A Stealthy Communication Model with Blockchain Smart Contract for Bidding Systems

Abstract

With the widespread adoption of blockchain technology, its public ledger characteristic enhances transaction transparency but also amplifies the risk of privacy breaches. Attackers can infer users’ real identities and behaviors by analyzing public transaction patterns and address relationships, posing a severe threat to users’ privacy and security, and thus hindering further advancements in blockchain applications. To address this challenge, covert communication has emerged as an effective strategy for safeguarding the privacy of blockchain users and preventing information leakage. But existing blockchain-based covert communication schemes rely solely on the immutability of blockchain itself for robustness and suffer from low transmission efficiency. To tackle these issues, this paper proposes a stealthy communication model with blockchain smart contract for bidding systems. The model initiates by preprocessing sensitive information using a secret-sharing algorithm-the Shamir (t, n) threshold scheme-and subsequently embeds this information into bidding amounts, facilitating the covert transfer of sensitive data. We implemented and deployed this model on the Ethereum platform and conducted comprehensive performance evaluations. To assess the stealthiness of our approach, we employed a suite of statistical tests including the CDF, the Kolmogorov–Smirnov test, Welch’s t-test and K–L divergence. These analyses confirmed that amounts carrying concealed information were statistically indistinguishable from regular transactions, thus validating the effectiveness of our solution in maintaining the anonymity and confidentiality of information transmission within the blockchain ecosystem.

1. Introduction

Blockchain technology is revolutionizing various fields such as financial transactions, smart contracts, and supply chain management with its decentralization, transparency, and immutability [1,2]. Despite offering a highly secure distributed ledger, the public nature of the blockchain ledger also raises privacy concerns. Although users’ identities and transaction information are encrypted, the increasing amount of blockchain data makes de-anonymization attacks possible [3]. Attackers can infer users’ real identities and transaction behaviors by analyzing public transaction patterns and address relationships, thus threatening users’ privacy and security. This also limits the widespread application of blockchain technology in scenarios with higher privacy requirements [4].

The most straightforward method of privacy protection is to upload encrypted information to the blockchain, which can only be decrypted by nodes holding the key [5,6,7]. However, this solution somewhat contradicts the fundamental principles of blockchain, as it is a distributed database whose blocks must be mutually recognized and maintained. Another approach to solving this issue is to introduce a mixing system service, which conceals the relationship between incoming and outgoing transactions by switching between different users’ transactions. However, we cannot be sure whether the transaction information is recorded by the service provider, leading to potential privacy leaks [8].

Covert communication [9,10,11], as a technology for transmitting covert information within normal communication, provides a new strategy for addressing privacy protection issues in blockchain [12,13]. By establishing covert channels within the blockchain network, it is possible to protect the privacy of sensitive information without sacrificing the system’s transparency. This method allows users to transmit encrypted information through covert channels during blockchain transactions, thereby protecting user privacy and defending against de-anonymization attacks without drawing attention from outsiders.

Current research focuses on blockchain-based storage covert channels. Common carriers of blockchain-based covert storage channels are special fields for on-chain transactions, including the coinbase transaction of Bitcoin [14,15], custom storage fields [16,17,18], input/output addresses [19,20,21], and digital signatures [22,23,24]. However, these fields often exhibit distinct formats and characteristics [25], leading to noticeable discrepancies between fields containing secret information and normal ones, which in turn diminishes the stealthiness of the model. Furthermore, the robustness of previous blockchain-based covert channel models often relies solely on the blockchain’s inherent immutability, and they have low channel capacity.

To address this issue, this paper proposes a stealthy communication model with blockchain smart contract for bidding systems. This mechanism embeds certain sensitive information in the blockchain, such as transaction content and identities of the transacting parties, into the transaction amounts for transmission and storage, thus preventing attackers from obtaining and analyzing it. At the same time, we use secret-sharing to preprocess sensitive information, enhancing the robustness and transmission efficiency of the scheme. Additionally, another advantage of this method is that it does not require extensive modifications to the underlying architecture of the blockchain system. It simply adds a layer of covert communication mechanisms on top of the existing system, making it highly practical and feasible. Our contributions can be summarized as follows.

