Post-Quantum Linkable Hash-Based Ring Signature Scheme for Off-Chain Payments in IoT
Abstract
1. Introduction
1.1. Related Works
1.2. Contributions and Innovations
1.3. Organization
2. Preliminary
2.1. Linkable Post-Quantum Ring Signatures
- (1)
- Key generation (KeyGen): This algorithm generates public and private key pairs. Algorithm 1 ensures that the linkable tag is a hash of the secret key and that the same secret key generates the same lt with different signatures.
- (2)
- Signature generation (Sign): Algorithm 2 generates a ring signature based on a specific key pair and a ring member with a linkability tag (LT).
- (3)
- Verify signature (Verify): The procedure of Algorithm 3 can be used to verify whether the signature is valid.
- (4)
- Linkability check: In this step, we determine whether two signatures are generated by the same private key. If the LT of the two signatures is the same, it can be determined that they come from the same private key, thus achieving linkability.
Algorithm 1 Key generation (KeyGen). |
Input: None Output:
|
Algorithm 2 Signature Generation (Sign) |
Inputs: Output:
|
Algorithm 3 Signature verification (verify). |
Inputs: Output:
|
2.2. Off-Chain Payments and Privacy Protection in Blockchain
2.3. Signature of Knowledge
2.4. Hash Time-Locked Contracts (HTLCs)
- Step 1:
- Bob generates a random number (Preimage). For example, Bob chooses “secret123” as the secret. Bob computes its hash value and discloses y to Alice, but not x.
- Step 2:
- Alice creates HTLC and locks the funds. Alice deploys a smart contract, and the funds can only be unlocked in two ways: Bob provides x so that (hash lock). If Bob does not claim within T time, the funds are returned to Alice (time lock).
- Step 3:
- Bob collects the funds. Bob submits x in the contract. The smart contract verifies that is established, and funds are transferred to Bob.
- Step 4:
- If Bob fails to collect the funds within time T, Alice will get the funds back. If Bob does not submit x within time T, Alice can call the contract to retrieve her funds.
2.5. XMSS
- (1)
- WOTS+
- (2)
- Merkle tree structure
3. Post-Quantum Linkable Ring Signature Scheme
3.1. Initialization Phase
- (1)
- Key generation
- (2)
- Cyclic manifestation
Algorithm 4 Key generation. |
Input: Output:
|
3.2. Signature Creation Phase
Algorithm 5 Signing: |
Input: Output:
|
3.3. Signature Verification Phase
3.3.1. Signature Verification
Algorithm 6 Verification: |
Input: Output:
|
3.3.2. Avoiding Double Spending
3.4. Linkability Test
Algorithm 7 Linkable: |
Input: Output:
|
3.5. Overview of the Signature Scheme
3.6. Security Model
- Step 1:
- Challenger generation system parameters.
- Step 2:
- Attackers attempt to forge signatures.
- Step 3:
- Conditions for the attacker to win the game.
- (i)
- Unlinkability of forged signatures:Two forged signatures cannot be linked, i.e., . This means that the signatures and were generated using the same secret key, but the system is unable to link them, ensuring unlinkability.
- (ii)
- Validity of the forged signature:The signature must be valid, i.e., , meaning the forged signature must pass the verification algorithm.
- (iii)
- Signature is not obtained from the signing oracle ():The attacker must generate the forged signature independently, rather than simply copying one returned by the signing oracle .
- (iv)
- Restricted public key usage:All public keys must be registered through the public key registration predicate , which ensures that the attacker can only use public keys that have been properly registered and cannot introduce external keys.
- (v)
- Limited access to the challenge predictor ():The attacker can only query the challenge predictor a limited number of times, preventing brute-force attempts or exhaustive exploration of the input space.
- Step 1:
- Challenger generation system parameters.
- Step 2:
- The attacker chooses the signature scenario
- Step 3:
- The challenger randomly selects a signer and creates a signature.
- Step 4:
- The attacker attempts to forge the signature associated with the signer.
- Step 5:
- Conditions for the attacker to win the game.
