC) encryption with digital signatures to achieve selective encryption of user personal information. Subsequently, an authentication algorithm based on Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) is adopted to complete the authentication of intellectual property ownership while encrypting personal privacy data. Finally, we adopt the InterPlanetary File System (IPFS) to store large files, solving the problem of blockchain storage space limitations. Full article

The Internet of Vehicles (IoV) connects an isolated individual on the road to share information, which can improve traffic efficiency. However, the promotion of information sharing brings the critical security issues of identity authentication, followed by privacy protection issues in the authentication process in the IoV. In this study, we designed a blockchain-based conditional privacy-preserving authentication scheme for the IoV (BPA). Our scheme implements zero-knowledge proof (ZKP) to verify the identities of vehicles, which moves the authentication process down to the Roadside Units (RSUs) and achieves decentralized authentication at the edge nodes. Moreover, blockchain technology is utilized to synchronize a consistent ledger across all RSUs for recording and disseminating vehicle authentication states, which enhances the overall authentication process efficiency. We provide a theoretical analysis asserting that the BPA ensures enhanced security and effectively protects the privacy of all participating vehicles. Experimental evaluations confirm that our scheme outperforms existing solutions in terms of the computational and communication overhead. Full article

Edge computing provides higher computational power and lower transmission latency by offloading tasks to nearby edge nodes with available computational resources to meet the requirements of time-sensitive tasks and computationally complex tasks. Resource allocation schemes are essential to this process. To allocate resources effectively, it is necessary to attach metadata to a task to indicate what kind of resources are needed and how many computation resources are required. However, these metadata are sensitive and can be exposed to eavesdroppers, which can lead to privacy breaches. In addition, edge nodes are vulnerable to corruption because of their limited cybersecurity defenses. Attackers can easily obtain end-device privacy through unprotected metadata or corrupted edge nodes. To address this problem, we propose a metadata privacy resource allocation scheme that uses searchable encryption to protect metadata privacy and zero-knowledge proofs to resist semi-malicious edge nodes. We have formally proven that our proposed scheme satisfies the required security concepts and experimentally demonstrated the effectiveness of the scheme. Full article

Decentralized Identifiers have recently expanded into Internet of Things devices and are crucial in securing users’ digital identities and data. However, Decentralized Identifiers face challenges in scenarios necessitating authority delegation and anonymity, such as when dealing with legal guardianship for minors, device loss or damage, and specific medical contexts involving patient information. This paper aims to strengthen data sovereignty within the Decentralized Identifier system by implementing a secure authority delegation and anonymity scheme. It suggests optimizing verifiable presentations by utilizing a sequential aggregate signature, a Non-Interactive Zero-Knowledge Proof, and a Merkle tree to prevent against linkage and Sybil attacks while facilitating delegation. This strategy mitigates security risks related to delegation and anonymity, efficiently reduces the computational and verification efforts for signatures, and reduces the size of verifiable presentations by about 1.2 to 2 times. Full article

In virtual power plants, diverse business scenarios involving user data, such as queries, transactions, and sharing, pose significant privacy risks. Traditional attribute-based encryption (ABE) methods, while supporting fine-grained access, fall short of fully protecting user privacy as they require attribute input, leading to potential data leaks. Addressing these limitations, our research introduces a novel privacy protection scheme using zero-knowledge proof and distributed attribute-based encryption (DABE). This method innovatively employs Merkel trees for aggregating user attributes and constructing commitments for zero-knowledge proof verification, ensuring that user attributes and access policies remain confidential. Our solution not only enhances privacy but also fortifies security against man-in-the-middle and replay attacks, offering attribute indistinguishability and tamper resistance. A comparative performance analysis demonstrates that our approach outperforms existing methods in efficiency, reducing time, cost, and space requirements. These advancements mark a significant step forward in ensuring robust user privacy and data security in virtual power plants. Full article

To address the challenge of balancing privacy protection with regulatory oversight in blockchain transactions, we propose a regulatable privacy protection scheme for blockchain transactions. Our scheme utilizes probabilistic public-key encryption to obscure the true identities of blockchain transaction participants. By integrating commitment schemes and zero-knowledge proof techniques with deep learning graph neural network technology, it provides privacy protection and regulatory analysis of blockchain transaction data. This approach not only prevents the leakage of sensitive transaction information, but also achieves regulatory capabilities at both macro and micro levels, ensuring the verification of the legality of transactions. By adopting an identity-based encryption system, regulatory bodies can conduct personalized supervision of blockchain transactions without storing users’ actual identities and key data, significantly reducing storage computation and key management burdens. Our scheme is independent of any particular consensus mechanism and can be applied to current blockchain technologies. Simulation experiments and complexity analysis demonstrate the practicality of the scheme. Full article