• A stealthy communication model with blockchain smart contract for bidding systems is proposed, which can effectively reduce the risk of blockchain privacy leakage.
• The proposed scheme uses the secret-sharing algorithm to enhance the robustness of the system and supports the adjustment of transmission parameters to ensure the transmission performance.
• The experimental results show that by adjusting the transmission index of the proposed scheme, the concealment, robustness, and channel capacity can be taken into account, and the availability and effectiveness of the scheme are effectively improved.

The structure of this paper is as follows. In Section 2, we introduce the relevant background knowledge of smart contracts. In Section 3, the stealthy communication model with blockchain smart contract for bidding systems proposed and its design goals are introduced. In Section 4, we will introduce the details of the model and algorithm. In Section 5, we will perform implementation and experimental evaluation on the proposed scheme. In Section 6, we review the related research on blockchain-based covert channels. Finally, we summarize the content of this paper and put forward the prospect in Section 7.

2. Preliminaries

The concept of smart contracts was first proposed by Nick Szabo in 1996 and is defined as ‘computerized trading agreements that enforce contract terms’. It is designed to meet common contract conditions and reduce the need for trusted third parties [26]. However, due to the technical limitations and lack of awareness at that time, smart contracts were not widely used, and the emergence of blockchain technology in 2008 provided a feasible solution for smart contracts. With its invariance, decentralization, and traceability, the blockchain provides a trusted execution environment for smart contracts [27]. Ethereum discovered the possibility of combining blockchain with smart contracts and established a set of specifications and frameworks for smart contracts in the white book ‘A next-generation smart contract and decentralized application platform’ [28], which greatly promoted the development of smart contracts. The covert channel proposed in this paper is based on the smart contract of Ethereum platform. Therefore, the following will introduce in detail the process of building and participating in smart contracts on the Ethereum platform.

As shown in the Figure 1, the user first creates a personal account for their Ethereum wallet, which is generated based on public key encryption and includes the user’s address and balance. Then the user deploys the compiled smart contract code to the blockchain, and the contract account is generated after the contract is successfully deployed, which includes the contract address, balance, status, and code. Other personal accounts can invoke the smart contract on the chain through the contract address, save/take Ether to the contract, or change the contract status according to the code.

The blockchain smart contract is only a computer code stored on the blockchain and is automatically executed when the predetermined terms and conditions are met. Therefore, its execution does not require manual intervention, and it can be executed only if the specified conditions are satisfied. Under the premise that our scheme strictly abides by the Ethereum rules, transactions executed according to the logic of smart contract code can be written to blocks normally, so it is feasible to construct covert channels based on blockchain smart contracts.

3. System Design

In this section, we introduce the system model, the threat model, and the design goals of our proposed models.

3.1. System Model

This section introduces the stealthy communication model with blockchain smart contract for bidding systems proposed in this paper. Figure 2 shows the system model of the proposed scheme.

As shown in Figure 2, the complete stealthy communication process can be divided into the following parts:

• Off-chain negotiation: The sender and the receiver complete the information pre-negotiation out of chain. It can be achieved through other means of communication between mobile devices, e-mails, and other communicators. The off-chain negotiation information may include the receiver’s wallet address, hidden information coding rules, embedding location, and mode selection.
• Contract generation and deployment: The communication receiver creates and deploys the contract by using off-chain negotiation. For example, the parameters used to embed secret information, the number of parameters and the chain where the deployment is located. Once confirmed by the miners, the contract will be formally deployed to the blockchain and cannot be tampered with. The smart contract after successful deployment will be recorded in the ‘contract pool’ of the contract creator (receiver). According to the information processing and transmission rules in the covert channel model, the sender can call the corresponding smart contract in the ‘contract pool’ to transmit secret information.
• Covert information preprocessing: The sender first encrypts or encodes the data T to be transmitted according to the results of the off-chain negotiation, so that the processed information T′ meets the requirements of the embedded format, thereby improving the confidentiality and availability of the information.
• Information transmission: The sender calls the contract in the receiver’s ‘contract pool’ and embeds the processed secret information into the contract parameters in a specified order. When the smart contract is invoked, the receiver can view the corresponding parameters in the transaction.
• Information extraction: The information receiver, that is, the creator of the contract, obtains the address information and the corresponding parameters according to the record, from which the sender sends the T′ in advance.
• Information restoration: The receiver decodes and decrypts the extracted T′ according to the rules to obtain the initial secret information.

