A Hierarchical Blockchain System for Social Economy Services

Abstract

Social economy actors have assisted the recovery from crises by providing innovative solutions that are aimed at strengthening public services to complement government action. Currently, the widespread use of information and communication technologies (ICTs) by both citizens and organizations has changed society’s routine behavior, giving rise to the so-called information society. One of the major burdens of using big data for social problems is the lack of adequate data governance standards. Challenging and critical issues about big data include privacy and security for most of the social economy field of activities. Blockchain technology has attracted the attention of academic researchers and industries, which combines technologies like cryptography, end-to-end communication, and algorithms. Moreover, blockchain technology provides user anonymity to protect the privacy of users. We propose a hierarchical blockchain system for social economy services that can effectively protect the security and privacy of users and transmitted data. The proposed scheme was proven to ensure the legitimacy of all parties in the system and security of data and transactions, and blockchain technology and signcryption mechanisms were applied to achieve integrity, non-repudiation, and traceability. Security and performance analyses are also provided to prove that the proposed scheme achieved the above security concerns with efficiency.

1. Introduction

The social economy has been the focus of attention over the last decade as a sector in economic and social activity, and the influence of the social economy has increased since the COVID-19 crisis [1,2]. The main purpose of the social economy is to strengthen public services to complement government actions and help society recover from crises caused by natural disasters, population change, epidemics, reconstruction, etc. In other words, the social economy provides a chance to rework the post-crisis economy by promoting inclusive and sustainable economic models. The social economy has already been developed in many ways, such as with the labor force, food, supplies, and so on, and some sectors of the social economy have developed bank-like mechanisms to achieve transactions between service providers and receivers. Moreover, the social economy can also play an important role in achieving the sustainable development goals (SDGs) proposed by the United Nations.

Information and communication technologies (ICTs) have been developed rapidly and applied widely to transform the current society into an information society [3,4]. Emerging technologies, such as the Internet of Things (IoT), big data analysis and applications, artificial intelligence, and blockchain technology, are identified as being key technologies in the social economy in the next decades [5,6]. Digitalization using emerging technologies may accelerate improvements in accountability, transparency, and the impact of social economy organizations [6]. However, information in the social economy is non-financial information, which cannot be measured and evaluated easily, and this feature may become a burden for digitalization [6]. Other burdens of social economy digitalization include data privacy and security for data and transactions [6,7]. Transactions happen in the social economy system without a complete mechanism to record and store transaction data, and this situation makes verification and audit activities difficult.

Blockchain technology provides secure transactions using encryption and signature mechanisms that not only allow any user to upload transaction records, but blockchain to be verified through distributed nodes without a trusted third party. Several research institutes and industries have embraced blockchain technology to improve the security and efficiency of transactions, data transmission, and data storage. Moreover, blockchain technology with the IoT environment has been discussed and developed for years [8,9,10,11,12], and the related issues of security in blockchain technology have also been discussed [13]. Researchers have also utilized the features of blockchain technology to develop a system for digital forensics to achieve a chain of custody, which can ensure that evidence has been monitored while transferring without unauthorized access and modification [14,15].

Blockchain technology can transfer conventional paper-based processes which involve manual labor to digitalized and automatic processes while maintaining the features mentioned above. The transmitted information in blockchain networks, which is decentralized and trustless, can be certificated. However, the social economy has not adopted blockchain technology widely because of concerns about potential security problems.

We propose a hierarchical blockchain system for social economy services. The proposed scheme aims to apply blockchain technology to the social economy to strengthen the security and privacy of data and transactions in an efficient way. The proposed scheme also aims to achieve security properties, such as confidentiality, integrity, non-repudiation, and traceability with blockchain technology and the designed cryptographic mechanisms. The remaining organization of this paper is sketched below. The social economy, blockchain technology, signcryption, and short signature mechanism are introduced in Section 2. Section 3 introduces the proposed scheme, and the security analyses are detailed in Section 4. Finally, the conclusion is drawn in Section 5.

2. Related Works

2.1. Social Economy

The social economy is defined as the set of private, formal organizations with autonomy of decision and freedom of membership [16,17]. The social economy provides environments for members to meet market needs by providing goods or services, and members’ profits or surpluses are not directly linked to capital or fees contributed by each member [16,17]. The social economy is often defined by governments which have power in economic decisions, but governments seldom relate the social economy to environmental sustainability as a circular economy [18]. We take time banks and food banks as examples of the social economy.

