[Retracted] Anonymous Traceability Protocol Based on Group Signature for Blockchain

An, Qi; Zhang, Yanhui; Guo, Chong; Liu, Ximing; Huang, Junjia; Zhang, Wenzhan; Zhang, Shijun; Zhan, Chao; Cai, Yuxiang

doi:https://doi.org/10.1155/2022/4559119

Security and Communication Networks

On this page

Abstract Introduction Related Works Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Research Article Retraction

!

This article has been Retracted. To view the article details, please click the ‘Retraction’ tab above.

Special Issue

Computational Technologies for Malicious Traffic Identification in IoT Networks

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 4559119 | https://doi.org/10.1155/2022/4559119

[Retracted] Anonymous Traceability Protocol Based on Group Signature for Blockchain

Qi An,¹Yanhui Zhang,¹Chong Guo,²Ximing Liu,¹Junjia Huang,¹Wenzhan Zhang,³Shijun Zhang,¹Chao Zhan,¹and Yuxiang Cai¹

Academic Editor: Muhammad Arif

Received07 Jan 2022

Revised09 Feb 2022

Accepted15 Feb 2022

Published23 Mar 2022

Abstract

In blockchain technology, data are stored on decentralized nodes and public to each node in the blockchain network. Hence, the focus of privacy protection in the blockchain guarantees the anonymity of transactions such that attackers cannot attain the users’ personal information through data analysis. Among the existing privacy protection technologies, the scheme based on group signature has good anonymity, but the existing scheme exists a large number of operations that are difficult to apply to wireless terminals. In this paper, using the powerful offloading capability of edge computing, we propose a blockchain node traceable identity privacy technology scheme based on threshold group signature, and the scheme greatly reduces the computing burden of nodes while achieving node privacy protection.

1. Introduction

Blockchain has the characteristics of “decentralization” and “detrust.” Its essence is a tamper-proof distributed database, which can establish point-to-point trustworthy value transmission between unfamiliar nodes [1]. Singh et al. [2] argued that blockchain technology could be considered a communication channel in pillars of data sharing that can effectively improve accuracy and trust due to its trustworthiness and reliability, and suggested that block technology should be promoted across industries. It can be said that with the common prevalence of bitcoin, the study and usage of blockchain have exploded and can be considered as the fifth disruptive innovation in the calculation paradigm after mainframes, personal computers, the Internet, and mobile social networks [3].

The blockchain system with the core idea of detrusting has the deficiency of user privacy leakage to users by making the ledger data public, and malicious attackers can directly access the data recorded in the blockchain ledger and spy on user privacy by tracing the path of all historical transactions in the ledger [4]. Therefore, the privacy protection in blockchain aims to guarantee the anonymity of transactions so that attackers cannot achieve the user’s personal information through data analysis even if they have access to the transaction data. Moreover, the stored data in the blockchain cannot be removed or changed arbitrarily. Thus, even if a user discovers the exposing of a part of his address or certain transaction information, he cannot take any salvage measures to make up for the loss [5]. In the conventional domain, it is feasible to decrease private data spread by omitting the exposed information. However, a similar scheme does not work in blockchain. This security requirement means that numerous conventional privacy protection strategies cannot be utilized in blockchain and more targeted privacy protection mechanisms need to be designed [6].

There has been a lot of research on privacy protection for blockchain, and the specific techniques include mixing services [7, 8], zero-knowledge proof [9, 10], ring signatures, and group signature [11, 12]. Group signature-based identity privacy protection techniques have been widely studied. However, the computational power and performance of wireless terminals are limited, and there are a large number of existing schemes for the computation of elliptic curve dot addition, large power product, and even bilinear maps, which have high complexity and require the performance of the devices, and these schemes are not applicable in the computational environment of wireless terminals.

The powerful computational offloading capability of edge computing precisely matches the need of blockchain to reduce the signature burden of nodes. The current research presents a privacy protection technique using weighted threshold group signature for blockchain networks via edge computing. In this scheme, MEC server is used to calculate and unload the signature of the blockchain terminal, which ensures the privacy of user identity and reduces the computational burden of blockchain terminal. Group administrator can open the signature and trace the real signature members when it is necessary, and the characteristic of threshold makes the scheme resist the collusion attack of members whose credibility sum is less than the threshold, which further improves the scheme’s security.

