Conference:IEEE Transactions on Dependable and Secure Computing
CCF level:CCF A
Categories:网络与信息安全
Year:2025
13
Title:
Multi-Committee ABE Based Decentralized Access Control With Sharding Blockchain for Web 3.0
基于多委员会 ABE 的去中心化访问控制和 Web 3.0 分片区块链
Authors:****
Xinxin Xing, School of Cyber Science and Technology, Beihang University, Beijing, China
Yizhong Liu, School of Cyber Science and Technology, Beihang University, Beijing, China
Qianhong Wu, School of Cyber Science and Technology, Beihang University, Beijing, China
Zhenyu Guan, School of Cyber Science and Technology, Beihang University, Beijing, China
Dongyu Li, School of Cyber Science and Technology, Beihang University, Beijing, China
Dawei Li, School of Cyber Science and Technology, Beihang University, Beijing, China
Yuan Lu, Institution of Software Chinese Academy of Sciences, Beijing, China
Willy Susilo, School of Computing and Information Technology, Institute of Cybersecurity and Cryptology, University of Wollongong, Wollongong, NSW, Australia
Key words:
Fault Tolerant Systems, Fault Tolerance, Access Control, Encryption, Blockchains, Semantic Web, Security, Sharding
容错系统、容错、访问控制、加密、区块链、语义网、安全、分片
Abstract:****
In Web 3.0's pursuit of a decentralized and user-autonomous network, traditional access control methods, such as central servers and weak decentralized algorithms, are insufficient regarding security, fault tolerance ability, and scalability. To solve this, we first design a decentralized multi-committee attribute-based encryption, X-ABE, to address the weak decentralization and low fault tolerance in Multi-Authority Attribute-Based Encryption (MA-ABE). X-ABE replaces MA-ABE's fragile attribute authorities with robust attribute committees, each composed of multiple nodes. By developing dual-wrapped shares techniques, we address the increased dimensionality challenge of secret sharing while maintaining only 1 distributed key generation instance. Also, a formal security definition and proof under the partial adaptive model are given using dual system encryption. Second, X-LOCK, an X-ABE based decentralized access control utilizing consensus plus sharding, is proposed for Web 3.0, to achieve full decentralization, consistency, fault tolerance, user autonomy, and scalability. Third, X-ABE-R is proposed for attribute revocation and is demonstrated in X-LOCK-R with sharding blockchain as an immutable revocation ledger. Fourth, a formal definition and comparative analysis of X-ABE's fault tolerance abilities are demonstrated, covering aspects of liveness and safety, along with the complexity analysis. Fifth, practical evaluations are conducted, demonstrating that while improving fault tolerance, the overhead remains acceptable.
在Web 3.0追求去中心化和用户自治的网络中,传统的访问控制方法,如中心服务器和弱去中心化算法,在安全性、容错能力和可扩展性方面存在不足。为了解决这个问题,我们首先设计了一种去中心化的多委员会基于属性的加密X-ABE,以解决多权限基于属性的加密(MA-ABE)的弱去中心化和低容错能力。 X-ABE 用强大的属性委员会取代了 MA-ABE 脆弱的属性权威,每个属性委员会由多个节点组成。通过开发双包装共享技术,我们解决了秘密共享维度增加的挑战,同时仅维护 1 个分布式密钥生成实例。此外,使用双系统加密给出了部分自适应模型下的正式安全定义和证明。其次,X-LOCK是一种基于X-ABE的去中心化访问控制,利用共识加分片,为Web 3.0提出,以实现完全去中心化、一致性、容错、用户自治和可扩展性。第三,X-ABE-R被提出用于属性撤销,并在X-LOCK-R中通过分片区块链作为不可变的撤销账本进行了演示。第四,展示了 X-ABE 容错能力的正式定义和比较分析,涵盖活性和安全性方面,以及复杂性分析。第五,进行了实际评估,证明在提高容错能力的同时,开销仍然可以接受。
Pdf下载链接:
https://www.computer.org/csdl/journal/tq/2025/03/10807394/22O82HeV572
14
Title:
SharHSC: A Sharding-Based Hybrid State Channel to Realize Blockchain Scalability and Security
SharHSC:基于分片的混合状态通道,实现区块链可扩展性和安全性
Authors:****
Yizhong Liu, School of Cyber Science and Technology, Beihang University, Beijing, China
Peiyuan Li, School of Cyber Science and Technology, Beihang University, Beijing, China
Dongyu Li, School of Cyber Science and Technology, Beihang University, Beijing, China
Chengqi Wu, School of Cyber Science and Technology, Beihang University, Beijing, China
Nan Jiang, School of Cyber Science and Technology, Beihang University, Beijing, China
Qianhong Wu, School of Cyber Science and Technology, Beihang University, Beijing, China
Ankit Gangwal, International Institute of Information Technology (IIIT) Hyderabad, Hyderabad, Telangana, India
Prayag Tiwari, Halmstad University, Halmstad, Sweden
Mauro Conti, University of Padova, Padova, Italy
Key words:
Blockchains, Scalability, Routing, Sharding, Throughput, Security, Complexity Theory, Low Latency Communication,
区块链、可扩展性、路由、分片、吞吐量、安全性、复杂性理论、低延迟通信、
Abstract:****
