A Scalable and Trust-Value-Based Consensus Algorithm for Internet of Vehicles

: As blockchain technology plays an increasingly important role in the Internet of Vehicles, how to further enhance the data consensus between the areas of the Internet of Vehicles has become a key issue in blockchain design. The traditional blockchain-based vehicle networking consensus mechanism adopts the double-layer PBFT architecture, through the grouping of nodes for ﬁrst intra-group consensus, and then global consensus. To further reduce delay, we propose a CRMWSL-PBFT algorithm (C-PBFT) for vehicle networking. Firstly, in order to ensure the security of RSU nodes in the network of vehicles and reduce the probability of malicious nodes participating in the consensus, we propose to calculate the reputation of RSU nodes based on multi-weighted subjective logic (CRMWSL) model. Secondly, in order to ensure the efﬁciency of blockchain data consensus, we improve the consensus protocol of traditional double-layer PBFT, change the election method of the committee and the PBFT consensus process, and improve throughput by reducing the number of consensus nodes. For the committee, we combine the credibility value and hash method to ensure the credibility of nodes, but also to ensure a certain degree of election randomness. For the PBFT consensus process, the regional committee consensus is carried out ﬁrst, and then the regional master node carries out the global consensus. Through experimental comparison, we show that the C-PBFT signiﬁcantly reduces consensus time, network overhead, and is scalable for Internet of Vehicles.


Introduction
With the rapid development of the Internet of Things and the continuous progress of 5G technology, the Internet of Vehicles is gradually coming into people's view.The Internet of Vehicles plays an important fundamental role in the field of transportation.The collection and sharing of traffic data between vehicles can better optimize the service quality of intelligent transportation systems [1].However, due to privacy and security concerns, vehicles may be reluctant to upload data to the Road Side Unit (RSU) for data sharing, thus hindering the development of future connected vehicles [2].
Due to the characteristics of blockchain technology such as distribution, anonymity, and non-comparability, many researchers have integrated blockchain technology with vehicle networking.Blockchain is used to establish a secure, trusted, and decentralized intelligent transportation ecosystem to solve part of the problem of vehicle data sharing [3].However, after the introduction of blockchain, the system needs to consume a lot of computing resources and storage resources to meet the data-sharing service.At the same time, in a highly dynamic vehicular networking environment, it is difficult to maintain a long-term communication connection between vehicles and RSU nodes.When the data synchronization speed in the blockchain network does not match the moving speed of vehicles, the high latency may cause data inconsistency between nodes in different regions, resulting in meaningless old data for vehicles and other problems.
As an integral component of blockchain technology, consensus algorithms serve the pivotal role of ensuring data consistency among distributed nodes.Many of the current studies combining IoV and blockchain consensus algorithms are based on traditional methods, including proof-of-work (PoW), proof-of-stake (PoS), entrusted proof-of-stake (DPoS), and practical Byzantine fault Tolerance (PBFT).However, the limited computational resources of RSU nodes within vehicular networks render them inadequate for the execution of PoW-based algorithms.Furthermore, consensus mechanisms such as PoS and DPoS, which hinge on stake-based incentives, may potentially introduce disparities in outcomes.A comparative analysis conducted by Kim et al. [4] evaluated the efficacy of PoW, PoS, and PBFT, concluding that PBFT holds the highest promise as a consensus algorithm within the context of vehicular networks.
Although there are many researches on the PBFT consensus algorithm in IOV [5][6][7], most of them are based on traditional single-chain structure.As the number of nodes increases, the communication complexity of traditional PBFT consensus algorithm increases rapidly and the consensus performance decreases sharply.Therefore, it is a great challenge to directly apply the PBFT consensus algorithm in the Internet of Vehicles.
Therefore, this paper proposes a double-layer PBFT consensus algorithm by region.Meanwhile, the committee election algorithm elects appropriate RSU nodes to participate in the consensus according to the credibility value, which solves the problem of low scalability of the PBFT algorithm due to the superlinear complexity due to excessive RSU nodes.
The main contributions of this paper are summarized as follows: (1) We propose a multi-weight subjective logic model to calculate the RSUs node's credit value more accurately.(2) We propose a committee election algorithm to select appropriate nodes to participate in consensus based on node reputation, reduce communication complexity, and improve the scalability of blockchain.(3) We propose a double-layer consensus structure algorithm, which firstly carries out regional consensus and then global consensus to reduce consensus latency and communication complexity.(4) We experimentally tested the proposed reputation assessment model RCMWSL and the C-PBFT consensus algorithm.
The rest of the paper is organized as follows.Section 2 presents related research on the reputation mechanism of IoV and research related to the scalability of consensus protocols.Section 3 presents the system model.Section 4 presents the proposed C-PBFT consensus algorithm.Section 5 analyzes the security properties of the proposed consensus algorithm.Section 6 provides simulation experimental results.Section 7 concludes the paper and discusses future research directions.