The remainder of this study is arranged as follows. Section 2 presents several relevant privacy-preserving techniques, and in Section 3, a mobile blockchain network model based on edge computing (MBNEC) is presented and used to introduce an identity privacy scheme regarding blockchain nodes. Section 4 deals with the scheme’s performance analysis in terms of security and effectiveness. Finally, conclusions are given in Section 5.

This paper proposes a privacy technology of blockchain node identity based on edge computing by thresholding the classical group signature scheme. Thus, this section mainly introduces three related work areas: edge computing technologies, blockchain privacy protection technology, and group signatures and threshold group signatures.

2.1. Edge Computing Technologies

With the continuous promotion of smart cities, intelligent transportation, and other IoT applications and the fast growth of novel service models such as spatial location and mobile payment services, the number of IoT device connections and the produced data are significantly increasing. In order to solve the computation and storage issues, the conventional cloud computing model moves the whole data to the cloud computing center via the network and uses its strong computing capacity to achieve the centralized solving of the problems. In Internet of Everything application, cloud computing constraints such as cloud computing center load, transmission bandwidth, and data security are becoming more and more important. The great amount of data produced by several access device perception leads to more limitations of the network bandwidth of cloud computing, overwhelming the cloud and leading to more significant data bottlenecks, and the cloud computing model concentrated in the data center can no longer meet the demand. Accordingly, the edge computing model has been created.

ETSI first proposed the principle of MEC (mobile edge computing) in 2014 and upgraded it to multiaccess edge computing in 2016 to meet more access needs. MEC technology mainly refers to providing IT services at the edge of mobile networks by deploying universal servers on the wireless access side environment and cloud computing capacities. Even though the computing power of the edge computing server is slightly inferior to cloud server, due to its advantage of proximity deployment, it can bring users lower latency services and effectively improve the processing efficiency of data, which is more in line with the technical requirements of Internet of Everything era.

2.2. Blockchain Privacy Protection Technology

The privacy leakage risk of blockchain technology has limited its promotion and application in existing industries to a certain extent. Relevant scientific and technical personnel have proposed several blockchain privacy protection schemes with different ideas to enhance the anonymity of blockchain technology and thus achieve privacy protection of user identity and transaction information.

2.2.1. Mixing Services

A mixing service, first presented by Chaum [13], disrupts the correlation among the input and output addresses of transactions. Mixcoin [14], presented by Bonneau et al. in 2014, is a centralized mixing scheme with an audit function. Once a third party has an illegal behavior, the user can make the third party discredited and cannot continue mixing coins by issuing a mixed coin signature. In 2015, Valenta and Rowan [15] introduced a Blindcoin mixing technique using blind signature technology, making it impossible for the third-party center to obtain the address mapping correlation among the input and output addresses of the participating mixing coins. Also belonging to the centralized mixing scheme is DASH [16], which uses a deposit-like strategy to avoid malicious behavior by increasing the cost of crime for master nodes. To eliminate the impact generated by centralization, other related decentralized mixing schemes are CoinJoin [17], CoinShuffle [18], Xim [19], etc.

2.2.2. Menero

Menero is a cryptocurrency focused on privacy protection, which utilizes extensive cryptographic techniques. In Menero, the coin mixing operation is carried out through ring signature technology. Its biggest advantage is that the coin mixing operation can be performed without the participation of a centralized third party, avoiding the centralization issue induced by centralized coin mixing and solving the decentralized coin mixing problem, where the nodes involved in coin mixing communicate with each other and leak the mixing process and the denial-of-service attack by hackers. Menero has a good implementation of unlinkability and untraceability, which are two key elements to ensure the blockchain privacy. In Menero, the stealth address technique is used to implement unlinkability, and the one-time ring signature technique is utilized to implement untraceability. The literature [20] proposes RingCT, which is an improvement of Menero to hide the addresses of both sides of the transaction as well as the transaction amount. The literature [12] proposed RingCT 2.0, which implements linkable ring signature and has a constant level of signature length, but this scheme has both inefficiency, low performance, and centralization drawbacks.