Addressing blockchain's insufficient throughput and scalability is imperative for practical viability. Off-chain approaches, such as state channels (including Hash Time Lock Contract (HTLC), virtual channels), demonstrate enhanced throughput by enabling parallel transaction processing. While virtual channels introduce execution complexity, HTLC suffers from high update delays. Moreover, existing methods face network attacks. We present Sharding-based Hybrid State Channel (SharHSC) to address these issues. First, we introduce a novel off-chain sharding architecture, which partitions proxy nodes into multiple shards. Thus, when the off-chain node count increases, adding shards enhances system throughput. Second, each shard establishes a supervisory committee to record latest channel statuses to ensure accurate fund distribution upon channel closure. Third, we combine the strengths of HTLC and virtual channels. In particular, SharHSC constructs a single virtual channel across all the nodes involved in the payment by treating the nodes between payer and payee as an intermediate entity, which utilizes HTLC for fund routing. This realizes both low latency and streamlined complexity. Finally, our work is substantiated by security analysis and experiments. As the node number varies, compared with HTLC and virtual channels, the latency is reduced by 49.32% and 31.82%, and the throughput is increased by 8.93 and 1.89 times.
解决区块链吞吐量和可扩展性不足的问题对于实际可行性至关重要。链下方法,例如状态通道(包括哈希时间锁定合约(HTLC)、虚拟通道),通过启用并行事务处理来展示增强的吞吐量。虽然虚拟通道引入了执行复杂性,但 HTLC 却面临着高更新延迟的问题。此外,现有方法面临网络攻击。我们提出基于分片的混合状态通道(SharHSC)来解决这些问题。首先,我们引入一种新颖的链下分片架构,它将代理节点划分为多个分片。因此,当链下节点数量增加时,添加分片可以提高系统吞吐量。其次,每个分片建立监督委员会,记录最新的通道状态,以确保通道关闭时资金的准确分配。第三,我们结合了HTLC和虚拟通道的优势。特别是,SharHSC 通过将付款人和收款人之间的节点视为中间实体,构建了跨所有参与支付的节点的单一虚拟通道,该通道利用 HTLC 进行资金路由。这既实现了低延迟又简化了复杂性。最后,我们的工作通过安全分析和实验得到了证实。随着节点数量的变化,与HTLC和虚拟通道相比,时延分别降低了49.32%和31.82%,吞吐量分别提高了8.93和1.89倍。
Pdf下载链接:
https://www.computer.org/csdl/journal/tq/2025/03/10812896/22Uq9m4zzfG
15
Title:
EZchain: A Secure Scalable Blockchain Protocol via Passive Sharding
EZchain:通过被动分片的安全可扩展区块链协议
Authors:****
Wei Yang, School of Computer Science and Technology, University of Science and Technology of China, Hefei, China
Weilin Chen, School of Computer Science and Technology, University of Science and Technology of China, Hefei, China
Lide Xue, School of Computer Science and Technology, University of Science and Technology of China, Hefei, China
Wenjie Zou, School of Computer Science and Technology, University of Science and Technology of China, Hefei, China
Liusheng Huang, School of Computer Science and Technology, University of Science and Technology of China, Hefei, China
Key words:
Sharding, Protocols, Security, Blockchains, Costs, Scalability, Bitcoin, Bandwidth, Voting, Throughput, Blockchain
分片、协议、安全性、区块链、成本、可扩展性、比特币、带宽、投票、吞吐量、区块链
Abstract:****
Recently, many sharding blockchain protocols have sacrificed some important attributes to improve scalability, and this makes them complicated and insecure. Moreover, achieving a constant (rather than linear) Communication Cost Per Transaction (CCPT) is still a challenge for many sharding protocols. Motivated by this, we present EZchain, a scalable blockchain protocol via "passive sharding" with proven validity and security. We redesign the Value-Centric Blockchains (VCB) framework to achieve the passive sharding that helps EZchain reach higher security than traditional sharding protocols. With fixed initialization parameters, the expected value of EZchain's communication cost reaches a constant level, and it is independent of the network's size. Moreover, the EZchain node's storage cost without beacon chains also approaches a constant and does not change with the increase in the network's size and transactions. Cross-shard transactions, network sharding algorithm, and anti-Sybil attack verification are no longer needed in passive sharding, thus EZchain is very concise and efficient. Our experiment uses a lightweight EZchain prototype and extends the experimental network size up to 100,000 nodes. The evaluation results show that EZchain satisfies all our analyses of its performance (the constant communication and non-beacon storage cost) in large networks. In addition, the comparison experiment shows that ezchain has obvious advantages over the previous protocols in long-term operation and large network environments.