4. Application
4.1. Participants
4.2. Key Technologies
Algorithm 8 Public key generation. |
Inputs: h, Output:
|
Algorithm 9 Creating the signature. |
Inputs: M, H, one-time signature key pair Output:
|
Algorithm 10 Signature verification. |
Inputs: Output: true or false
|
Algorithm 11 Linkable |
Inputs: Output:
|
4.3. Transaction Process
5. Security Analysis
5.1. Security Assessment
5.2. Threat Model
5.3. Security Proofs
- (A)
- Prophecy Machine 1: Join Oracle () A can request to join the ring-signing system to obtain a public–private key pair . S randomly selects two indexes when processing the join queries proposed by A. A can request to join the ring-signing system to obtain a public–private key pair .
- (a)
- One index is used to challenge one-wayness (): this returns .
- (b)
- One index is used to challenge collision resistance : at this point, it returns and sets the private key .
- (B)
- Prophecy Machine 2: Corruption Oracle () Allow A to query the private key corresponding to a specific public key . If , S terminates the game directly (to avoid exposing instances of cracking one-wayness). If , S returns . In other cases, S typically returns the private key.
- (C)
- Prediction machine 3: Signature Oracle () A may request a signature for message m. S needs to simulate the signature generation process. If the signer’s public key , then generate the ring signature in the normal way. If , then S generates a simulatable signature using the zero-knowledge proof simulator Sim and records the hash table entries. Randomized Prophecy Machine Query (): If A has previously queried , return the recorded value. If and there is already a relevant entry in the hash table, return x as the answer to the one-wayness challenge. Otherwise, return a random value.
- (A)
- A selects a ring with n public keys, event ID e and message m and sends to S.
- (B)
- S creates a challenge signature, which consists of the following six steps:(a) Construct the Merkle root (computed from the set of public keys R).(b) Random selection of marker .(c) Randomly select an index that specifies the position of the challenge signer, i.e., public key b, as the signer.(d) Calculate .(e) Zero-knowledge test simulator: First, we run , then (to generate the SoK proof of the simulation).(f) Generate a control signature:(g) Send the signature to A.
- (C)
- A tries to guess : A must guess whether is equal to b. If A can determine b better than a random value (probability ), the attack is successful.
- Step 1:
- Setting the publication parameters.
- Step 2:
- Processing queries.
- Step 3:
- Challenge phase.
- Step 4:
- Critical analysis.
6. Performance Analysis
6.1. Signature Efficiency Analysis
- (1)
- Key generation time
- (2)
- Signature time
- (3)
- Verify time
6.2. Comparison of Safety and Functionality
- (1)
- Quantum attack resistance
- (2)
- Linkability and anonymity
- (3)
- Non-defamation
- (4)
- Support for off-chain payments
- (5)
- Blockchain applicability
6.3. Research Questions Answered
7. Conclusions
7.1. Limitations
7.2. Future Work
Author Contributions
Funding
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Christidis, J.; Karkazis, P.A.; Papadopoulos, P.; Leligou, H.C. Decentralized blockchain-based IoT data marketplaces. J. Sens. Actuator Netw. 2022, 11, 39. [Google Scholar] [CrossRef]
- Zhou, W.; Zhang, D.; Han, G.; Zhu, W.; Wang, X. A blockchain-based privacy-preserving and fair data transaction model in IoT. Appl. Sci. 2023, 13, 12389. [Google Scholar] [CrossRef]
- Zhang, Q.; Cao, S.; Ni, Y.; Chen, T.; Zhang, X. Enabling privacy-preserving off-chain payment via hybrid multi-hop mechanism. In Proceedings of the ICC 2022—IEEE International Conference on Communications, IEEE, Seoul, Republic of Korea, 16–20 May 2022; pp. 13–18. [Google Scholar]