2.2.3. Zcash

The zero-knowledge succinct noninteractive arguments of a knowledge (zk-SNARK) technique are optimized on top of the noninteractive zero-knowledge proof technique to maintain noninteractivity while reducing the proof size and saving. Zero Cash project [21] was proposed in 2014, which uses the zk-SNARK to construct transactions. The ZeroCash protocol can hide more transaction information including transaction amount and recipient address, which provides stronger protection for user privacy, but the implementation of the protocol also requires the participation of trusted third parties. To solve this problem, the scalable transparent zero-knowledge argument of knowledge (zk-STARK) [22] was presented, and the Aurora technique [23] was implemented on this basis to achieve transparency in the initialization phase that does not require the involvement of trusted third parties.

2.3. Group Signatures and Gate Group Signatures

The concept of group signature was first proposed in 1991. Group signature refers to some specific scenarios in which a member of a group will want to digitally sign a message on behalf of the group to protect the privacy of their identity, while other people can only evaluate whether the signer belongs to the group. However, unlike the group administrator, they cannot recognize the signer’s certain identity.

The literature [24] proposed a secret sharing strategy using the Chinese remainder theorem without a trustworthy center; the core of which is a prime matrix that can be used in conjunction with public broadcasting channels to activate different thresholds at any time, but the scheme lacks mutual authentication between members and is easily exploited by adversaries, which is not suitable for the complex environment of edge computing networks. The threshold group signature scheme proposed in the literature [25] combines the features of elliptic curve short keys with the threshold method, which reduces the computational complexity to some extent but does not provide a method to track and revoke members in the scheme; the dynamic threshold group signature scheme [26] proposed by Xia incorporates a method for tracking and revoking members. However, this scheme is not resistant to collusion attacks; Dan et al. proposed a general method for adding threshold functions to non-threshold encryption schemes [27], which allows the key to be split into several copies and kept by multiple parties, and the scheme constructs threshold signatures that are highly secure but are only suitable for large encryption systems over short distances due to computational complexity.

3. Mechanism Description

A mobile blockchain node network based on edge computing (MBNEC) is proposed. Based on MBNEC, a threshold group signature scheme to protect user privacy is given.

3.1. Frame of MBNEC

Mobile edge computing, as a new network model, relieves pressure on remote cloud servers and reduces network latency by migrating context-sensitive, latency sensitive, and compute-intensive tasks from mobile user tasks to nearby edge nodes for processing. These edge nodes with compute and storage resources are typically deployed in gateways, WiFi nodes, macrobase stations, and cell base stations that are in close proximity to users. In this paper, based on the network architecture of edge computing, the MEC server is given the blockchain attribute as a consensus node, and smart terminals are uplinked through the MEC server.

As shown in Figure 1, the blockchain layer includes a MEC server that has given blockchain attributes to act as a consensus node, as well as mobile devices, in-vehicle mobile network devices, or IoT devices that are uploaded via the server; the edge computing layer includes a local key distribution center, a local trusted management center, and a MEC server that provides computing resources for the blockchain layer and distributes security policies through the MEC server; the cloud service layer includes cloud service centers and cloud servers that provide cloud services for the edge computing layer and issue security policies. The blockchain layer guarantees the data security in transit through the blockchain, helps establish integrity assurance and anticounterfeit storage for the edge computing system, and can ensure that storage resources allocated on edge devices are fair and efficient, making them scalable. The edge computing layer gives computing resources and edge cloud services for the blockchain layer, while the cloud services layer combines the conventional cloud storage with blockchain to guarantee data security.

3.2. Identity Privacy Scheme

At this time, the local key distribution center KDS distributes keys for the multiple MEC servers and the service wireless terminals provided by the MEC servers. The local trusted management center acts as a group administrator and can open the signature of blockchain nodes if necessary.

3.2.1. System Initialization

: a large prime number : integral domain : -order additive cycle group ：generator of : Point of any nonidentity element in : -order multiplicative cycle group bilinear mapping : hash function Issuer/Opener: group administrator MEC: edge computing nodes KDS: local key distribution center TMC: local trusted management center

KDS selects , and sends to TMC over the secure channel. are stored by KDS and TMC as the group private key. TMC selects to make . is exposed as the group’s public key.

