Merkle Tree Research Articles

Fine‐grained assured insertion and deletion scheme based on onion encryption in cloud storage

SummaryWith the current explosion of data volume and the rapid development of cloud computing, cloud storage is one of the most important services of cloud computing. It greatly reduces the cost of users and improves the convenience of use, but the separation of data control and ownership has led to a series of security problems. This article proposes a fine‐grained assured deletion scheme based on onion encryption (ADOE) to ensure the security of user data and achieve assured deletion of data. In the past, the solution was limited by the credibility of the third party, and due to the limitation of the administrator's computing power, there would be a window period for processing high concurrency. In this article, the third party is abandoned, and most of the work is handed over to the CSP. Through multilayer encryption of data and role‐based access control, flexible and fine‐grained access and deletion are realized. At the same time, with this scheme, Merkle hash tree (MHT) is improved, and a new data verification structure Merkle index hash tree (MIHT) is designed to quickly retrieve data blocks and provide deletion proof. Finally, through experimental comparison and theoretical demonstration, it is proved that ADOE is a safe, efficient, and usable solution.

Zero-knowledge proofs for set membership: efficient, succinct, modular

We consider the problem of proving in zero knowledge that an element of a public set satisfies a given property without disclosing the element, i.e., for some u, “u in S and P(u) holds”. This problem arises in many applications (anonymous cryptocurrencies, credentials or whitelists) where, for privacy or anonymity reasons, it is crucial to hide certain data while ensuring properties of such data. We design new modular and efficient constructions for this problem through new commit-and-prove zero-knowledge systems for set membership, i.e. schemes proving u in S for a value u that is in a public commitment c_u. We also extend our results to support non-membership proofs, i.e. proving u notin S. Being commit-and-prove, our solutions can act as plug-and-play modules in statements of the form “u in S and P(u) holds” by combining our set (non-)membership systems with any other commit-and-prove scheme for P(u). Also, they work with Pedersen commitments over prime order groups which makes them compatible with popular systems such as Bulletproofs or Groth16. We implemented our schemes as a software library, and tested experimentally their performance. Compared to previous work that achieves similar properties—the clever techniques combining zkSNARKs and Merkle Trees in Zcash—our solutions offer more flexibility, shorter public parameters and 3.7 times –30times faster proving time for a set of size 2^{64}.

Space-Efficient Storage Structure of Blockchain Transactions Supporting Secure Verification

The rapid growth of the blockchain size is a major bottleneck hindering its implementations in data-heavy applications. Current efforts improve the distributed storage ways and transactions' storage mechanisms of blockchain, however, the blockchain distribution and integrity are destroyed. Simplified Payment Verification (SPV) is closely related to blockchain storage, but the current solutions did not explore the privacy-preserving SPV. In this paper, we propose a new storage structure for blockchain transactions, called Coloring Index (CI), to reduce the blockchain's space occupation. Specifically, we devise an index building algorithm to simply calculate the indices of transactions for the sake of information concealing. By improving the Coloring Embedder for multi-sets query, we can store the indices into the Coloring Embedder to achieve the structured storage of transactions with small space occupation. Using CI, SPV query proceeds without revealing the user's address, thereby achieving secure data sharing in applications such as the intelligent vehicles' communications and distributed IoT. We prove CI's security against malicious full nodes when establishing possible connections between the address and the user. The experiments show that blockchain systems using our CI store one time more transactions than Merkle tree and half more than Bloom filter.

Blockchain-Based Distributed Computing Consistency Verification for IoT Mobile Applications

The maturation of wireless connectivity, blockchain (distributed ledger technologies), and intelligent systems has fostered a comprehensive ecosystem for the Internet of Things (IoT). However, the growing volume of data generated by IoT devices creates substantial pressure on blockchain storage and computation capabilities, impeding the further development of the IoT ecosystem. Decentralizing data storage across multiple chains and utilizing cross-chain technology for data exchange eliminates the need for expensive centralized infrastructure, lowers data transfer costs, and improves accessibility. Hence, the issue of computational and storage pressure in blockchain can be improved. Nonetheless, the data of IoT devices are constantly updating, and ensuring consistency for dynamic data across heterogeneous chains remains a significant challenge. To address the aforementioned challenge, we propose a blockchain-based distributed and lightweight data consistency verification model (BDCA), which leverages a batch verification dynamic Merkle hash tree (BV-MHT) and an advanced gamma multi-signature scheme (AGMS) to enable consistent verification of dynamic data while ensuring secure and private data transmission. The AGMS scheme is reliable and robust based on security analysis while the dependability and consistency of BDCA are verified through inductive reasoning. Experimental results indicate that BDCA outperforms CPVPA and Fortress in communication and computation overhead for data preprocessing and auditing in a similar condition, and the AGMS scheme exhibits superior performance when compared to other widely adopted multi-signature schemes such as Cosi, BLS, and RSA. Furthermore, BDCA provides up to 99% data consistency guarantees, demonstrating its practicality.