IoV Reputation
In recent years, researchers have designed reputation evaluation methods and models in the field of the Internet of Vehicles based on different theoretical methods.Li et al. [8] improved the subjective logical trust model and established a three-valued subjective logical trust model.The uncertainty of events is divided into a priori uncertainty and a posteriori uncertainty in the model, and the results of the events are simulated with Dirichlet-categorical distribution, and the propagation law of trust relationships among different entities is derived using Bayesian inference.Liu et al. [9] propose an improved reputation calculation method based on subjective logic.In this method, a concept of "familiarity" is introduced, that is, the weight of the evaluation opinion is high in the neighbor nodes that are familiar with the evaluated node.And this kind of the complexity of reputation calculation in this model is generally larger.Jaimes et al. [10] conducted reputation management based on entity.Due to the huge scale of the Internet of Vehicles network, it is easy to cause problems such as single-point bottlenecks and complicated calculation processes.Rivas et al. [11] considered all credit evaluation factors obtained from neighboring vehicles, which may lead to inaccurate credit evaluation and even security problems such as collusion attacks.Lin et al. [12] put forward the reputation model based on subjective logic, which mainly uses the theory of subjective logic to quantify the reputation information of nodes.The subjective logic defines the representation and calculation methods of credibility quantitatively.Moreira et al. [13] evaluated the reputation of vehicle nodes in an in-vehicle self-assembling network by judging the reliability of message content through the reliability of the message source.Josang et al. [14] proposed a subjective logical trust model that predicts the probability that something turns out to be trustworthy using a beta distribution.Yang et al. [1] also proposed a decentralized trust management system to evaluate the trustworthiness of received vehicle data by using blockchain and PoW and PoS consensus schemes.

Consensus Protocol Scalability
Although the PBFT algorithm is a satisfactory consensus solution in distributed systems, its scalability is low and the number of nodes involved in consensus has a direct impact on the communication complexity of the PBFT consensus algorithm, so researchers have tried to streamline the number of nodes involved in consensus by forming a consensus committee from all the nodes of the system and then releasing the consensus results to other nodes, thus improving the scalability of the system.
The Permacoin [15] algorithm then elects the leader based on the participant's free disk size.And the strategy for electing leaders can be used as a strategy for electing committees with slight modifications.The T-PBFT algorithm [16] combines the feature trust model with the consensus algorithm to evaluate the trust level of nodes, select some nodes with higher credit to participate in the consensus, and use the nodes with higher quality in the network to establish the consensus group instead of a single master node.PoPT [17] proposes an algorithm to measure the participation of nodes in a public chain system and elects a committee based on the participation ranking.The dBFT [18] algorithm elects the committee based on POS and associates nodes with the margin of node access to solve the disinterested problem of native POS.The Tendermint [19] algorithms elect committees based on PoS, which associate nodes with margins to solve non-benefit problems of native PoS.The Algorand algorithm [20] uses VRF to randomly select a subset of network nodes as a committee to ensure the unpredictability of committee members and improve the security and the scalability of the system.Due to the high communication complexity of the PBFT consensus algorithm in practical applications, many scholars have improved the PBFT algorithm from consensus structure.Li et al. [21] proposed a scalable multi-layer consensus mechanism based on PBFT.By layer-grouping nodes into different layers and limiting communication within groups, it was analyzed that the complexity of communication was minimal when the network was evenly distributed in subgroups in the second layer.Singh et al. [22] constructed a multi-level network model based on blockchain for security monitoring to ensure identity information security and enhance system reliability, but increased system management overhead.Fortino et al. [23] proposed a grouping algorithm based on reputation integral to improve the possibility of malicious nodes making errors, but did not consider the problem of reduced system communication performance when the number of nodes increased.Hou et al. [24] constructed a multi-layer blockchain to group users according to certain security levels and stored data of different levels into the chain of corresponding levels, to achieve secure data access control.Xu et al. [25] used a hashing algorithm to ensure that consistently nodes are grouped, which can avoid a large amount of communication between nodes, reduce the communication complexity of the network, and improve the scalability of the network, but cannot identify Byzantine nodes.Zhai et al. [26] proposed a bottom-up two-tier RSU chain consensus protocol (TLPBFT) based on blockchain and trust values, and the algorithm latency rises significantly when the number of regional nodes is high.Liu et al. [27] proposed a quality-of-service-based PBFT algorithm that reduces the inter-node consensus latency but does not consider the presence of malicious nodes in the group.