3.2. Threat Model

We assume that there is an adversary with strong monitoring and data analysis capabilities in the blockchain network. The adversary can monitor and analyze the contracts and data in the blockchain network to detect stealthy communication. Therefore, it is easy for adversaries to obtain the characteristics of blockchain transactions. At the same time, the adversary will use statistical methods to detect transactions. After detecting the covert channel, it can prohibit the invocation of its related contracts. In the evaluation, we will also use these techniques to evaluate the invisibility of our scheme.

3.3. Design Goals

In this section, we introduce the design goals of the proposed stealthy communication model with blockchain smart contract for bidding systems, including high concealment, strong robustness, and high channel capacity.

• High concealment: Concealment means that the adversary cannot distinguish between covert information and normal information and cannot detect covert channels. In the model proposed in this paper, concealment means that the threat model cannot distinguish between normal transactions and transactions containing hidden information.
• Strong robustness: Robustness refers to the receiver’s ability to correctly recover covert information. In the process of covert information transmission, information errors or loss may occur due to network delay or human interference. Covert channels require strong robustness to accurately transmit covert information and resist interference.
• High channel capacity: Channel capacity refers to the number of covert information transmitted per unit time in covert channel. Covert channels require high channel capacity to meet the requirements of transmitting a large amount of covert information.

4. Proposed Scheme

In this section, we will show the pseudo-code and process descriptions of all algorithms used in proposed scheme.

In our proposed scheme, a complete covert communication process includes five steps, as shown in Figure 3. The sender and the receiver need to pre-negotiate, and then the sender needs to deploy the smart contract to the chain to facilitate the transmission of hidden information. The sender preprocesses the information and then embeds it into the blockchain transaction that invokes the smart contract. The receiver extracts the hidden information through the transaction log and verifies it. The detailed process will be shown in Section 4.2, Section 4.3, Section 4.4, Section 4.5 and Section 4.6 of this chapter.

4.1. Symbol

The symbols used in this work are shown in

Table 1. The Main Symbols.

Symbol	Description
S	covert information
s	covert information of digital type
si	the i-th sub-secret
bidi	the i-th bidding
t	the threshold of secret-sharing
n	the number of sub-secrets
e	the number of bits embedded
p	a large prime number
k	random variable seed
x	token ID
mi	the i-th covert information
${∆}_{\mathrm{i}}$	the i-th difference between the two bidding records

. The algorithms and processes also use the same symbols, unless otherwise explicitly mentioned.

4.2. Pre-Negotiate

Both communicating parties pre-agree on the information processing method and share necessary parameters: the large prime number p, the random variable seed k, and the address of the contract deployer. These parameters are transmitted through an off-chain communication channel [29]. Additionally, to facilitate effective filtering of covert transactions, the sender, when establishing the covert channel, should inform the receiver of the sender’s address for the first covert transaction. This address can subsequently be used to determine whether a given auction contains hidden information or not.

4.3. Contract Deployment

The receiver generates the smart bidding contract (such as ERC20 token) in batches according to the pre-negotiation results and then deploys the contract to the main network of Ethereum. After success, it will be stored in the receiver’s ‘contract pool’.