Priced oblivious transfer (POT) is a cryptographic protocol designed for privacy-preserving e-commerce of digital content. It involves two parties: the merchant, who provides a set of priced items as input, and a customer, who acquires one of them. After the protocol has run, the customer obtains the item they chose, while the merchant cannot determine which one. Moreover, the protocol guarantees that the customer gets the content only if they have paid the price established by the merchant. In a recent paper, the authors proposed a POT system where the payments employed e-coin transactions. The strong point of the proposal was the absence of zero-knowledge proofs required in preceding systems to guarantee the correctness of payments. In this paper, we propose a novel e-coin-based POT system with a fast item retrieval procedure whose running time does not depend on the number of items for sale. This is an improvement over the aforementioned existing proposal whose execution time becomes prohibitively long when the catalog is extensive. The use of zero-knowledge proofs is neither required. Full article

With the rapid development of the Internet of Things (IoT), ensuring secure communication between devices has become a crucial challenge. This paper proposes a novel secure communication solution by extracting wireless channel state information (CSI) features from IoT devices to generate a device identity. Due to the instability of the wireless channel, the CSI features are fuzzy and time-varying; thus, we a employ locally sensitive hashing (LSH) algorithm to ensure the stability of the generated identity in a dynamically changing wireless channel environment. Furthermore, zero-knowledge proofs are utilized to guarantee the authenticity and effectiveness of the generated identity. Finally, the identity generated using the aforementioned approach is integrated into an IBE communication scheme, which involves the fuzzy extraction of channel state information from IoT devices, stable identity extraction for fuzzy IoT devices using LSH, and the use of zero-knowledge proofs to ensure the authenticity of the generated identity. This identity is then employed as the identity information in identity-based encryption (IBE), constructing the device’s public key for achieving confidential communication between devices. Full article

In the rapidly evolving landscape of industrial ecosystems, Industrial IoT networks face increasing security challenges. Traditional security methods often struggle to protect these networks adequately, posing risks to data integrity, confidentiality, and access control. Our research introduces a methodology that leverages blockchain technology to enhance the security and trustworthiness of IoT networks. This approach starts with sensor nodes collecting and compressing data, followed by encryption using the ChaCha20-Poly1305 algorithm and transmission to local aggregators. A crucial element of our system is the private blockchain gateway, which processes and classifies data based on confidentiality levels, determining their storage in cloud servers or the Interplanetary File System for enhanced security. The system’s integrity and authenticity are further reinforced through the proof of authority consensus mechanism. This system employs Zero Knowledge Proof challenges for device authorization, optimizing data retrieval while maintaining a delicate balance between security and accessibility. Our methodology contributes to mitigating vulnerabilities in Industrial IoT networks and is part of a broader effort to advance the security and operational efficiency of these systems. It reflects an understanding of the diverse and evolving challenges in IoT security, emphasizing the need for continuous innovation and adaptation in this dynamic field. Full article

To address the complexities, inflexibility, and security concerns in traditional data sharing models of the Industrial Internet of Things (IIoT), we propose a blockchain-based data sharing and privacy protection (BBDSPP) scheme for IIoT. Initially, we characterize and assign values to attributes, and employ a weighted threshold secret sharing scheme to refine the data sharing approach. This enables flexible combinations of permissions, ensuring the adaptability of data sharing. Subsequently, based on non-interactive zero-knowledge proof technology, we design a lightweight identity proof protocol using attribute values. This protocol pre-verifies the identity of data accessors, ensuring that only legitimate terminal members can access data within the system, while also protecting the privacy of the members. Finally, we utilize the InterPlanetary File System (IPFS) to store encrypted shared resources, effectively addressing the issue of low storage efficiency in traditional blockchain systems. Theoretical analysis and testing of the computational overhead of our scheme demonstrate that, while ensuring performance, our scheme has the smallest total computational load compared to the other five schemes. Experimental results indicate that our scheme effectively addresses the shortcomings of existing solutions in areas such as identity authentication, privacy protection, and flexible combination of permissions, demonstrating a good performance and strong feasibility. Full article

Elliptic curve cryptography is a widely deployed technology for securing digital communication. It is the basis of many cryptographic primitives such as key agreement protocols, digital signatures, and zero-knowledge proofs. Fast elliptic curve cryptography relies on heavily optimised modular arithmetic operations, which are often tailored to specific micro-architectures. In this article, we study and evaluate optimisations of the popular elliptic curve Curve25519 for ARM processors. We specifically target the ARM NEON single instruction, multiple data (SIMD) architecture, which is a popular architecture for modern smartphones. We introduce a novel representation for 128-bit NEON SIMD vectors, optimised for SIMD parallelisation, to accelerate elliptic curve operations significantly. Leveraging this representation, we implement an extended twisted Edwards curve Curve25519 back-end within the popular Rust library “curve25519-dalek”. We extensively evaluate our implementation across multiple ARM devices using both cryptographic benchmarks and the benchmark suite available for the Signal protocol. Our findings demonstrate a substantial back-end speed-up of at least 20% for ARM NEON, along with a noteworthy speed improvement of at least 15% for benchmarked Signal functions. Full article