System Architecture
Figure 1 shows the blockchain IoV system model.The communication between vehicles or between vehicles and RSUs is wireless, while the communication between RSUs is wired communication.The model consists of the following main components: (1) Vehicle: The vehicle is equipped with an intelligent On Board Unit (OBU), which enables it to have functions such as sensing, computing, and storage.The vehicle is responsible for uploading its interaction records, feedback ratings, and other information to the RSUs.(2) RSU: Compared with the vehicles, the RSU has strong computing and storage resources as well as a sufficient energy supply, so the RSU is selected as the node of the blockchain network.In addition, the RSU needs to collect the communication data among vehicles within its communication range as well as the feedback rating data, update the reputation value of vehicles at the end of each cycle according to their behavior, and then package the results into blocks to be added into the blockchain network for global vehicles and other subjects to query.(3) Reputation Center (RC): The reputation center stores the latest reputation of vehicles and RSUs in the network.When the reputation obtained by RSUs from the vehicle side is too different from that stored by RSUs, RSUs will request the latest reputation of the corresponding vehicles from the RC.At the same time, the RC issues certificates for legitimate vehicles and RSUs and distributes public and private keys of vehicles and RSUs through secure channels.The model assumes that the RC is completely credible.

Network Model
Our model uses a partial synchronization model with known latency bounds ∆ and global stability time GST, where all transmissions between two replicas are reached in ∆ time after GST.

Security Properties
The C-PBFT algorithm should have the following properties: (1) Safety At the same block height, any two honest nodes submit the same blocks.(2) Liveness If a transaction is received by an honest node, then that transaction will eventually be included in the honest node's ledger.

C-PBFT Consensus Algorithm 4.1. Algorithm Design Overview
In this section, we construct a double-layer consensus algorithm C-PBFT based on the PBFT consensus algorithm, one of the challenges of which is that the original PBFT algorithm selects master nodes arbitrarily, which may make malicious nodes become master nodes consecutively, thus wasting network resources, so we propose the multi-weight subjective logic model CRMWSL to calculate node reputation values, as seen in Section 4.2.Another challenge is that the scalability of the PBFT algorithm is poor.Therefore, the committee election algorithm is designed to select appropriate nodes to participate in the consensus based on node reputation value and reduce the number of nodes participating in the consensus, as shown in Section 4.3.At the same time, a double-layer consensus structure was designed, and nodes were divided into regions to carry out regional local consensus and interval global consensus, as shown in Section 4.4.
The key symbols used in this paper are listed in Table 1.

E
The initial reputation value of the node predefined in the system

Reputation Calculation Using Multi-Weighted Subjective Logic Model
When a vehicle and an RSU interact positively, the vehicle generates a good rating for the RSU.Positive engagement indicates that the vehicle believes the RSU provides relevant and helpful services or that the data supplied by the RSU is accurate.On the contrary, some malicious vehicles may generate malicious evaluations for RSUs to provide false information, too many malicious evaluations will harm RSU node reputation, and false evaluations will result in some malicious nodes being elected to the committee, resulting in unreliable and insecure consensus networks.
Therefore, it is necessary to design a secure and efficient RSU node reputation value evaluation model and prevent collusion between RSUs and vehicles, and selecting suitable candidate nodes to build the consensus committee by reputation value can ensure a safe and reliable consensus process.In this section, a multi-weighted subjective logic model is proposed for the calculation of the reputation value of RSU nodes.

Local Opinions of Subjective Logic
The RSU j corresponds to the vehicle V i in the region, and based on its communication data interaction with the RSU j and the predefined subjective logic model, the local opinion vector ω t x i→j := {b t x i→j , d t x i→j , u t x i→j } of the vehicle V i in the time window evaluates the reputation value of the RSU j : In this case, vehicle V i interacts with the RSU j during traveling with data, such as crowdsensing or vehicle data sharing.The local opinion of the subjective logic model V i on the RSU j can be formally described as a local opinion vector ω t x i→j := {b t x i→j , d t x i→j , u t x i→j }, where b t x i→j , d t x i→j , u t x i→j stand for trust, distrust, and uncertainty, respectively.b t x i→j , i→j is the number of positive interactions between vehicle V i and RSU j , and β t x i→j is the number of negative interactions between vehicle V i and RSU j , where positive interactions mean that vehicle V i believes that the service provided by RSU j is relevant and useful.A negative interaction means that vehicle V i does not believe that the service provided by RSU j is relevant and useful.q t x i→j is the communication quality of the link between vehicle V i and RSU j , that is, the probability of successful packet transmission, which determines the uncertainty of u i→j in the local opinion vector.Based on the local opinion vector ω t x i→j := {b t x i→j , d t x i→j , u t x i→j } in the time window of vehicle V i , the expression of the initial credit value evaluated by vehicle V i to RSU j is determined as follows: where 0 ≤ γ ≤ 1 is a given constant, representing the degree of influence of uncertainty on credit value.