- Guan, Z.; Wan, Z.; Yang, Y.; Zhou, Y.; Huang, B. Blockmaze: An efficient privacy-preserving account-model blockchain based on zkSNARKs. IEEE Trans. Dependable Secur. Comput. 2020, 19, 1446–1463. [Google Scholar] [CrossRef]
- Qashlan, A.; Nanda, P.; He, X.; Mohanty, M. Privacy-preserving mechanism in smart home using blockchain. IEEE Access 2021, 9, 103651–103669. [Google Scholar] [CrossRef]
- Odoom, J.; Huang, X.; Zhou, Z.; Danso, S.; Zheng, J.; Xiang, Y. Linked or unlinked: A systematic review of linkable ring signature schemes. J. Syst. Archit. 2023, 134, 102786. [Google Scholar] [CrossRef]
- Fathalla, E.; Azab, M. Beyond classical cryptography: A systematic review of post-quantum hash-based signature schemes, security, and optimizations. IEEE Access 2024, 12, 175969–175987. [Google Scholar] [CrossRef]
- Steane, A. Quantum computing. Rep. Prog. Phys. 1998, 61, 117. [Google Scholar] [CrossRef]
- Saputhanthri, A.; Alwis, C.D.; Liyanage, M. Survey on blockchain-based IoT payment and marketplaces. IEEE Access 2022, 10, 103411–103437. [Google Scholar] [CrossRef]
- Hülsing, A.; Kudinov, M. Recovering the tight security proof of SPHINCS+. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2022; pp. 3–33. [Google Scholar]
- Bos, J.W.; Hülsing, A.; Renes, J.; van Vredendaal, C. Rapidly verifiable XMSS signatures. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021, 137–168. [Google Scholar] [CrossRef]
- Green, M.; Miers, I. Bolt: Anonymous payment channels for decentralized currencies. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, 30 October–3 November 2017; pp. 473–489. [Google Scholar]
- Malavolta, G.; Moreno-Sanchez, P.; Kate, A.; Maffei, M.; Ravi, S. Concurrency and privacy with payment-channel networks. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA, 30 October–3 November 2017; pp. 455–471. [Google Scholar]
- Malavolta, G.; Moreno-Sanchez, P.; Schneidewind, C.; Kate, A.; Maffei, M. Anonymous multi-hop locks for blockchain scalability and interoperability. Cryptol. Eprint Arch. 2018. [Google Scholar]
- Thyagarajan, S.A.K.; Malavolta, G. Lockable signatures for blockchains: Scriptless scripts for all signatures. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 24–27 May 2021; pp. 937–954. [Google Scholar]
- Mazumdar, S.; Ruj, S. Cryptomaze: Privacy-preserving splitting of off-chain payments. IEEE Trans. Dependable Secur. Comput. 2022, 20, 1060–1073. [Google Scholar] [CrossRef]
- Liu, Y.; Liang, W.; Xie, K.; Xie, S.; Li, K.; Meng, W. Lightpay: A lightweight and secure off-chain multi-path payment scheme based on adapter signatures. IEEE Trans. Serv. Comput. 2023, 17, 1622–1635. [Google Scholar] [CrossRef]
- Tairi, E.; Moreno-Sanchez, P.; Maffei, M. Post-quantum adaptor signature for privacy-preserving off-chain payments. In International Conference on Financial Cryptography and Data Security; Springer: Berlin/Heidelberg, Germany, 2021; pp. 131–150. [Google Scholar]
- Cai, X.; Ren, Y.; Zhang, X. Privacy-protected deletable blockchain. IEEE Access 2019, 8, 6060–6070. [Google Scholar] [CrossRef]
- Wang, L.; Peng, C.; Tan, W. Secure ring signature scheme for privacy-preserving blockchain. Entropy 2023, 25, 1334. [Google Scholar] [CrossRef]
- Torres, W.A.; Steinfeld, R.; Sakzad, A.; Kuchta, V. Post-quantum linkable ring signature enabling distributed authorised ring confidential transactions in blockchain. Cryptol. Eprint Arch. 2020. [Google Scholar]
- Hu, M.; Liu, Z.; Ren, X.; Zhou, Y. Linkable ring signature scheme with stronger security guarantees. Inf. Sci. 2024, 680, 121164. [Google Scholar] [CrossRef]