A blockchain-based cloud forensics architecture for privacy leakage prediction with cloud

Digital forensics has intelligently evolved into cloud forensics, which protects against cybercrime. However, centralized evidence gathering and maintenance reduces the credibility of digital evidence. This article suggests a unique digital forensic architecture for the Infrastructure as a Service (IaaS) cloud combining rapidly expanding Software Defined Networking (SDN) and Blockchain technologies to address this serious issue. Blockchain helps to store the gathered evidence, which means it is shared among many peers in the proposed forensic architecture. The Secure-Ring-Verification-based Authentication (SRVA) technique is recommended to ensure security from suspicious accounts. The Harmony Search Optimization (HSO) technique helps to produce secret keys that strengthen the cloud environment. Depending on their level of sensitivity, all information is encrypted and kept on a cloud server. Sensitive Aware Deep Elliptic Curve Cryptography (SAD-ECC) method was used for encryption. In the cloud, a piece of information is saved, and the SDN manager creates the blocks and stores the history of that piece of data as metadata. Utilizing Secure Hashing Algorithm-3 (SHA-3), a Merkle Hash Tree is constructed for each block. The proposed technology uses Fuzzy-based Smart Contracts (FSCs) to enable clients to trail their data. At last, evidence analysis is made possible by creating a Logical-Graph of Evidence (LGoE) using data collected through Blockchain. The network simulator-3.26 and java (for cloud and Blockchain) environment are used for experiments. A thorough investigation shows that the suggested forensic architecture exhibits favorable response, evidence insertion, and verification times.

VeDB: A Software and Hardware Enabled Trusted Relational Database

Blockchain-like ledger databases emerge in recent years as a more efficient alternative to permissioned blockchains. Conventional ledger databases mostly rely on authenticated structures such as the Merkle tree and transparency logs for supporting auditability, and hence they suffer from the performance problem. As opposed to conventional ledger DBMSes, we design VeDB - a high-performance verifiable software (Ve-S) and hardware (Ve-H) enabled DBMS with rigorous auditability for better user options and broad applications. In Ve-S, we devise a novel verifiable Shrubs array (VSA) with two-layer ordinals (serial numbers) which outperforms conventional Merkle tree-based models due to lower CPU and I/O cost. It enables rigorous auditability through its efficient credible timestamp range authentication method, and fine-grained data verification at the client side, which are lacking in state-of-the-art relational ledger databases. In Ve-H, we devise a non-intrusive trusted affiliation by TEE leveraging digest signing, monotonic counters, and trusted timestamps in VeDB, which supports both data notarization and lineage applications. The experimental results show that VeDB-VSA outperforms Merkle tree-based authenticated data structures (ADS) up to 70× and 3.7× for insertion and verification; and VeDB Ve-H data lineage verification is 8.5× faster than Ve-S.

Maximizing blockchain security: Merkle tree hash values generated through advanced vectorized elliptic curve cryptography mechanisms

SummaryCloud computing is considered as the most fabulous paradigm to accommodate various kinds of user information. However, the privacy conflicts integrated with computational complexities need more hybridized resource efficiency for hassle‐free accession. For this purpose, this article presents a cloud assisted, secured and privacy preserved protocol based on the elliptical curve cryptography (ECC) and blockchain consortium. Blockchain provides an innovative approach for storing information, establishing trust, and various other transactions in an open platform. There exists no single technology as a panacea to obtain optimum privacy and security in the complex cloud environment that needs several desired characteristics. Hence, an elite integration of multiple cryptographic methods by carefully analyzing the potential harms and pitfalls has to be framed to balance the trade‐off between privacy and security. The proposed technique highlights the user privacy preservation through guaranteeing that user information is safeguarded from unauthorized use or access. In accordance with that the present study enrolled the advantages of the ECC algorithm, vectorization, and blockchain methods to rule out the limitations of state of art methods. This article attempts to provide the most required privacy with optimum key generation, encryption, and decryption time. The present study has obtained optimal outcomes and the maximum percentage reduction w.r.t the existing method in key generation time, encryption time, and decryption time is given as 14.89%, 16.67%, and 12.5%, respectively.