4.4. Information Preprocessing

The sender uses the secret-sharing [30] algorithm to process the secret information S. Secret-sharing allows the secret owner to share the secret S to n participants, so that any t secret shares are sufficient to reconstruct S, and any fewer than t − 1 secret shares cannot know any information of S. That is, the equality (1) is satisfied.

$$\mathrm{P}\mathrm{r}[\mathrm{R}\mathrm{e}\mathrm{c}\mathrm{o}\mathrm{n}\mathrm{s}\mathrm{t}\mathrm{r}\mathrm{u}\mathrm{c}\mathrm{t}({\mathrm{s}}_1,{\mathrm{s}}_2,\dots {\mathrm{s}}_{\mathrm{k}})]=\left\{\begin{array}{c}1, 1\le \mathrm{k}\le \mathrm{t}-1\\ 0, \mathrm{t}\le \mathrm{k}\le \mathrm{n} \end{array}\right.,$$

(1)

This technology can build a robust key management mechanism for the cryptosystem; even if a disaster destroys half of the information or only a part of the security is destroyed, it can still operate safely and reliably. Figure 4 shows the secret-sharing process.

In this paper, the secret-sharing module selects the most classic and widely used Shamir secret-sharing algorithm [31]. The Shamir (t, n) threshold scheme divides the secret into n parts and gives them to n participants, respectively, by constructing a t − 1 polynomial and taking the secret to be shared as a constant term of the polynomial, so that t participants can jointly recover the secret, but fewer than t participants cannot obtain any information from the shared secret.

As shown in Algorithm 1, the sender selects the covert information S to be shared, recovers the threshold t and the number of sub-secrets n, and randomly generates a large enough prime number p (p > s). The sender first converts the secret information S into a digital form s and then constructs a random k − 1 degree polynomial:

$$\mathrm{f}\left(\mathrm{x}\right)={\mathrm{a}}_0+{\mathrm{a}}_1\mathrm{x}+{\mathrm{a}}_2{\mathrm{x}}^2+\dots +{\mathrm{a}}_{\mathrm{t}-1}{\mathrm{x}}^{\mathrm{t}-1}\left(\mathrm{m}\mathrm{o}\mathrm{d}\mathrm{p}\right),$$

(2)

in which a₀ = s, a_i (1 ≤ i ≤ t − 1) is a random number less than p. The sub-secret s_i is generated by the following formula:

$${\mathrm{s}}_{\mathrm{i}}=({\mathrm{x}}_{\mathrm{i}},\mathrm{f}({\mathrm{x}}_{\mathrm{i}}\left)\right),$$

(3)

in which x_i is the token number of the auction.

Algorithm 1: Information preprocessing

input: covert information S, the number of sub-secrets n, threshold t, large prime number p, random variable seeds k, selected token ID xi output: sub-secrets [ ] s = string_to_int (S); init sub-secrets = [ ], i = 1; random.seed (k); while i < t do    ai = random(1,p − 1)    i++ end I = 1 while i < n + 1 do    sub-secrets [i] = s + ${\sum }_{\mathrm{j}=1}^{\mathrm{t}-1}{\mathrm{a}}_{\mathrm{j}}{\mathrm{x}}_{\mathrm{i}}^{\mathrm{j}}$    i++ end return sub-secrets [ ]

4.5. Information Embedding

Since the processed sub-secrets s_i are in numerical form, they can be directly utilized within the auction contract. However, embedding information directly into the auction amounts would inevitably disrupt the original distribution of these amounts, compromising the stealthiness of the model. To address this, we employ a replay modification of previous bidding records and then utilize the differences in bids to embed the information, striving to maintain the original distribution intact. Research indicates that the vast majority of Ethereum transaction amounts fall within the range of 0 to 1 ether. To reduce the cost of auction bids, we select decimal places 2 to 3 (i.e., the hundredths to thousandths place) as the carriers for information. Therefore, the maximum number of bits that can be embedded in a bidding is 6$\left(2^6<100<2^7\right)$.