最近,许多分片区块链协议牺牲了一些重要属性来提高可扩展性,这使得它们变得复杂且不安全。此外,实现恒定(而不是线性)的每笔交易通信成本(CCPT)对于许多分片协议来说仍然是一个挑战。受此启发,我们推出了 EZchain,这是一种通过"被动分片"实现的可扩展区块链协议,具有经过验证的有效性和安全性。我们重新设计了以价值为中心的区块链(VCB)框架来实现被动分片,帮助 EZchain 获得比传统分片协议更高的安全性。在固定的初始化参数下,EZchain通信成本的预期值达到恒定水平,并且与网络规模无关。而且,没有信标链的EZchain节点的存储成本也接近一个常数,不会随着网络规模和交易量的增加而变化。被动分片不再需要跨分片交易、网络分片算法和防女巫攻击验证,因此EZchain非常简洁高效。我们的实验使用轻量级的 EZchain 原型,并将实验网络规模扩展至 100,000 个节点。评估结果表明,EZchain 满足我们对其在大型网络中的性能(持续通信和非信标存储成本)的所有分析。另外,对比实验表明,ezchain在长期运行和大型网络环境中相对于之前的协议具有明显的优势。
Pdf下载链接:
https://www.computer.org/csdl/journal/tq/2025/03/10815997/22Y5ESFFUFG
1
Title:
Front-running
分片区块链
Authors:****
Key words:
permissioned
许可区块链
Abstract:****
Sharding is a prominent technique for scaling blockchains.
分片是扩展区块链的一项重要技术。
Pdf下载链接:
https://
16
Title:
Blockchain-Enabled Secure Offloading for VEC: A Multi-Agent Reinforcement Learning Approach
支持区块链的 VEC 安全卸载:一种多代理强化学习方法
Authors:****
Xiaozhen Lu, College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China
Liang Xiao, Department of Information and Communication Engineering, Xiamen University, Xiamen, China
Yilin Xiao, Shenzhen Institute of Artificial Intelligence and Robotics for Society, Shenzhen, China
Zehui Xiong, Pillar of Information Systems Technology and Design, Singapore University of Technology and Design, Singapore
Zhe Liu, Zhejiang Lab, Hangzhou, China
Yanyong Zhang, School of Computer Science and Technology, University of Science and Technology of China, Hefei, China
Weihua Zhuang, Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, ON, Canada
Key words:
Eavesdropping, Energy Consumption, Security, Blockchains, Smart Contracts, Resists, Quality Of Service
窃听、能源消耗、安全、区块链、智能合约、抵抗、服务质量
Abstract:****
Vehicular edge computing (VEC) helps improve the task computational performance of vehicles on roads but has difficulty in defending against eavesdropping and selfish attacks simultaneously. In this paper, we design a reputation-based smart contract with blockchain and propose a multi-agent reinforcement learning (RL) based secure offloading scheme for VEC against both eavesdropping and selfish attacks. This scheme has a three-level hierarchical structure for each vehicle and uses the reputations obtained from the blockchain as the basis to optimize the edge node selection, offloading ratio, and power allocation, which aims to reduce the task computational latency, the vehicle energy consumption and eavesdropping rate. By using a punishment function based on the constraints, this scheme avoids exploring dangerous policies that can cause task failure or severe data leakage. A multi-agent deep RL-based secure offloading scheme is proposed for vehicles with sufficient resources, which evaluates the long-term risk rather than the punishment function to further improve the secure offloading performance. The regret bound is analyzedand the cumulative reward upper bound is provided. Simulation results verify the effectiveness of our schemes as compared with the benchmark.