RDIMM: Revocable and dynamic identity-based multi-copy data auditing for multi-cloud storage

Multi-copy data possession on multi-cloud storage service provides resource-constrained users with a secure and effective way to process data maintenance. To enable integrity for the outsourced data, numerous multi-copy data auditing schemes for multi-cloud storage have been proposed. Nevertheless, existing solutions suffer from the following limitations: (i) cannot support dynamic data updates; (ii) fail to consider the user revocation feature; (iii) may leak the privacy of user identity. To address these limitations, we propose a new identity-based multi-copy data auditing scheme for multi-cloud storage, termed RDIMM. We introduce a new variant of Merkle Tree to enable fully dynamic data updates, in which all copies of a raw block are kept in the same leaf node. In addition, we design a new key generation strategy and a private key update technique, where the cost of user revocation is independent of the total number of file blocks owned by the revoked user. Moreover, we conduct a comprehensive correctness analysis and security analysis of our proposed RDIMM. In addition, we provide detailed theoretical analysis and experimental simulations, which illustrate the effective functionality and practical performance compared to state-of-the-art works.

Multiauthority Attribute-Based Encryption for Assuring Data Deletion

In order to alleviate key escrow issue, the notion of multiauthority attribute-based encryption (MA-ABE) was presented, which was widely applied in cloud storage environment. In data sharing environment, secure data deletion is very crucial and challenging issue. Hence, in this article, we concentrate on verification of data deletion operation, i.e., assuring data deletion. To solve this problem, we put forward a system model, formal definition and security model of MA-ABE for assuring data deletion. Furthermore, we design a MA-ABE scheme for assuring data deletion, which is more practicable than the single authority ABE scheme. The designed scheme not only overcomes key escrow issue, but also resists collusion attack between malicious user and unauthorized user. In addition, our scheme utilizes merkle hash tree to obtain verifiable data deletion. Based on decisional bilinear Diffie-Hellman (DBDH) assumption, the scheme is proven to be secure under the selective-policy model. The experimental result indicates that the designed scheme is efficient for practical application.

Secure Auditing and Deduplicating Data in Cloud

Abstract: With the widespread adoption of cloud computing, ensuring the security and integrity of data stored in the cloud has become a critical concern. This paper presents a novel approach for achieving secure auditing and deduplication of data in cloud environments. The proposed method addresses the challenges of data integrity verification and duplicate elimination while preserving the privacy of the stored data. By leveraging cryptographic techniques, including homomorphic encryption and Merkle hash trees, the system enables efficient and privacy- preserving auditing of data integrity. Additionally, a deduplication mechanism is integrated to eliminate redundant copies of data, reducing storage costs and improving efficiency. The proposed solution provides end-to-end security guarantees, ensuring that data remains confidential, unaltered, and readily available for authorized users. Extensive experimental evaluations demonstrate the effectiveness and efficiency of the proposed approach, making it a promising solution for secure data management in cloud environments

Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures Without Trapdoors

An accumulator is a function that hashes a set of inputs into a short, constant-size string while preserving the ability to efficiently prove the inclusion of a specific input element in the hashed set. It has proved useful in the design of numerous privacy-enhancing protocols, in order to handle revocation or simply prove set membership. In the lattice setting, currently known instantiations of the primitive are based on Merkle trees, which do not interact well with zero-knowledge proofs. In order to efficiently prove the membership of some element in a zero-knowledge manner, the prover has to demonstrate knowledge of a hash chain without revealing it, which is not known to be efficiently possible under well-studied hardness assumptions. In this paper, we provide an efficient method of proving such statements using involved extensions of Stern’s protocol. Under the Small Integer Solution assumption, we provide zero-knowledge arguments showing possession of a hash chain. As an application, we describe new lattice-based group and ring signatures in the random oracle model. In particular, we obtain: (i) the first lattice-based ring signatures with logarithmic size in the cardinality of the ring and (ii) the first lattice-based group signature that does not require any GPV trapdoor and thus allows for a much more efficient choice of parameters.