The format of the share is $\left({\mathrm{x}}_{\mathrm{i}},\mathrm{s}\mathrm{u}\mathrm{b}-\mathrm{s}\mathrm{e}\mathrm{c}\mathrm{r}\mathrm{e}\mathrm{t}\left[\mathrm{i}\right]\right)$. The token ID of the auction is utilized to convey the number x_i. Next, the difference between the two bidding amounts is calculated, followed by taking the remainder of this difference divided by 2^e, in which e is the number of bits embedded. This remainder is then used in conjunction with the secret message m_i to compute Offset. Finally, this Offset is added to the initial bidding amount, yielding the final bidding amount for submission. The specific calculation process is shown in the following formula:

$$\left|{∆}_{\mathrm{i}}\right|=\left[{(\mathrm{b}\mathrm{i}\mathrm{d}}_{\mathrm{i}}^{\prime }-{\mathrm{b}\mathrm{i}\mathrm{d}}_{\mathrm{i}})\times 1000\right]\mathrm{m}\mathrm{o}\mathrm{d}{2}^{\mathrm{e}},$$

(4)

$${∆}_{\mathrm{i}}^{\prime }={\mathrm{m}}_{\mathrm{i}}-\left|{∆}_{\mathrm{i}}\right|,$$

(5)

$$\mathrm{O}\mathrm{f}\mathrm{f}\mathrm{s}\mathrm{e}\mathrm{t}=\left\{\begin{array}{c}{∆}_{\mathrm{i}}^{\prime } , -2^{\mathrm{e}-1}\le {∆}_{\mathrm{i}}^{\prime }\le 2^{\mathrm{e}-1}\hfill \\ {∆}_{\mathrm{i}}^{\prime }+2^{\mathrm{e}} , {∆}_{\mathrm{i}}^{\prime }<-2^{\mathrm{e}-1}\hfill \\ {∆}_{\mathrm{i}}^{\prime }-2^{\mathrm{e}} , \hspace{1em}{∆}_{\mathrm{i}}^{\prime } > 2^{\mathrm{e}-1}\hfill \end{array}\right.,$$

(6)

Taking e = 4 as an example, (2276bab2204) is the share to be transmitted; the corresponding process for embedding information is illustrated in Figure 5.

In this process, the sender can use multiple wallets to participate in the auction, reduce the number of repeated bids for an object at the same address, and effectively improve the concealment of information transmission. At the same time, the sender can participate in other auction contracts to further improve information redundancy.

4.6. Information Extraction and Validation

After determining the smart contract containing covert information, the receiver first restores the sub-secret s_i and its corresponding xi, then calculate s through Formula (7) and finally restore the hidden information S through Formula (8).

$$\mathrm{s}={\sum }_{\mathrm{i}=1}^{\mathrm{t}}({\mathrm{s}}_{\mathrm{i}}{\prod }_{1\le \mathrm{j}\le \mathrm{t},\mathrm{j}\ne \mathrm{i}}(-{\mathrm{x}}_{\mathrm{j}}){({\prod }_{1\le \mathrm{j}\le \mathrm{t},\mathrm{j}\ne \mathrm{i}}{(\mathrm{x}}_{\mathrm{j}}-{\mathrm{x}}_{\mathrm{i}}))}^{-1})\mathrm{m}\mathrm{o}\mathrm{d}(\mathrm{p}),$$

(7)

$$\mathrm{S}=\mathrm{I}\mathrm{n}\mathrm{t}\_\mathrm{t}\mathrm{o}\_\mathrm{s}\mathrm{t}\mathrm{r}\mathrm{i}\mathrm{n}\mathrm{g}\left(\mathrm{s}\right),$$

(8)

Finally calculates the hash value of S to verify the authenticity of the covert information.

5. System Implementation and Evaluation

In this section, the implementation details of the system will be elaborated on, along with pertinent performance evaluation.

5.1. Implementation

This paper opts to conduct experiments on the Sepolia testnet, which is currently one of the most widely-used Ethereum test networks and is recommended by the Ethereum core team. It is a vital component of the blockchain ecosystem, simulating the working environment of the main network. It enables application testing without impacting the blockchain, serving as a sandbox for testing blockchain applications. The successful execution of experiments on the testnet further validates the feasibility of our proposed scheme.