Time banks, proposed by Cahn, are community-building and reciprocity-based work trading systems, and “time dollars” are tradable as a currency [19,20,21,22]. People can exchange goods and services with the concept of time dollars [1]. Cahn proposed five principles of the time bank system, which are “asset, redefining work, reciprocity, social networks, and respect [19,20,21,22]”. We, human beings, are assets which have the ability to contribute human force [18,19,20,21]. Works in the time bank contributed by assets are rewardable by creating a currency through helping each other [19,20,21,22]. Time banks utilize the original reciprocity in human society, i.e., “give and take”, to build relationships and trust with others and become a social network which can make lives meaningful [19,20,21,22]. Finally, members should respect other individuals [19,20,21,22].

Food banks were founded because of the rise in food insecurity, which means people were worrying, anxious, and uncertain about access to food or the quality and quantity of food [23,24]. Zero hunger is a global challenge to eliminate hunger and achieve food security by a charitable food system providing emergency food relief [25,26]. Food banks have played an important role in mitigating food insecurity across various countries through indirect services [25,26]. Food banks are responsible for sourcing, banking, and distributing surplus food [26]. Food banks collect or raise public donations of surplus or unsaleable food from growers, manufacturers, wholesalers, and retailers and provide food with lower or no charge [26,27].

In a typical system structure of a social economy, which is illustrated in Figure 1, the data preservation and transaction mechanisms in the social economy should be considered along with informatization including the security of transactions. Transactions through trusted third parties like conventional financial transactions may have risks, such as malicious insider attacks, data integrity, non-repudiation, etc. Since the necessity and importance of building mutual assistance within communities have increased, especially since COVID-19 breaking out, the issues mentioned above should be noticed [22]. Achieving goals of the social economy and SDGs have become difficult, and, fortunately, new models of creativity, knowledge, and sustainability based on emerging technologies have been developed quickly and widely, such as blockchain technology [18]. Blockchain technology provides opportunities to solve the problems above. Blockchain-based social economy systems have not been discussed widely. The proposed scheme is expected to be applied to social economies to enhance security properties with efficiency.

Figure 1. System structure of social economy. A social economy system could be a hierarchical structure including a server with multiple organizations at different physical locations. Users can be service providers (givers) and receivers (takers).

2.2. Blockchain Technology

The original purpose of blockchain technology was recording the transactions of Bitcoin to avoid unusual transactions [13,28]. Blockchain technology has attracted the attention of academic researchers and industries, which combines the technologies of cryptography, end-to-end communication, and algorithms. Blockchain technology is also called distributed ledger technology using hash functions to link with previous blocks, and all nodes in the network verify each block while copies of the blockchain are stored in nodes [9,11,29]. The mechanism described above achieves features like decentralization, freedom from third parties, and collective maintenance. Data are transmitted, stored, and verified by distributed nodes in the network, and all nodes can reach a consensus. Blockchain technology can upload transaction records as a block anytime, anywhere, and each block is linked using encryption, signatures, and hash function mechanisms. Each block stores a copy of the blockchain as data which can be verified and remain unchanged. Moreover, blockchain technology provides user anonymity to protect the privacy of users [12]. Industries, such as financial institutions, governments, medical care institutions, academic institutions, logistics, etc., have started to develop blockchain systems because of their wide applications, for example, in medical records management, data transmission in the IoT, the signing process of official documents, certificate issuing, financial transactions, and so on. Previous research utilizing blockchains with security mechanisms for different applications has been proposed. Wang et al. proposed a blockchain system based on physical unclonable functions in a wireless body sensor network environment, which achieved mutual authentication between sensors, gateways, and medical professionals with a lightweight-designed mechanism [30]. Wang et al. utilized blockchain technology to design an authentication scheme for unmanned aerial vehicles [31].

Transactions happen in social economy systems without a complete mechanism to record and store transaction data, and this situation makes verification and audit activities difficult. Blockchain technology provides opportunities to solve the problems above. The proposed scheme applying blockchain technology is expected to enhance security properties in an efficient way.