Multi-Weight Local Opinions of Subjective Logic
Local opinions using the subjective logic model are affected by different factors.When considering weighted operation, traditional subjective logic evolves to multi-weighted subjective logic.We consider the following weights to form a partial opinion: • Interaction Frequency: The higher the interaction frequency means that vehicle V i has more prior knowledge of RSU j , so the calculation of V i 's credit value to RSU j is more accurate and reliable.The interaction frequency of V i with RSU j is the number of times V i interacts with RSU j , the ratio of V i to the number of times V interacts with RSU j and other interactions in a time window.For distinction, the frequency of interaction between vehicle V i and RSU j in this step is expressed as IF 0 i→j : , where z is the set of all RSUs interacting with vehicle V i in the time window, with N elements.The higher the interaction frequency, the higher the reputation expectation of vehicle V i on RSU j .• Timeliness of Interaction: Recent behavioral events with a higher degree of freshness are weighted more heavily than past events.In order to reflect the effect of reaction time on reputation, a freshness decay function is defined to represent the freshness of a behavioral event: , where Υ ∈ (0, 1) is a given decay parameter about the freshness of an event.In a time period X, the local opinion vector of vehicle V i on the evaluation of RSU j is expressed as where ψ x represents the freshness attenuation function, b t x i→j , d t x i→j and u t x i→j are shown in Formula (1).

•
Interaction Effects: Positive interactions increase the reputation value of RSU nodes, while negative interactions decrease the reputation of RSU nodes.In general, the effects of negative events are much more serious in public opinion than positive effects, so the interaction effects of messages have higher weights on local opinions.The weight of positive interaction is χ, and the weight of negative interaction is τ, where χ + τ = 1, χ < τ.Combining the interaction timeliness and the weight of the interaction effect, the positive and negative interaction effects of V i and RSU j are expressed as follows: V Among them, V α i→j represents the positive interaction between V i and RSU j , while V β i→j represents the negative interaction effect between V i and RSU j .Therefore, according to Formulas (3), (5), and (6), the interaction frequency of V i and RSU j is updated as follows: where IF i→j is the result of updating the IF 0 i→j of formula (3).• Distance Factor: Considering the influence of the geographical location where the vehicle Vi sends the message, that is, the farther the geographical location where the message is generated is from the geographical location where the event occurs, the lower the event weight.Assuming that the distance between the location where the event is generated and the location where the message is sent is 0-L, we believe that the information is credible in terms of distance factors.
The factors influencing distance are shown as follows: where ) and (X, Y) are the location coordinates of the message generated by vehicle Vi and the geographic location coordinates of the message generation, respectively.Therefore, the overall credibility value weight of the local opinion is

Recommended Opinions of Subjective Logic
For each vehicle, the vehicle collects the local opinion vector of other vehicles that have communication data interaction with the RSU j to evaluate the RSU j 's credit value within a time period and the corresponding credit value weight δ, and uses the collected local opinion vector corresponding to the credit value weight δ to merge all the collected local opinion vectors into one recommended opinion.The formula expression is as follows: Vehicle V i merges to get a recommendation as ω rec s→j := {b rec s→j , d rec s→j , u rec s→j }, where S ∈ S indicates that vehicle S belongs to the recommended vehicle set S.

Combining Local Opinions with Recommended Opinions
After obtaining a local opinion vector for the RSU from other vehicles, a particular vehicle has a subjective opinion for each RSU based on its interaction history.This partial opinion should still be taken into account when forming the final initial credit rating of a single vehicle to avoid deception.
After V i combines the local opinion vector of its own credit evaluation of RSU j in a time period with the merged recommendation opinion, the resulting credit opinion can be expressed as u rec s→j u i→j u i→j +u rec s→j −u rec s→j u i→j (10) Similar to Equation (2), Vi's final reputation opinion on RSU is where ε is the initial creditworthiness of any predefined node in the system and is a negligible non-zero positive number.In a certain period, RSU j receives all vehicles in the corresponding area to evaluate its credit value and gets the initial credit value, and then adds it to get its own node credit value R j .

Committee Election Algorithm
This section defines the election function f Sele H (•) for the consensus committee.In order to ensure the randomness of the election, it is necessary to ensure the fluidity of the node election committee that meets the credibility threshold.Elections provide two important attributes, namely public key pk and node reputation R, node p i first performs h j ← H(pk j , R j ) operations on its own public key pk and reputation value R i to obtain the hash value h i , which is basically evenly distributed between 0 and 2 hashlen(h j ) − 1.Therefore, whether to be selected to the committee is randomly selected according to the credibility of the nodes.When R j − h j 2 hashlen(h j ) > 0, where the hashlen(.)function is used to calculate the bit length of a given hash, node p i meets the inclusion condition, and node p i is added to the committee CO.
The algorithm pseudo-code is described in Algorithm 1.