During experimentation, the sender transmits covert information by manipulating the bid amounts in the auction. Specifically, the contract deployer utilizes Remix to batch compile and deploy the smart bidding contracts onto the Sepolia testnet. The sender initiates by invoking a contract as a reference bidding contract for normal bidding, where the hash value of the information can be placed in the memo field. Subsequently, based on the sub-secret, the corresponding token’s smart bidding contract is selected, and bids embedded with secret information are transmitted sequentially. These transmissions can be parallelized according to the threshold value of the secret-sharing algorithm. The receiver, guided by the pre-agreed criteria, filters out the smart contracts containing covert information, extracts the secret information from the transaction logs of these contracts and then restores the original message. Lastly, the hash value of the restored message is compared with the received one to further authenticate the integrity of the transmitted information.

5.2. Tamper Resistance and System Security

The data in the blockchain are distributed across multiple nodes in the network rather than being centrally stored on a single server, making any attempt to tamper with the data require simultaneously changing data on at least 51% of the nodes in the network [32]. When there are only a few nodes in the network, attackers can easily compromise more than half of the blockchain nodes without expending significant resources, resulting in lower security for the blockchain. However, as the number of network nodes continues to increase, the security of the blockchain gradually improves. Currently, the scale of the blockchain is massive, with a large and continuously increasing number of nodes in the network, making it practically impossible to tamper with blockchain data in practice.

In addition, the data in blockchain are linked together in the form of blocks, with each block encrypted using a hashing algorithm and then stored in the next block. This structure ensures that if data in a block are tampered with, their hash value will change, disrupting the continuity of the entire chain, which can be immediately detected, thereby making blockchain data tamper-proof [33]. Therefore, once the special transaction created by the sender is deployed to the chain, its hidden information cannot be tampered with.

At the same time, Ethereum, the platform which the scheme is based on, divides the blockchain network into multiple fragments by implementing sharding technology. Each fragment can independently process transactions and smart contracts, thereby improving the throughput of the overall network, thereby alleviating the congestion control problem of the blockchain. Ethereum’s consensus algorithm shifts from proof of work (PoW) to proof of stake (PoS) and other more efficient algorithms. These algorithms can effectively defend against sybil attacks and collusion attacks.

5.3. Concealment

The scheme selects 1000 bidding records as normal records and uses a set of these normal bids as reference bidding records. Then, random numbers are generated according to the number of bits embedded e as the embedded content. Utilizing the above-described information embedding method, the normal records are modified, yielding altered bidding records. Subsequently, evaluation will be conducted to assess whether those datasets (the original and the modified ones) are statistically indistinguishable.

Cumulative distribution function (CDF), the Kolmogorov–Smirnov (K–S) test, Welch’s t-test and K–L divergence [34,35,36,37] are employed to evaluate the concealment of the proposed scheme.

CDF is an integral of the probability density function, which can completely describe the probability distribution of a real random variable. It is defined as follows:

$${\mathrm{F}}_{\mathrm{X}}\left(\mathrm{x}\right)=\mathrm{P}(\mathrm{X}\le \mathrm{x}),$$

(9)

where X is a random variable and x represents all real numbers. By comparing the similarity of the cumulative distribution function of the amount of the normal bidding record and revised bidding record, we can intuitively see whether they are indistinguishable. Figure 6 shows their CDF function curves.

The K–S test is based on the difference of the cumulative distribution function. Calculating the K–S index measures whether the observed data satisfy a theoretical distribution or the degree of deviation between the two sample distributions and makes a statistical inference accordingly. Welch’s t-test is a statistical hypothesis testing method used to compare the means of two independent samples, particularly when the variances of the two populations are unequal or unknown. It serves as an improvement over the classic independent samples t-test, which assumes that both samples come from normal distributions with equal variances. By relaxing the assumption of equal variances, Welch’s t-test provides a more robust analysis, reducing the risk of incorrect conclusions due to unequal variability in the groups being compared.

In general, we use the K–S test and Welch’s t-test p value to determine whether there is a difference in the distribution of the two samples. When the p value is greater than 0.05, it means that the two samples have the same distribution. The experimental results are shown in

Table 2. The p value of K–S test and Welch’s t-test.

Number of Bits Embedded	K–S Test p Value	Welch ‘s t-Test p Value
1	1.0	0.9674
2	1.0	0.9661
3	0.9999	0.9607
4	0.9999	0.9707
5	0.9999	0.9863
6	0.9999	0.9566

.