If blockchain is the solution, robot security is the problem

Robotics systems of all types are revolutionizing a wide variety of industries—transportation, manufacturing, and even healthcare—and yet, many essential ingredients for robotics systems in the real world are not technologically ready for deployment. Currently, robots lack the protocols and standards required to be safe and secure outside factories. In an attempt to close this gap, recent research has demonstrated the security benefits of combining robotics systems with blockchain-based and related technologies (e.g., smart contracts, zero-knowledge proofs, Merkle trees). In this perspective article, I argue that blockchain-based robotics is starting to provide innovative solutions (e.g., secure data sharing, consensus mechanisms, and new interaction methods) to urgent problems of robot security. I list the most important takeaways so far from this emerging field of research that I helped establish together with a growing community. I close the article by discussing the implications of the security challenges that the robotics research community is facing, and possible ways for us to move forward.

Block-Hash Signature (BHS) for Transaction Validation in Smart Contracts for Security and Privacy using Blockchain

Some of the well-known signature techniques like Winternitz and Lamport are not considered to be very appropriate for the usage of hashing or smart contracts in Blockchains security because of their size O(n2), which is prominently too high. Although in Blockchain, the security concern is on the top priority because of its distributed P2P design still, the security enhancement is required to sign and verify the documents forwarded to the peers, especially in Hyperledger Fabric. Here, this paper presents a new signature technique “Block-Hash” to enhance Blockchain security by using it in smart contracts as well as hashing with size 3Xn bits (n=256, generally for SHA-256 Hashing) and which can score 112 bits security. The proposed signature can be used appropriately for signing a smart contract by the endorser or committer node. Also, it can be used with a hash algorithm in forming a Merkle tree. Apart from the description and implementation of Block-Hash Signature, this paper has covered the analysis of its security and correctness measures with a table for result comparison.

Authenticating q-Gram-Based Similarity Search Results for Outsourced String Databases

Approximate string searches have been widely applied in many fields, such as bioinformatics, text retrieval, search engines, and location-based services (LBS). However, the approximate string search results from third-party servers may be incorrect due to the possibility of malicious third parties or compromised servers. In this paper, we design an authenticated index structure (AIS) for string databases, which is based on the Merkle hash tree (MHT) method and the q-gram inverted index. Our AIS can facilitate verification object (VO) construction for approximate string searches with edit distance thresholds. We design an efficient algorithm named GS2 for VO construction at the server side and search result verification at the user side. We also introduce an optimization method called GS2-opt that can reduce VO size dramatically. Finally, we conduct extensive experiments on real datasets to show that our proposed methods are efficient and promising.

Distributed Anonymous e-Voting Method Based on Smart Contract Authentication

With the development of science and technology, the traditional centralized ballot management will lead to the risk of an opaque voting process and tampering of back-end data, and it can no longer meet the requirements of e-voting transparency and anonymity, while the distributed blockchain technology, with its features of being transparent and tamper-proof, can well solve the problems in traditional e-voting and make the ballot firmly in the hands of users. To make each node reach consensus, each node can access the complete shared ledger, and malicious nodes can analyze the transaction information in the ledger to obtain users’ voting information, which makes anonymity impossible to guarantee. We propose a blockchain technology-based voting record synchronization model and an anonymous authentication model, using zk-SNARK and Merkle tree technology, that achieve user authentication and anonymous voting. In this scheme, the user’s random identity address is inserted into the Merkle tree, and when voting, it is only necessary to prove that the user’s identity address is in the tree to complete anonymous voting without revealing the user’s real identity. This scheme meets the basic requirements of electronic voting and ensures the reliability and security of voting.

Blockchain enabled zero trust based authentication scheme for railway communication networks

With the introduction of emerging technologies such as cloud computing, the railway communication network has the characteristics of complex structure and blurred boundaries, which leads to a series of security threats including information leakage and malicious access. Specifically, the third-party cloud services are difficult to be supervised, and network traffic is untrustworthy. To ensure system security, we propose a zero-trust security model in this paper. Then, we introduce blockchain and Merkle tree to build a distributed identity storage scheme for guaranteeing reliable, confidential and efficient data updates, and improving authentication efficiency. Furthermore, the proxy was introduced for two-way authentication with cloud servers, so that internal and external threats could be counteracted. Moreover, reputation assessment mechanism has been adopted to reduce the possibility of nodes accessing malicious cloud services. Performance analysis demonstrated that the proposed security model is able to enhance the security, efficiency and stability of the system, and consequently can guarantee the safety and reliability of railway transportation.