Double-Layer Consensus Structure
In the Internet of Vehicles environment, due to the wide range of vehicle activities, a large number of RSU nodes, and high communication complexity, it is necessary to design a network structure with scalability and flexibility to cope with the rapid change in network topology when vehicles are running.
In this paper, we propose a double-layer PBFT consensus structure, as shown in Figure 2, with n nodes in the first layer and m nodes in each region in the second layer, i.e., a total of n + m nodes.Where the replica of the committee in the first layer is noted as r 1 i (superscript 1 indicates the number of layers, and subscript i indicates the region), r 1 i serves as the leader of the corresponding replica of each regional committee in the second layer r 2 i .An upper layer r 1 i together with the r 2 i in its region forms a regional consensus committee.As shown in Figure 3, the C−PBFT consensus process is divided into two parts: first, regional local consensus is carried out, and then global consensus is carried out.(1) Pre-prepare Phase The regional master node p of the target regional committee assigns the serial number to the request message in the transaction pool and broadcasts the preparatory message PRE − PREPARE 2 , v, h, d σ p , e > to all nodes of the regional committee.PRE − PREPARE 2 , v, h, d σ p is the signature of the master node p of the target regional committee using its own private key, v indicates the view number, h indicates the sequence number assigned to the request message e, and d represents a summary of the request message e.
(2) Prepare Phase After receiving the PRE − PREPARE 2 message from the primary node p, node RSU k uses the corresponding public key for verification.After the verification is successful, node RSU k sends a < PREPARE 2 , v, h, d, k > σ k message, indicating the signature message of node RSU k , to other nodes in the owning area committee, including the primary node.
(3) Commit Phase If RSU k receives 2 f + 1 PREPARE 2 messages that pass the authentication, RSU k enters the confirmation phase.The COMMIT 2 , v, h, d, k σ k multicast message is sent to the node that receives 2 f + 1 PREPARE 2 messages that pass the authentication.
(4) Reply Phase If node RSU k receives 2 f + 1COMMIT 2 messages that pass the authentication, it indicates that most nodes in the current regional committee have reached a consensus.Node RSU k sends a reply message < REPLY 2 , v, t, c, k, r > σ k to the area master node p of the region, where r represents the execution result of the requested operation.Master node p of the area confirms that the area has reached a consensus by checking that more than f + 1 members in the current area, including itself, reply to the REPLY 2 message with the same serial number.The regional master node sends a request to the first-layer master node p to send the consensus data m to the first-layer master node, opening a new round of consensus requests.
The algorithm pseudocode is described in Algorithm 2.

Algorithm 2 Regional Local Consensus Pseudocode
Input: < REQUEST

Global Consensus
The primary node of Layer 1 makes global consensus according to the time order of messages in the transaction pool.The primary node of Layer 1 sends << PRE − PREPARE 1 , v, h, d >, e > σi messages to all regional primary nodes, where σ i represents the signature of the primary node of Layer 1, i.The preparation phase, preparation phase, and confirmation phase in the global consensus are similar to those in the local consensus and will not be repeated here.
All regional master nodes will reply to the message REPLY 1 , v, t, c, i, r σi directly to the requesting vehicle.If the requesting vehicle receives f + 1 REPLY 1 messages, the consensus is successful.i indicates the number of the primary node in the area, REPLY 1 is the flag description, v indicates the number of the current view, t stands for the timestamp, c indicates the requested vehicle number, and r indicates the result of the requested operation.After the above process is completed, the master nodes in all areas send the reply message REPLY 1 directly to the client, that is, to request the vehicle.After the client receives f + 1 REPLY 1 , the consensus is successful.After the two−tier consensus of the target regional committee is completed, the remaining nodes of the blockchain network copy the data locally.
The algorithm pseudocode is described in Algorithm 3.

Safety Analysis
First, the committee election algorithm elects suitable nodes in each region to participate in consensus, the selected committee meets the honest majority, and the regional committee performs the PBFT algorithm for consensus, because the PBFT algorithm, for all locally confirmed client requests, all normal replica nodes in the system must agree on the message serial numbers of these requests, so it ensures the consistency within the region, and regional consensus is completed.After the regional master node sends a message to the leadership master node, the leadership master node broadcasts for inter-regional consensus, and after the inter-regional PBFT consensus is completed, the data is synchronized among the regions, which ensures the data consistency across regions.Therefore, our algorithm satisfies the security.