We also use K–L divergence to measure the bidding amount distribution before and after modification. It is a tool to measure the difference between two probability distributions. It is widely used in model evaluation, optimization and comparison in machine learning, especially in supervised learning, unsupervised learning and reinforcement learning. The smaller the value of K–L divergence is, the closer the two distributions are. The larger the value, the greater the difference between the two distributions. The K–L divergence results are shown in

Table 3. The K–L divergence of different values of e.

e	1	2	3	4	5	6
K–L divergence	1.04 × 10−6	3.89 × 10−6	1.71 × 10−5	6.06 × 10−5	2.62 × 10−4	1.07 × 10−3

.

The results in the table show that the proposed scheme has good concealment. However, during the experimental process, we observed that when the number of bits embedded was set to 5 or 6, there were instances where the size order of two adjacent bids within the same record would inversely change after modification, rendering the bids invalid for use. Consequently, in subsequent text, we opt for e = 4 to conduct the channel capacity test.

In addition, compared with the previous covert communication model using bidding contracts [38], the concealment of the scheme has been greatly improved, because in the previous scheme, the users directly embed secret information into the bidding amount, without considering the possible original distribution of the bidding amount.

5.4. Robustness

The robustness referred to in this paper denotes the capability to recover the original secret information even when some of the shares sent by the sender are lost or damaged. Previous blockchain-based covert channel schemes primarily relied on the tamper-resistant nature of blockchain technology to ensure robustness; however, this reliance is inherently limited. Encountering malicious miners who refuse to include specific transactions in blocks or manipulate transactions during the packaging process could jeopardize the accurate recovery of confidential information. In contrast, our proposed scheme not only harnesses the inherent immutability of blockchain but also integrates an efficient data preprocessing mechanism—the secret-sharing algorithm—thereby furnishing an additional layer of assurance for the system’s robustness. This ensures that information remains reliably recoverable even amidst such potential disruptions [39].

The secret-sharing scheme fragments a secret into n parts, mandating at least t parts for the reconstruction of the original secret. This design enables the system to withstand a certain degree of share loss or compromise. Even if n t shares are inaccessible, the secret can still be retrieved by combining the remaining t shares. This fault tolerance mechanism bolsters the system’s robustness, ensuring secure storage and retrieval of secrets. Specifically, this paper employs Shamir’s (t, n) threshold scheme, which theoretically guarantees accurate recovery of secret information as long as the loss rate is below (n − t)/n.

5.5. Channel Capacity

We use the transmission efficiency to describe the channel capacity [40]. Transmission efficiency refers to the amount of covert information transmitted per unit time in bit/s. Its definition is shown in (10).

$$\mathrm{C}\mathrm{a}\mathrm{p}=\frac{\mathrm{l}\mathrm{e}\mathrm{n}\left(\mathrm{m}\mathrm{e}\mathrm{s}\mathrm{s}\mathrm{a}\mathrm{g}\mathrm{e}\right)}{\mathrm{T}}$$

(10)

in which len(message) is the number of bits of covert information transmitted in unit time T, and T is the length of time.

Under Ethereum’s current consensus algorithm (proof of work), the target block time is approximately every 12 s for a new block to be generated, although the actual block time may fluctuate [41]. However, with the evolution and upgrades of Ethereum technology, its block generation speed may be further reduced.

Senders have to wait for the previous transaction to be uploaded onto the chain before conducting the next information embedding. Therefore, the same bidding contract can only embed information once within a single block time. However, by leveraging the secret-sharing scheme, it is possible to participate in t separate smart bidding contracts within one block time, thereby increasing the throughput of information embedding. Thus, the channel capacity of the proposed scheme in this paper is approximately 4t/12 ≈ 0.33t bit/s. The transaction fee for a single bidding is approximately 0.00005 ETH, which converts to approximately 0.194 USD, so the cost of scheme is 0.0485 USD/bit.

Table 4. Comparison of transmission efficiency.