2.3. Blockchain Technology in the Social Economy

Since blockchain technology provides transferring and record-keeping in a secure way with a decentralized structure, government management may be the first sector besides finance to consider applying blockchain technology, such as in public health, taxation, voting, etc. [32,33,34]. Property registration and the real estate market are other potential sectors in which blockchains are expected to increase efficiency in these kinds of economy exchange activities [32]. Balbo et al. proposed a wallet application on smart phones for a local economy based on blockchain technology as a co-production of a public service application, and Viano et al. discussed and analyzed blockchain-based co-production processes based on a case study by Balbo et al. [33,35]. As mentioned in Viano et al.’s work, blockchain technology provides a digitalized and automatic process and certificated information in decentralized and trustless networks, and the features above are reasons for government and social economies to apply blockchain technology [33,34]. Although attractive features of blockchain technology have been mentioned for a decade, recent research in blockchain technology in the social economy has focused on the local level because of potential risks in security which become a burden for digitalized social economy development [33,34]. In this research, we designed a hierarchical blockchain system which is flexible and suitable for social economy services.

2.4. Signcryption

Signcryption is a combination of encryption and signature mechanisms which is more effective in both computation and communicational costs than in operating encryption and signature mechanisms separately [36]. Signcryption can complete encryption and signature mechanisms at the same time and generates ciphertext and signatures, and then the receiver obtains a decryption key using a private key and the signature of the receiver, and recovers and verifies the integrity of the decrypted plaintext. By doing so, signcryption can achieve confidentiality, non-repudiation, and authenticity. The proposed scheme applies signcryption for message transmission and verification.

2.5. Short Signature

Boneh et al. [37] proposed a short signature based on Weil pairing which could generate a half-length signature compared to those generated by the elliptic curve digital signature algorithm. Moreover, the short signature has the ability to achieve batch verification, which can verify multiple signatures at one time. The proposed scheme applies short signatures by Boneh et al. [37] for message transmission and verification in social economy services that have a network of multiple nodes.

3. Proposed Scheme

We will introduce the system structure and the whole process in this section.

3.1. System Structure

Six roles are included in the proposed scheme, which are users, organizations, applications (APPs), servers, private blockchains, and public blockchains. Users are service providers (givers) and service receivers (takers) in a social economy system, and organizations are responsible for running and maintaining the social economy system in specific field. The organizations could be nonprofit organizations, non-government organizations, or a dedicated unit in a government. Users and organizations utilize APPs to operate the social economy system. Although functions in APPs will differ according to the roles of the operators and the various services in a social economy, the proposed scheme focuses on security properties of communication, authentication, and message transmission. The server is responsible for key generation and data storage and management. Social economy systems can have private blockchain systems which only allow legitimate members to join as a node, and private blockchains can be traced and checked if conflicts happen. The proposed scheme also provides a public blockchain system for block verification using public nodes. Figure 2 illustrates the system structure of the proposed scheme.

Figure 2. The system structure of a proposed scheme. Users are service provider receivers. Organizations are responsible for running and maintaining the social economy system. Users and organizations utilize APPs to operate the social economy system. The server is responsible for key generation and data storage and management. The proposed systems have private and public blockchain systems.

The proposed scheme includes twelve phases. Parameters for the whole system are generated preliminarily. Users and organizations must register to servers to become legitimate parties through the registration phase. Users are given a public and private key through the key generation phase, and users and organizations authenticate each other in the mutual authentication phase. When users want to transmit messages to organizations, the client–organization signcryption phase is executed, and organizations need to execute the client–organization unsigncryption phase to recover the message. Similar situations happen between organizations and servers in the organization–server signcryption and organization–server unsigncryption phases. After that, the server generates private and public blocks and sends them to private and public blockchain systems. The private blockchain system only allows legitimate members to join as a node and can be verified by users if conflicts happen. The proposed scheme also provides a public blockchain system for block verification using public nodes. Figure 3 illustrates a high-level overview of the proposed scheme.

Figure 3. High-level overview of the proposed scheme.

The proposed scheme includes user $U_{i, j}$, organization $F_i$, public key generator (PKG), APP used by user $U_{i, j}$, server S, and the blockchain server. User $U_{i, j}$ can register to more than one organization, and each organization will generate an identity and the corresponding account information. Organization $F_i$ registers to the system to have functions, such as member management and received message verification. The PKG takes part in public and private key generation. User $U_{i, j}$ and organization $F_i$ register to the server to become legal roles, and then user $U_{i, j}$ and organization $F_i$ can log in to the system through the APP. The notations used in proposed scheme are listed in Table 1.