Liveness Analysis
If the master node is evil, our proposed reputation value evaluation algorithm quickly reduces the master node reputation value so that it does not satisfy the master node condition, while the PBFT view replacement protocol replaces the master node, specifically, our algorithm can handle the situation where consensus cannot be reached and prevent malicious master nodes from not forwarding messages to honest nodes.Thus, the activity of the system is ensured.

Honest Majority of the Committee
Lemma 1.Among the elected members, more than half of the nodes are honest, except for the negligible probability δ(m).
Proof.In the worst case, all nodes have a reputation value of 1.The committee election can be viewed as an independent random sampling problem, and the probability that node p i is elected to the committee is where m is the committee size, k is the node number, and µ j is the reputation value of each node p i .Suppose that the probability that the node representing the election is an honest node and the probability that the node representing the election is a Byzantine node, the random variable A represents the number of honest nodes in the committee, and the random variable B represents the number of Byzantine nodes in the committee.The random variables A and B satisfy the following binomial distribution: Pr Let X and Y be denoted as When neither X nor Y holds, the nature of the honest majority of the committee holds.Pr[X ∪ Y] represents the probability that at least one of X and Y holds: where . By the Binomial Tail Inequality [28], it follows that: where n and β are constants.Thus, in the worst case, except for the negligible probability, the committee honest nodes will be in the majority.Under normal conditions, the reputation values of all honest nodes and a few Byzantine nodes are close to 1, while the reputation values of the remaining Byzantine nodes are smaller than the reputation values of honest nodes.This indicates that the reputation value of a node basically correctly reflects the probability of a node being an honest node.According to the probability of each node being elected to the committee as , it is clear that nodes with higher credibility are more honest and more likely to become committee members.Therefore, there are It shows that, in the process of election committee, the probability of honest majority is higher in normal circumstances than in the worst case.

Attacks Discussion
Next, we discuss the possible attacks on the consensus algorithm proposed in this paper, which include both internal and external attacks, and show how they are mitigated and defended against by our algorithm.
Internal Attacks.An attacker may collude with nodes in the blockchain network or inject malicious nodes into the blockchain network in order to perform malicious acts and attack the consensus process from within the network.
Internal attacks can be classified into two cases depending on the type and behavior of the node.
(1) The master node may be a malicious node.
Malicious primary nodes intentionally generate divergent pre-prepared messages and transmit them to other nodes.In the PBFT's prepare and commit phases, nodes engage in voting amongst themselves.If the pre-prepared messages from the primary node are inconsistent, replica nodes can readily detect this discrepancy.Consequently, replica nodes will abandon the consensus proposed by the primary node and await the re-presentation of transactions by other nodes.Simultaneously, the credibility assessment mechanism and the view change protocol ensure that the malicious behavior of the primary node is curtailed within reasonable bounds.(2) The malicious nodes predict the master node in advance to carry out the attack.
Our proposed consensus algorithm utilizes a committee election mechanism to randomly designate primary nodes.This approach ensures a certain degree of randomness while still maintaining the requirement that nodes meet the credibility threshold.This prevents the scenario wherein the node with the highest reputation consistently acts as the primary node, thereby thwarting malicious nodes from preemptively predicting the primary node.External attack.An attacker may maliciously attack the nodes in the blockchain network to make them behave maliciously and thus attack the consensus algorithm from the external network.
This paper mainly includes the following cases: (1) The data is tampered and forged.
The RSU nodes within the system employ techniques such as pseudonymous identification, hash algorithms, and digital signatures.To safeguard against data tampering, the blockchain system utilizes asymmetric encryption technology.As a result, nodes lacking the requisite private keys are incapable of forging the identities of other nodes or the signatures of their messages.The integration of blockchain technology and digital signatures substantially elevates the cost of successful impersonation by potential attackers, thereby reinforcing the overall system's reliability.(2) On-off attack by malicious nodes.
The so-called On-off attack is when the attacker performs well for a period of time to enhance its reputation value, and when it accumulates to a high reputation value, it suddenly launches an attack until the reputation value is about to drop to a certain value, and then stops doing evil and becomes a normal node.
Our CRMWSL reputation value calculation model can achieve high-precision reputation calculation.Due to the recommendation of other vehicles and the multi-weight calculation of nodes, the reputation value of evil nodes will drop sharply, and below the threshold value will be withdrawn from the committee to participate in consensus.Also according to different environments, the trust threshold can be increased appropriately, which will distinguish more abnormal nodes.