Platform	Embedding Method	Transmission Efficiency (bit/s)	Cost (USD/bit)
Ethereum	Proposed	0.33t 1	0.0485
	Bidding amount [38]	0.5	0.0323
	Hash-based MBE [42]	0.047	0.0264
Bitcoin	LSB [19]	0.0017	1.9842
	Unspendable output [24]	0.27	0.0155
	DSA [24]	0.43	0.0248

¹ t :secret-sharing scheme’s threshold.

compares the capacity and cost of the scheme with other blockchain-based covert channels.

Based on security requirements, the threshold t in our scheme is set to be greater than 1. However, a higher t value implies that a larger number of participants must collaborate to recover the secret, enhancing security but also complicating the secret restoration process. When t = 2, our scheme’s channel capacity surpasses that of existing blockchain-based covert storage channels. Further, with t equal to 3, the capacity reaches up to 1 bit/s, which is what most of the current blockchain-based covert storage channel schemes cannot achieve.

6. Related Works

Partala [19] was the first to propose a blockchain-based covert channel (BLOCCE), demonstrating its security and feasibility. BLOCCE employs the least significant bit (LSB) of addresses to store a single bit of covert information. However, since each address can only transmit one bit of data, it takes a lot of computing costs to generate the address.

Fionov [24] directly encoded hidden information as transaction output or address, but the output generated in this way cannot be used, and the bitcoin in the transaction will not be able to enter the market circulation again, affecting the healthy development of bitcoin. Another scheme discussed in the article conceals information within auxiliary factors used in the construction of signature algorithms. Computing these cofactors entails solving the elliptic curve discrete logarithm problem, which is considered unfeasible. However, the recipient of the hidden information, in possession of the private key, can readily extract the cofactor from the signature through computation.

Zhang [38] developed voting contracts and bidding contracts, leveraging calls from different accounts to transmit secret information directly via contract parameters. The scheme also employs cryptographic algorithms and a dual-round protocol to ensure data privacy. It further tailors information embedding and transmission methodologies to suit various scenarios, thereby enhancing the adaptability and versatility of the covert communication system.

Liu [42] proposed a hash-based multiple-bit embedding (hash-based MBE) scheme that embeds secret data and obfuscation data within the VALUE field of Ethereum transactions. The length of the VALUE field is determined based on historical statistical data of typical Ethereum transactions. Given that the VALUE field contains both secret and obfuscation data, the latter serves to confuse potential attackers. Prior to establishing the covert channel, the sender and receiver agree upon a mixing hash root, which dictates the positions of meaningful bits within the VALUE field of each transaction. This approach leverages the complexity introduced by the combination of genuine transactional data and deliberately inserted noise to enhance the concealment of the covert communication.

7. Conclusions and Future Work

This paper presents a stealthy communication model with blockchain smart contract for bidding systems, addressing privacy leakage issues in blockchain by embedding secret information into transaction parameters. By utilizing the difference in bidding amounts within smart auction contracts as a mapping for secret information sequences and transmitting information via contract invocations, our approach prevents data privacy leaks that arise from public transparency. The distributed storage and chained structure of blockchain enhance the immutability of information. Incorporating secret-sharing algorithms improves the robustness and transmission efficiency of the scheme. Experimental results demonstrate that the distribution of modified bidding records is indistinguishable from that of normal records, highlighting the enhanced robustness and high channel capacity of the proposed model. Consequently, the proposed mechanism ensures secure transmission of secret information at an acceptable cost, confirming the feasibility of employing this mechanism for conveying confidential information. For example, in business transactions, some information (such as contract details, transaction terms, etc.) need to be confidential. After negotiation, both parties can use the model to transmit private data on the public blockchain, protect the business secrets of the enterprise, avoid the snooping of competitors or unrelated parties, and ensure that the information is permanently retained and cannot be tampered with.

Looking ahead, we intend to investigate consolidating multiple bids within the same smart contract, with the dual aim of enhancing the transmission efficiency of our solution and reducing the cost per bit. This approach would facilitate faster data transmission, mitigate the risk of data interception during transmission, and make the technology more affordable for a broader range of organizations and individuals. Consequently, it is anticipated to elevate the overall level of data privacy protection within blockchain ecosystems.