3.2.2. Node Addition

We set private key and public key of blockchain terminal to be . The blockchain terminal joins the local edge computing network in the following steps: Step 1. Blockchain terminal sends its identity document , public key , and connection request information Req to PKG, requesting to join the edge computing network Step 2. PKG receives the connection request information Req and sends its identity document , public key and random number to blockchain terminal Step3. The blockchain terminal selects the random number to calculate and then sends to PKG Step 4. PKG receives the information and verifies o complete the certification to the blockchain terminal . Then, PKG selects a random number and calculates . PKG will send to the blockchain terminal . Step 5. After blockchain terminal receives the information, it verifies to complete the certification of KDS.

The correctness of the above scheme is obvious. In addition, the above literature is typical of zero-knowledge proofs, whose safety analysis can be proved by traditional methods; this paper ignores the main proof process.

3.2.3. Distribution of Keys

We set TMC to manage wireless terminals, divided into group members. The transaction signature of the n-th group member is completed by the wireless terminal through threshold signature.

, , is a positive integer.

KDS selects for group member and calculates . KDS sends to TMC and selects polynomial described on and polynomial defined on .

For each wireless terminal , we set its weight to . KDS calculates

KDS sends to through the secure channel.

In order to reduce the burden on wireless terminals, KDS presets the one-time values to be used for signing as follows: KDS selects the polynomial described on and the polynomial defined on .

For each wireless terminal , we set its weight to . KDS calculates

KDS sends to through the secure channel. can generate multiple groups at once and send them to the wireless terminal for storage. A set of is used only once for a signature.

3.2.4. Key Update

We consider that the i-th group member corresponds to the wireless terminal locally aware network. Now, KDS updates the public parameters in the following manner:(1)Update of group public key. At this time, Meet the form that the group public key should have.(2)Update of the other group member. For each group member , KDS calculates At this time,

Meet the form that the group public key should have.

KDS selects the polynomial defined on

For each wireless terminal , we set its weight to . KDS calculates

KDS sends to through the secure channel.

3.2.5. Signature

Considering the group public key , nodes corresponding to the j-th group member jointly sign message . The sum of the weights corresponding to is greater or equal to .(i), respectively, select random numbers and broadcast them. We set the weight of to be ; the secret fragment it has for signing is . Then, the node computes. Then, calculates broadcast(ii)MEC calculates(1)(2)(3)(4) Then, MEC broadcast .(iii) calculate(iv)We set the weight of node to . The secret clips are as follows: selects and calculates(1)(2) And Wireless terminal sends to MEC. Note: in order to reduce the computing burden of wireless terminals, multiple groups of can be preset by KDS, and different groups are adopted for each signature.(v) MEC collectsand calculates

is output as the signature of group member for message .

3.2.6. Signature Verification

Given the group public key , the message , and the signature to be verified .

Any recipient can verify whether the signature is legal by performing the following operations:(1)calculate(2)Accept the signature as a valid group signature if and only if .

3.2.7. Correctness

The correctness of scheme holds: can be easily obtained; the following mainly proves that .

According to the characteristics of threshold cipher,

Therefore,

Due to

That is,

Therefore, .

4. Performance Analysis

To verify the correctness of the solution and to reflect the superiority of its efficiency, the solution’s safety and efficiency analysis are performed.

4.1. Security Analysis

The presented scheme is the threshold of typical group signature scheme, and its security is mainly determined by the original group signature scheme and threshold scheme. The unforgeability and anonymity of the original ring proof scheme have been proved [28]. Therefore, the following study will focus on the analysis of the impact of the weighted threshold.

4.1.1. Unforgeability

In this weighted threshold scheme, if all nodes distribute their own keys for the second time so that after distribution, each member of the group only holds one key segment, the node that originally held the key performs key security reimbursement then, this scheme becomes a typical verifiable threshold scheme [29]. According to the characteristics of threshold, any node combination whose weight sum is less than the threshold cannot complete the signature, and any node combination whose weight sum is higher than or equal to the threshold can complete the signature. Thus, the mentioned scheme can resist the collusion attack of any member whose credibility sum is less than the threshold.

4.1.2. Anonymity Analysis

Anonymity of signature means that for a given group signature, only TMC, the group administrator, can open the signature and trace the real signature member. With the introduction of threshold signature, the signature completed by a single group member in the original scheme is expanded to be signed jointly by multiple wireless terminals. The threshold signature in this paper is based on the principle of zero-knowledge proof that does not disclose the relevant information of the private key in the signature process. According to the characteristics of group signature [30], only the group administrator Issuer can open the signature, which shows that this scheme satisfies anonymity.