Performance Evaluation
This experiment is divided into two parts of testing, which are divided into testing the CRMWSL reputation value calculation model and testing the performance of the C-PBFT consensus algorithm.The consensus algorithm test part uses go language to simulate the C-PBFT algorithm, and the throughput and latency are evaluated for 30, 60, 90, 120, 150, 180, and 210 nodes, respectively.The experimental test was performed 100 times, each time the client sent 200 request messages, and the average of 100 times was taken as the test result.Major parameters used in the simulation are listed in Table 2.
The CRMWSL model test uses the San Francisco taxi data set, which records the moving tracks of 536 taxis in a month.Figure 4 shows the track distribution points of 200 taxis in a month,whose latitude and longitude are 37.73~37.80and −122.50~−122.38,respectively.400 RSUs are deployed in this area for testing, and the update period of RSU reputation is 1 min.

Reputation Value Change Rate
In the proposed CRMWSL scheme, vehicles calculate the reputation values of candidate nodes based on local opinions and recommendations from other vehicles.The CRMWSL scheme is compared with the traditional subjective logic (TSL) scheme [29] and the MWSL scheme [30], which is a typical model that uses linear functions to calculate reputation.That is, Assuming that the probability of abnormal behavior of the abnormal vehicle is 70%, and the abnormal vehicle interacts with other normal vehicles through RSUs, the reputation value of the target RSU decreases over time.Figure 5 shows the change in the reputation of the malicious miner candidates for three schemes: (i) MWSL scheme, (ii) TSL scheme, and (iii) CRMWSL scheme.It can be seen that the CRMWSL scheme updates the reputation value more accurately, resulting in a lower reputation value for anomalous RSUs.After 7 min, the reputation value drops to 0.5, which is lower than that of the TSL and MWSL schemes, implying that the probability of anomalous RSUs being detected is higher in the CRMWSL scheme when the trust threshold is 0.5.Due to the weight of interaction frequency, timeliness, and interaction effects on the recommended and local opinions, the reputation value of RSU nodes in the CRMWSL scheme falls below the trust threshold faster than in the TSL scheme and MWSL scheme.Therefore, the proposed scheme achieves more accurate reputation calculation and is more secure and fair during committee elections.

Malicious RSUs Detection Success Rate
As depicted in Figure 6, our observations reveal distinct trends in the detection rates of 10 malicious RSU nodes over a 60-min interval.Notably, as the trust threshold increases, the scheme's capability to distinguish abnormal nodes also grows.In this context, our CRMWSL scheme outperforms both the MWSL and TSL schemes in successfully detecting malicious RSUs.
More specifically, when the detection success threshold is set to 0.45, the CRMWSL scheme achieves a 100% detection rate, which significantly surpasses the performance of the MWSL and TSL schemes.These results underscore the CRMWSL scheme's ability to reliably identify potential security threats, thereby enhancing the overall security level of the system.

Communication Overhead
The communication complexity analysis of the C-PBFT consensus algorithm: Local consensus is performed first in the region.
(1) In the pre-prepare phase, each group master node broadcasts the message to each node of the committee, and the communication overhead is u −1 at this time.(2) In the prepare phase, when each RSU node that receives the message sends a verification message to all nodes in the group except its own node, and the overhead is (u − 1)(u − 1) at this time.(3) In the commit phase, in which all nodes receive verification messages from other nodes in the previous phase, the nodes confirm and count the number of messages received, and the overhead is u(u − 1) at this time.(4) In the reply phase, each node sends a reply message to the master node, and the communication volume is u − 1.
The first layer of node consensus is performed, and since there are n groups involved in consensus, a total of n nodes are involved in the first layer.
(1) In the pre-prepare phase, when the master node in each region receives enough feedback messages, this message is put into the first layer transaction pool, and the first layer master node reads the transaction and broadcasts it to all nodes in the first layer, at this time the communication overhead is n − 1.
(2) The communication overhead of the prepare and commit phases is similar to that of the first round of consensus in the bottom layer; then, its communication overhead is n(n − 1) + (n − 1)(n − 1).(3) In the reply phase, each regional master node sends a reply message to the master node, and the communication is n − 1.
Therefore, the number of communications for the improved C-PBFT consensus algorithm to complete a consensus process is the total communication complexity, as shown in Equation (20).
The number of communications in a consensus process of the original PBFT consensus algorithm is C 2 = 2m 2 n 2 − 2mn.
Figure 7 shows a comparative analysis of the communication overhead between PBFT and C-PBFT consensus algorithms.It is clear that the communication overhead generated by C-PBFT is significantly lower throughout the blockchain network, and this overhead gradually increases as the number of consensus nodes increases.The reduction of communication overhead is mainly attributed to the reduction of the scale of consensus nodes by the C-PBFT algorithm.A node only needs to send messages to regional committee nodes instead of to all nodes.When the number of network nodes is 180, the communication overhead of PBFT is 43,832, and that of C-PBFT is 20,608 (three groups).This represents a significant 68% reduction in communication overhead.