- Feng, M.; Lin, C.; Wu, W.; He, D. SM2-DualRing: Efficient SM2-based ring signature schemes with logarithmic size. Comput. Stand. Interfaces 2024, 87, 103763. [Google Scholar] [CrossRef]
- Gao, W.; Yao, H.; Qin, B.; Dong, X.; Zhao, Z.; Zeng, J. Post-quantum secure ID-based (threshold) linkable dual-ring signature and its application in blockchain transactions. Cryptography 2024, 8, 48. [Google Scholar] [CrossRef]
- Xue, Y.; Lu, X.; Au, M.H.; Zhang, C. Efficient linkable ring signatures: New framework and post-quantum instantiations. In European Symposium on Research in Computer Security; Springer: Berlin/Heidelberg, Germany, 2024; pp. 435–456. [Google Scholar]
- Beullens, W.; Katsumata, S.; Pintore, F. Calamari and Falaff: Logarithmic (linkable) ring signatures from isogenies and lattices. In International Conference on the Theory and Application of Cryptology and Information Security; Springer: Berlin/Heidelberg, Germany, 2020; pp. 464–492. [Google Scholar]
- Chen, J.; Gan, W.; Hu, M.; Chen, C.-M. On the construction of a post-quantum blockchain for smart city. J. Inf. Secur. Appl. 2021, 58, 102780. [Google Scholar] [CrossRef]
- Tong, X.; Zhou, J.; Cao, Z.; Dong, X.; Choo, K.-K.R. A ring signature with aggregation for ensuring privacy in blockchain transactions. IEEE Internet Things J. 2025, 12, 21001–21015. [Google Scholar] [CrossRef]
- Marchsreiter, D. Towards quantum-safe blockchain: Exploration of PQC and public-key recovery on embedded systems. IET Blockchain 2025, 5, e12094. [Google Scholar] [CrossRef]
- van der Linde, W.; Schwabe, P.; Hülsing, A.; Yarom, Y.; Batina, L. Post-quantum blockchain using one-time signature chains. Radboud Univ. Nijmegen Neth. Tech. Rep. 2018. [Google Scholar]
- Ye, Q.; Lang, Y.; Guo, H.; Tang, Y. Efficient lattice-based traceable ring signature scheme with its application in blockchain. Inf. Sci. 2023, 648, 119536. [Google Scholar] [CrossRef]
- Bernstein, D.J.; Hülsing, A.; Kölbl, S.; Niederhagen, R.; Rijneveld, J.; Schwabe, P. The SPHINCS+ signature framework. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11–15 November 2019; pp. 2129–2146. [Google Scholar]
- Shahid, F.; Khan, A. Smart digital signatures (SDS): A post-quantum digital signature scheme for distributed ledgers. Future Gener. Comput. Syst. 2020, 111, 241–253. [Google Scholar] [CrossRef]
- Zhang, K.; Cui, H.; Yu, Y. SPHINCS-α: A compact stateless hash-based signature scheme. Cryptol. Eprint Arch. 2022. [Google Scholar]
- Kudinov, M.; Hülsing, A.; Ronen, E.; Yogev, E. SPHINCS+ C: Compressing SPHINCS+ with (almost) no cost. Cryptol. Eprint Arch. 2022. [Google Scholar]
- Sun, S.; Liu, T.; Guan, Z.; He, Y.; Jing, J.; Hu, L.; Zhang, Z.; Yan, H. XMSS-SM3 and MT-XMSS-SM3: Instantiating extended Merkle signature schemes with SM3. Cryptol. Eprint Arch. 2022. [Google Scholar]
- Perera, M.; Nakamura, T.; Hashimoto, M.; Yokoyama, H.; Cheng, C.; Sakurai, K. A survey on group signatures and ring signatures: Traceability vs. anonymity. Cryptography 2022, 6, 3. [Google Scholar] [CrossRef]
- Zhang, X.; Steinfeld, R.; Liu, J.K.; Esgin, M.F.; Liu, D.; Ruj, S. DualRing-PRF: Post-quantum (linkable) ring signatures from Legendre and power residue PRFs. In Australasian Conference on Information Security and Privacy; Springer: Berlin/Heidelberg, Germany, 2024; pp. 124–143. [Google Scholar]
- Manoj, B.S.; Pathak, A. The Bitcoin Lightning Network: A Technical Primer. IEEE Access 2022, 10, 38355–38374. [Google Scholar]
- Twitter Help Center. About Tips on Twitter. Available online: https://help.x.com/en/using-x/tips (accessed on 23 June 2025).