4.1.3. Traceability Analysis

TMC can trace the identity of a group member that generated the signature by performing the following operations:(1)Execute the signature verification algorithm to ensure that the signature is a correct group signature for message (2)Calculate to check the correspondence table between and group membership, thereby to determine the identity of the group member that produced the signature

4.1.4. Unlinkability Analysis

It is said to be uncorrelated if there are two signatures, satisfying the requirement that only the TMC can identify whether they are signed by members of the same group. We notice that the parameter for each wireless terminal in the threshold signature is randomly generated and is used in such a way that the signature is updated once, so this scheme satisfies the non-association.

4.1.5. Exculpability Analysis

As can be seen from the above, this group signature scheme is unforgeable. Thus, it is not feasible to forge a legitimate signature node if the other nodes except the signature node do not have the group member key. Therefore, this scheme is nonframeabal.

4.1.6. Coalition-Resistance Analysis

As can be seen from the above study, this group signature scheme is unforgeable, when TMC wants to collaborate with node to generate a valid group signature of node . The K-CAA difficulty problem assumes that cannot be obtained by , so the group administrator Opener cannot forge the group signature of .

4.1.7. Forward Security Analysis

When a member is revoked, the public and private keys of the revoked group member are made public in the revocation list. Suppose that an adversary can derive the identity of the group member to which the signature corresponds from . By the freshness of , let , and set generated in -th interactions as . After observing the previous signature, the adversary deduces it from the -th signature, and is set to solve the s-CDH problem.

In summary, the scheme proposed in this section can effectively protect the concealment of group membership, with forward security, unforgeability and traceability, and can resist collusion attack and frame attack. Simultaneously, the scheme’s group signature length is short, which can effectively reduce the communication and computing overhead of the terminal and is more practical.

4.2. Efficiency Analysis

In order to prove that this scheme is more suitable for wireless terminals, it will be compared with other schemes. Table 1 shows the time complexity of each operation, and literature is referred to the comparison data, where is bilinear pair operation, is the scalar multiplication operation on elliptic curves, is the addition of two elliptic curve points, is the power multiplication operation, and is the point multiplication operation.

One of the features of this scheme is the use of weighted thresholds instead of ordinary thresholds to accomplish threshold group signatures. Weighted thresholds are better suited for edge computing and the inequality of status between nodes in a blockchain. Table 2 presents a comparison of the time complexity of the signature phase for a single wireless endpoint between this scheme and other thresholds for group signatures, where represents the average weight value of the nodes of the blockchain. From Table 2, it can be seen that the larger the difference in weight values between the nodes, the lower the complexity of the signature computation in this scheme. Considering that the credibility of blockchain nodes varies greatly in reality, the scheme is applicable to the blockchain technology for wireless networks.

The literature [32] tested the number multiplication time on the elliptic curve on a 900 KHz sensor to be about 2.6 s, and the number multiplication time on the elliptic curve is to be about 0.00195 s considering the latest CortexA9 1.2 GHz microprocessor for smart terminals. In order to better investigate the impression of edge computing on the blockchain identity privacy scheme, this paper presents a performance comparison between this scheme and a single node with a threshold group signature without edge computing. From Table 3, it can be seen that the edge computing offload optimizes the computational structure of the original signature scheme and greatly improves the computational efficiency of the blockchain endpoints.

5. Conclusion

In the current work, a privacy-preserving approach using a weighted gating group signature scheme is proposed given the complexity of previous blockchain privacy protection schemes, which is difficult to be applied to blockchain nodes in the form of wireless terminals. This scheme effectively offloads the computational complexity of blockchain terminals by using edge computing nodes, which ensures the identity privacy of blockchain nodes and reduces the computational burden of wireless terminals. The characteristic of threshold makes the scheme resist the collusion attack of members whose credibility sum is less than the threshold, which further improves the security of the scheme.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