Consensus Latency
As can be seen from Figure 8, the consensus delay of the three algorithms increases gradually as the number of nodes increases.The consensus delay of PBFT is the highest when the number of nodes is different, and the C-PBFT algorithm is lower than PBFT and TLPBFT on the whole, because the reputation calculation model of the C-PBFT algorithm is more flexible than TLPBFT, and the reputation value of nodes is obtained through the integration of local opinions and recommendation opinions.The identity of the primary node selected by the C-PBFT algorithm is not easy to be attacked by malicious prediction, and the consensus node cluster is more credible, does not lead to frequent view conversion, has lower consensus delay and higher consensus efficiency, and further reduces the number of consensus nodes by using committee strategy.

Throughput
As shown in Figure 9, with the continuous increase of the number of nodes, the throughput of the three algorithms shows a trend of decline.The throughput of the C-PBFT algorithm is higher than that of PBFT and TLPBFT, because C-PBFT elects committees in each region to participate in the consensus, reducing the number of consensus nodes, thus reducing the communication overhead, and the advantage becomes more obvious as the number of nodes increases.Therefore, in the networking of vehicles, the C-PBFT algorithm can maintain high efficiency and stability.

Conclusions
To meet the requirements of vehicle speed, latency, and communication overhead in the actual environment of vehicle networking, this paper modified the original PBFT consensus structure and designed an extensible double-layer PBFT consensus algorithm.In addition, a multi-weight subjective logic model CRMWSL for calculating reputation value is proposed, in which factors such as interaction frequency, event timeliness, and distance are taken into account to achieve accurate calculation of RSU node reputation value.Meanwhile, suitable nodes are elected into the committee to participate in consensus according to their reputation values, which further reduces communication overhead and improves blockchain scalability.

Figure 3 .
Figure 3.The whole process of C-PBFT's consensus.4.4.1.Regional Local Consensus Node RSU k receives the request message m sent by the requesting vehicle in the target area in the format of < REQUEST 2 , o, t, c > σ c , and node RSU k puts the request message e into the transaction pool in the target area, where O indicates that node RSU k receives the request message e sent by the requesting vehicle in the target area in the format of < REQUEST 2 , o, t, c > σ c , and node RSU k puts the request message e into the transaction pool in the target area, where O indicates the specific operation to be performed, t indicates the timestamp, which is the time when the requesting vehicle sends the request message to the RSU k , c indicates the requested vehicle number, and σ c indicates the request for vehicle signature, REQUEST 2 's superscript 2 indicates the request at the second layer.
T l i→j = (1 − k)T ave + kT las , where T ave = b ave x→j + 0.5u ave x→j and T las = b las i→j + 0.5u las i→j , where k is the weight, set to 0.5.b ave i→j and u ave i→j are the average values of b i→j and u i→j of other vehicles, respectively.b las i→j and u las i→j of the RSU are the latest b i→j and u i→j in the local opinion of vehicle V i .

Figure 5 .
Figure 5.The change rate of reputation value of malicious RSUs.

Figure 6 .
Figure 6.Detection rate under different trust thresholds.

Figure 8 .
Figure 8.The consensus latency of the three consensus algorithms.

Figure 9 .
Figure 9.The throughput of the three consensus algorithms.

Table 1 .
The main symbols.
i→j , d i→j , u i→j A local opinion vector ω i→j from a vehicle V i to RSU j F i→j Vi's expected beliefs about RSU α i , β i The number of positive/negative interactions χ, τ The weight of positive/negative interactions R i Reputation value of node i n Number of regions u Average number of nodes in each committee m Average number of nodes in each region Υ The given decay parameter for event freshness 2 , o, t, c > σc Output: < REPLY 2 , v, t, c, k, r > σk 1. while valid < REQUEST 2 , o, t, c > σc received = True do 2. broadcast << PRE − PREPARE 2 , v, h, d > σp , e 2 > to r 2 in same consensus group.3. end while 4. while valid << PRE − PREPARE 2 , v, h, d > σp , e 2 > received = True do 5. broadcast < PREPARE 2 , v, h, d, k > σk to r 2 in same consensus group.6. end while 7. while valid < PREPARE 2 , v, h, d, k > σk received = True do 8. if number of valid < PREPARE 2 , v, n, d, k > σk > 2 f + 1 then 9. broadcast < COMMIT 2 , v, h, d, k > σk to r 2 in same consensus group.10. end if 11. end while 12. while valid < COMMIT 2 , v, h, d, k > σk received = True do 13.

Table 2 .
Parameter setting in the simulation.