Supersingular Isogeny-based Ring Signature

The increasing demand for secure and anonymous transactions raises the popularity of ring signatures, which is a digital signature scheme that allows identifying a group of possible signers without revealing the identity of the actual signer. This paper presents efficient supersingular isogeny-based ring signature and linkable ring signature schemes that will find potential applications in post-quantum technologies. We develop the ring signature scheme by applying the Fiat-Shamir transform on the sigma protocol for a ring which we obtain from the supersingular isogeny-based interactive zero-knowledge identification scheme by adopting the scheme for a ring. We also extend our ring signature protocol with an additional parameter, i.e., a tag that provides to detect if a signer issues two signatures concerning the same ring by preserving anonymity and linkable anonymity. The signature size of our ring signature protocols increases logarithmically in the size of the ring thanks to the Merkle trees. We show the security proofs and efficiency analyses of the protocols offered. Moreover, we provide the implementation results of the supersingular isogeny-based ring signature, which offers small signature sizes for NIST post-quantum security levels.

Online E-Voting System Using Blockchain Technology

A secure method of counting and voting votes using electronic means, with the intent of improving the performance of voting systems, is known as electronic voting (electronic voting). Current electronic voting mechanisms face challenges such as confidentiality, integrity, verifiability, transparency, non-repudiation and trustworthiness. The e-voting system uses blockchain to ensure vote integrity and security, and machine learning models to detect intrusions into voting data center’s and e-voting stations. Both encryption and decryption ensure voter integrity and confidentiality to prevent counterfeiting and other forms of election fraud. Voter data is encrypted with the state elections office's elliptical public key. Public blockchains are used to maintain the integrity of voters' personal data by storing root hashes derived from the Merkle hash tree and revealing voting station results once the voting process is complete.

Cross-domain identity authentication scheme based on blockchain and PKI system

In vehicular ad hoc networks (VANET), the cross-domain identity authentication of users is very important for the development of VANET due to the large cross-domain mobility of vehicle users. The Public Key Infrastructure (PKI) system is often used to solve the identity authentication and security trust problems faced by VANET. However, the PKI system has challenges such as too centralized Authority of Certification Authority (CA), frequent cross-domain access to certificate interactions and high authentication volume, leading to high certificate management costs, complex cross-domain authentication paths, easy privacy leakage, and overburdened networks. To address these problems, this paper proposes a lightweight blockchain-based PKI identity management and authentication architecture that uses smart contracts to reduce the heavy burden caused by CAs directly managing the life cycle of digital certificates. On this basis, a trust chain based on smart contracts is designed to replace the traditional CA trust chain to meet the general cross-domain requirements, to effectively avoid the communication pressure caused by a mass of certificate transmissions. For the cross-domain scenario with higher privacy and security requirements the identity attribute authentication service is provided directly while protecting privacy by using the Merkle tree to anchor identity attribute data on and off the blockchain chain. Finally, the proposed scheme was comprehensively analyzed in terms of cost, time consumption and security.

Secure Data Transfer Based on a Multi-Level Blockchain for Internet of Vehicles

Because of the decentralized trait of the blockchain and the Internet of vehicles, both are very suitable for the architecture of the other. This study proposes a multi-level blockchain framework to secure information security on the Internet of vehicles. The main motivation of this study is to propose a new transaction block and ensure the identity of traders and the non-repudiation of transactions through the elliptic curve digital signature algorithm ECDSA. The designed multi-level blockchain architecture distributes the operations within the intra_cluster blockchain and the inter_cluster blockchain to improve the efficiency of the entire block. On the cloud computing platform, we exploit the threshold key management protocol, and the system can recover the system key as long as the threshold partial key is collected. This avoids the occurrence of PKI single-point failure. Thus, the proposed architecture ensures the security of OBU-RSU-BS-VM. The proposed multi-level blockchain framework consists of a block, intra-cluster blockchain and inter-cluster blockchain. The roadside unit RSU is responsible for the communication of vehicles in the vicinity, similar to a cluster head on the Internet of vehicles. This study exploits RSU to manage the block, and the base station is responsible for managing the intra-cluster blockchain named intra_clusterBC, and the cloud server at the back end is responsible for the entire system blockchain named inter_clusterBC. Finally, RSU, base stations and cloud servers cooperatively construct the multi-level blockchain framework and improve the security and the efficiency of the operation of the blockchain. Overall, in order to protect the security of the transaction data of the blockchain, we propose a new transaction block structure and adopt the elliptic curve cryptographic signature ECDSA to ensure that the Merkle tree root value is not changed and also make sure the transaction identity and non-repudiation of transaction data. Finally, this study considers information security in a cloud environment, and therefore we propose a secret-sharing and secure-map-reducing architecture based on the identity confirmation scheme. The proposed scheme with decentralization is very suitable for distributed connected vehicles and can also improve the execution efficiency of the blockchain.