Q. A. Feng, “Survey on privacy protection in blockchain system,” Journal of Network and Computer Applications, vol. 126, pp. 45–58, 2019.
View at: Publisher Site | Google Scholar
M. Singh and S. Kim, “Blockchain Based Intelligent Vehicle Data Sharing Framework,” 2017, https://arxiv.org/abs/1708.09721.
View at: Google Scholar
M. Swan, Blockchain: Blueprint for a New Economy, O'Reilly Media, Inc, Sebastopol, CA, USA, 2015.
C. Natoli and V. Gramoli, “The Balance Attack against Proof-Of-Work Blockchains: The R3 Testbed as an Example,” 2016, https://arxiv.org/abs/1612.09426.
View at: Google Scholar
A. Kosba, “Hawk: the blockchain model of cryptography and privacy-preserving smart contracts,” in Proceedings of the in 2016 IEEE symposium on security and privacy (SP), IEEE, San Jose, CA, USA, 22 May 2016.
View at: Publisher Site | Google Scholar
B. K. Mohanta, “Blockchain technology: a survey on applications and security privacy Challenges,” Internet of Things, vol. 8, Article ID 100107, 2019.
View at: Publisher Site | Google Scholar
M. C. Kus Khalilov and A. Levi, “A survey on anonymity and privacy in bitcoin-like digital cash systems,” IEEE Communications Surveys & Tutorials, vol. 20, no. 3, pp. 2543–2585, 2018.
View at: Publisher Site | Google Scholar
C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proceedings of the forty-first annual ACM symposium on Theory of computing, pp. 169–178, Association for Computing Machinery, Bethesda, MD, USA, 31 May 2009.
View at: Publisher Site | Google Scholar
I. Miers, “Zerocoin: anonymous distributed E-cash from bitcoin,” in Proceedings of the IEEE Symposium on Security and Privacy, IEEE, Berkeley, CA, USA, 19 May 2013.
View at: Publisher Site | Google Scholar
B. Bünz, W. Pieter, and M. Greg, “Bulletproofs: efficient range proofs for confidential transactions,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), IEEE, California, May 2005.
View at: Publisher Site | Google Scholar
T. Ruffing and P. Moreno-Sanchez, “Valueshuffle: mixing confidential transactions for comprehensive transaction privacy in bitcoin,” in Proceedings of the in International Conference on Financial Cryptography and Data Security, Springer, Sliema, Malta, 19 November 2017.
View at: Publisher Site | Google Scholar
S.-F. Sun, “Ringct 2.0: a compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero,” in Proceedings of the European Symposium on Research in Computer Security, Springer, Oslo, Norway, 12 August 2017.
View at: Publisher Site | Google Scholar
D. L. Chaum, “Untraceable electronic mail, return addresses, and digital pseudonyms,” Communications of the ACM, vol. 24, no. 2, pp. 84–90, 1981.
View at: Publisher Site | Google Scholar
J. Bonneau, “Mixcoin: anonymity for bitcoin with accountable mixes,” in Proceedings of the International Conference on Financial Cryptography and Data Security, Springer, Christ Church, Barbados, 09 November 2014.
View at: Publisher Site | Google Scholar
L. Valenta and B. Rowan, “Blindcoin: blinded, accountable mixes for bitcoin,” in Proceedings of the International Conference on Financial Cryptography and Data Security, Springer, San Juan, Puerto Rico, 26 January 2015.
View at: Publisher Site | Google Scholar
E. Ahmed and M. H. Rehmani, Mobile Edge Computing: Opportunities, Solutions, and Challenges, Elsevier, Amsterdam, The Netherlands, 2017.
S. Meiklejohn and C. Orlandi, “Privacy-enhancing overlays in bitcoin,” in Proceedings of the International Conference on Financial Cryptography and Data Security, Springer, San Juan, Puerto Rico, January 2015.
View at: Publisher Site | Google Scholar
T. Ruffing, P. Moreno-Sanchez, and A. K. Coinshuffle, “Practical decentralized coin mixing for bitcoin,” in Proceedings of the European Symposium on Research in Computer Security, Springer, Berlin, Heidelberg, September 2014.
View at: Google Scholar
G. Bissias, “Sybil-resistant mixing for bitcoin,” in Proceedings of the 13th Workshop on Privacy in the Electronic Society, Springer-Verlag, Scottsdale, AZ, USA, November 2014.