- Bambysheva, N.; Staff, F. Bitcoin Strike Announces Shopify Integration, Partnerships with NCR and Blackhawk Bringing Bitcoin Lightning Payments To Major Merchants. 2022. Available online: https://www.forbes.com/sites/ninabambysheva/2022/04/07/strike-announces-shopify-integration-partnerships-with-ncr-and-blackhawk-bringing-bitcoin-lighting-payments-to-major-merchants/ (accessed on 23 June 2025).
- Hong, Z.; Guo, S.; Zhang, R.; Li, P.; Zhan, Y.; Chen, W. Cycle: Sustainable off-chain payment channel network with asynchronous rebalancing. In Proceedings of the 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, Baltimore, MD, USA, 27–30 June 2022; pp. 41–53. [Google Scholar]
- Song, D.; Lettner, J.; Rajasekaran, P.; Na, Y.; Volckaert, S.; Larsen, P.; Franz, M. SoK: Sanitizing for security. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), IEEE, San Francisco, CA, USA, 19–23 May 2019; pp. 1275–1295. [Google Scholar]
- Mazumdar, S. Towards faster settlement in HTLC-based cross-chain atomic swaps. In Proceedings of the 2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Virtual, 14–17 December 2022; pp. 295–304. [Google Scholar]
- Buchmann, J.; Dahmen, E.; Hülsing, A. XMSS–A practical forward secure signature scheme based on minimal security assumptions. In Post-Quantum Cryptography: 4th International Workshop, PQCrypto 2011, Taipei, Taiwan, 29 November–2 December 2011; Proceedings 4; Springer: Berlin/Heidelberg, Germany, 2011; pp. 117–129. [Google Scholar]
- Buchmann, J.; Dahmen, E.; Ereth, S.; Hülsing, A.; Rückert, M. On the security of the Winternitz one-time signature scheme. Int. J. Appl. Cryptogr. 2013, 3, 84–96. [Google Scholar] [CrossRef]
Introduction of Parameters |
---|
h: height of Merkle tree |
M: hash digest value of the message |
: hash function |
: pair of keys |
: node i of Merkle tree |
: central node of the Merkle tree |
: connectable ring signatures |
: one-time signed key pairs |
: one-time signatures |
: authentication path for signature creation by node i |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
He, L.; Zhou, X.; Cai, D.; Hu, X.; Liu, S. Post-Quantum Linkable Hash-Based Ring Signature Scheme for Off-Chain Payments in IoT. Sensors 2025, 25, 4484. https://doi.org/10.3390/s25144484
He L, Zhou X, Cai D, Hu X, Liu S. Post-Quantum Linkable Hash-Based Ring Signature Scheme for Off-Chain Payments in IoT. Sensors. 2025; 25(14):4484. https://doi.org/10.3390/s25144484
Chicago/Turabian StyleHe, Linlin, Xiayi Zhou, Dongqin Cai, Xiao Hu, and Shuanggen Liu. 2025. "Post-Quantum Linkable Hash-Based Ring Signature Scheme for Off-Chain Payments in IoT" Sensors 25, no. 14: 4484. https://doi.org/10.3390/s25144484
APA StyleHe, L., Zhou, X., Cai, D., Hu, X., & Liu, S. (2025). Post-Quantum Linkable Hash-Based Ring Signature Scheme for Off-Chain Payments in IoT. Sensors, 25(14), 4484. https://doi.org/10.3390/s25144484