车辆边缘计算(VEC)有助于提高道路上车辆的任务计算性能,但难以同时防御窃听和自私攻击。在本文中,我们利用区块链设计了一种基于信誉的智能合约,并提出了一种基于多代理强化学习(RL)的 VEC 安全卸载方案,以防止窃听和自私攻击。该方案对每辆车采用三级分层结构,以从区块链获得的信誉为基础,优化边缘节点选择、卸载比例和功率分配,旨在降低任务计算延迟、车辆能耗和窃听率。通过使用基于约束的惩罚函数,该方案避免了探索可能导致任务失败或严重数据泄露的危险策略。针对资源充足的车辆,提出了一种基于多智能体深度强化学习的安全卸载方案,该方案评估长期风险而不是惩罚函数,以进一步提高安全卸载性能。分析后悔界限并给出累积奖励上限。与基准相比,仿真结果验证了我们的方案的有效性。
Pdf下载链接:
https://www.computer.org/csdl/journal/tq/2025/03/10817486/231plJnvqFi
17
Title:
Blockchain-Assisted Privacy-Preserving and Synchronized Key Agreement for VDTNs
VDTN 的区块链辅助隐私保护和同步密钥协议
Authors:****
Chenhao Wang, School of Information Engineering, Chang'an University, Xi'an, China
Yang Ming, School of Information Engineering, Chang'an University, Xi'an, China
Hang Liu, School of Information Engineering, Chang'an University, Xi'an, China
Jie Feng, State Key Laboratory of Integrated Service Networks, Xidian University, Xi'an, China
Mengmeng Yang, Commonwealth Scientific and Industrial Research Organization, Canberra, Australia
Yang Xiang, Department of Computing Technologies, Swinburne University of Technology, Hawthorn, VIC, Australia
Key words:
Security, Synchronization, Digital Twins, Authentication, Data Privacy, Vehicle Dynamics, Smart Contracts,
安全、同步、数字孪生、身份验证、数据隐私、车辆动力学、智能合约、
Abstract:****
With the continuous development of digitization evolutions, vehicular digital twin networks (VDTNs) facilitate traffic data and optimization results to be exchanged between the vehicle and digital twin as well as shared among a group of digital twins. However, the data exchange and group sharing processes take place in real-time over public communication channels, which suffer from various security and privacy threats. Key agreement technologies are promising to enable secure data communications for entities, but the existing key agreement schemes generally fail to fulfill the requirements of synchronization, privacy, and entity management for VDTNs. Therefore, we propose a blockchain-assisted privacy-preserving and synchronized key agreement scheme for VDTNs. In the proposed scheme, the anonymous vehicle and digital twin can negotiate a secret session key in the case of synchronization to achieve secure data exchange. Meanwhile, digital twins are capable of utilizing synchronized state information to dynamically establish a common group encryption key but hold individual decryption keys, which guarantee the security of group sharing. Additionally, the proposed scheme is able to protect identity privacy and manage vehicles and digital twins with the assistance of blockchain and smart contract. The security analysis demonstrates that the proposed scheme provides security and privacy assurances for VDTNs. The performance evaluation indicates that it has excellent expressions in terms of efficiency, practicality, and smart contract consumption.
随着数字化演进的不断发展,车辆数字孪生网络(VDTN)促进交通数据和优化结果在车辆和数字孪生之间交换以及在一组数字孪生之间共享。然而,数据交换和群组共享过程是通过公共通信渠道实时进行的,这面临着各种安全和隐私威胁。密钥协商技术有望实现实体的安全数据通信,但现有的密钥协商方案普遍无法满足VDTN的同步、隐私和实体管理的要求。因此,我们为VDTN提出了一种区块链辅助的隐私保护和同步密钥协商方案。在所提出的方案中,匿名车辆和数字孪生可以在同步的情况下协商秘密会话密钥,以实现安全的数据交换。同时,数字孪生能够利用同步的状态信息动态建立公共的组加密密钥,但持有单独的解密密钥,保证了组共享的安全性。此外,所提出的方案能够在区块链和智能合约的帮助下保护身份隐私并管理车辆和数字孪生。安全分析表明,所提出的方案为 VDTN 提供了安全和隐私保证。性能评测表明其在效率、实用性、智能合约消耗等方面都有着优秀的表现。
Pdf下载链接:
https://www.computer.org/csdl/journal/tq/2025/04/10848294/23GxYkRM48M