View at: Publisher Site | Google Scholar
S. Noether, A. Mackenzie, and T. M. Research Lab, “Ring confidential transactions,” Ledge, vol. 1, pp. 1–18, 2016.
View at: Publisher Site | Google Scholar
E. Sasson, “Zerocash: decentralized anonymous payments from bitcoin,” in Proceedings of the IEEE Symposium on Security and Privacy, IEEE, Berkeley, CA, USA, May 2014.
View at: Publisher Site | Google Scholar
E. Ben-Sasson, Scalable, Transparent, and post-quantum Secure Computational Integrity, p. 46, 2018.
E. Ben-Sasson, “Aurora: transparent succinct arguments for R1CS,” in Proceedings of the Annual International Conference on the Theory And Applications Of Cryptographic Techniques, Springer, Darmstadt, Germany, 19 May 2019.
View at: Publisher Site | Google Scholar
X. Jia, D. Wang, D. Nie, X. Luo, and J. Z. Sun, “A new threshold changeable secret sharing scheme based on the Chinese Remainder Theorem,” Information Sciences, vol. 473, pp. 13–30, 2019.
View at: Publisher Site | Google Scholar
Y.-L. Yu and T.-S. Chen, “An efficient threshold group signature scheme,” Applied Mathematics and Computation, vol. 167, no. 1, pp. 362–371, 2005.
View at: Publisher Site | Google Scholar
X. Xia, “Efficient dynamic threshold group signature scheme based on elliptic curve cryptosystem,” Journal of Southwest Jiaotong University, vol. 1, p. 1, 2008.
View at: Google Scholar
et al., “Threshold cryptosystems from threshold fully homomorphic encryption,” in Proceedings of the Annual International Cryptology Conference, Springer, Santa Barbara, CA, USA, 19 August 2018.
View at: Publisher Site | Google Scholar
D. Boneh, X. Boyen, and H. Shacham, “Short group signatures,” in Proceedings of the Annual International Cryptology Conference, Springer, Santa Barbara, CA, USA, 15 August 2004.
View at: Publisher Site | Google Scholar
B. Schoenmakers, “A simple publicly verifiable secret sharing scheme and its application to electronic voting,” in Proceedings of the International Cryptology Conference on Advances in Cryptology, Springer, Berlin, Heidelberg, 15 August 1999.
View at: Publisher Site | Google Scholar
S. K. H. Islam and G. P. Biswas, “A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks,” Annals of télécommunications-annales des telecommunications, vol. 67, no. 11, pp. 547–558, 2012.
View at: Publisher Site | Google Scholar
B. Gong, C. Cui, M. Hu, C. Guo, X. Li, and Y. Ren, “Anonymous traceability protocol based on group signature for blockchain,” Future Generation Computer Systems, vol. 127, pp. 160–167, 2022.
View at: Publisher Site | Google Scholar
F. Feng, X. Li, and L. Wang, “Design and implementation of identity authentication system based on fingerprint recognition and cryptography,” in Proceedings of the 2016 2nd IEEE International Conference on Computer and Communications (ICCC), IEEE, Chengdu, China, October 2016.
View at: Google Scholar

Copyright

Copyright © 2022 Qi An et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Security and Communication Networks

Computational Technologies for Malicious Traffic Identification in IoT Networks

[Retracted] Anonymous Traceability Protocol Based on Group Signature for Blockchain

Abstract

1. Introduction

2. Related Works

2.1. Edge Computing Technologies

2.2. Blockchain Privacy Protection Technology

2.2.1. Mixing Services

2.2.2. Menero

2.2.3. Zcash

2.3. Group Signatures and Gate Group Signatures

3. Mechanism Description

3.1. Frame of MBNEC

3.2. Identity Privacy Scheme

3.2.1. System Initialization

3.2.2. Node Addition

3.2.3. Distribution of Keys

3.2.4. Key Update

3.2.5. Signature

3.2.6. Signature Verification

3.2.7. Correctness

4. Performance Analysis

4.1. Security Analysis

4.1.1. Unforgeability

4.1.2. Anonymity Analysis

4.1.3. Traceability Analysis

4.1.4. Unlinkability Analysis

4.1.5. Exculpability Analysis

4.1.6. Coalition-Resistance Analysis

4.1.7. Forward Security Analysis

4.2. Efficiency Analysis

5. Conclusion

Data Availability

Conflicts of Interest

References

Copyright