Table 1. Notations used in the proposed scheme.

Notations	Descriptions
(${\mathit{ID}}_{i, j}$, ${\mathit{PW}}_{i, j}$)	Identity and password of user $U_{i, j}$
(${\mathit{ID}}_i$, ${\mathit{PW}}_i$)	Identity and password of organization $F_i$
M	Message
${\sigma }_{i,j}$, ${\sigma }_i$, ${\sigma }_S$	Signatures of user $U_{i, j}$, organization $F_i$, and server S, respectively
${\mathit{IP}}_i$, ${\mathit{IP}}_{\mathit{Sys}}$	IP addresses of organization $F_i$ and server S, respectively
$H\left(\right), H_1\left(\right), H_2\left(\right), H_3\left(\right), H_4\left(\right)$	One-way hash functions
ECDSA()	Signature function using ECDSA
${\mathit{Verify}}_{\mathit{ECDSA}}\left(\right)$	Signature verification function using ECDSA
$\mathit{Enc}\left(\right)$/$\mathit{Dec}\left(\right)$	Asymmetric encryption/decryption function
l	Key length

3.2. Preliminary

The system generates public and private parameters in the preliminary phase through the steps below.

Step 1. The system randomly chooses a big prime q and elliptic curve function E.

$$E:y^2=x^3+\mathit{ax}+b \mathrm{mod} q$$

(1)

Step 2. The system generates addition groups ($G_1$, $G_2$) and multiplicative group $G_3$, and the bilinear maps e are as follows where ($G_1, G_2, G_3, e, P$) $\in G_1$.

$$e:G_1\times G_1\to G_T$$

(2)

Step 3. Let g be the generator of $G_1$.

Step 4. The system generates one-way hash functions ($H_1, H_2, H_3, H_4$) where $H_1{:\{0,1\}}^{*}\in G_2$, $H_2:G_1\times G_3\to {\{0,1\}}^l$, $H_3{:\{0,1\}}^m\times G_1\times G_2^2\times G_3\to Z_q$, and $H_4{:\{0,1\}}^m\times G_1\times G_2^2\times G_3\to G_2$.

Step 5. The system chooses a base point P which is bigger than n, a random number $x\in Z_q$, and a random number $s\in Z_q^{*}$ and computes y as follows.

$$y=g^x$$

(3)

Step 6. The system outputs the public parameters $(q,G_1,G_2,G_3, g,B,y,m,e,H,H_1,H_2,H_3,H_4)$ and secretes parameters $(x,s)$.

3.3. Registration Phase

User $U_{i,j}$ and organization $F_i$ input (${\mathit{ID}}_{i,j}$, ${\mathit{PW}}_{i,j}$) for registration through a secure channel. The steps in detail are described as below and illustrated in Figure 4.

Figure 4. Registration phase.

Step 1. User $U_{i,j}$ and organization $F_i$ input (${\mathit{ID}}_{i,j}$, ${\mathit{PW}}_{i,j}$) and send ${\mathit{ID}}_{i,j}$ to the APP.

Step 2. User $U_{i,j}$ and organization $F_i$ generate $b_{i,j}$ randomly.

Step 3. User $U_{i,j}$ and organization $F_i$ calculate ($X_{i,j}$, $R_{i,j}$, $A_{i,j}$) and send (${\mathit{ID}}_{i,j}$, $X_{i,j}$) to the system.

$$X_{i,j}=H\left({\mathit{PW}}_{i,j}\left|\right|b_{i,j}\right)$$

(4)

$$R_{i,j}=H\left({\mathit{ID}}_{i,j}\left|\right|s\right)$$

(5)

$$A_{i,j}=R_{i,j}⨁H\left({\mathit{ID}}_{i,j}\left|\right|X_{i,j}\right)$$

(6)

3.4. Key Generation Phase

User $U_{i,j}$’s public and private keys are generated in the key generation phase. The steps in detail are described as follows and are illustrated in Figure 5.

Figure 5. Key generation phase.

Step 1. User $U_{i,j}$ and organization $F_i$ input ${\mathit{ID}}_{i,j}$.

Step 2. The PKG calculates the public key as $Y_{i,j}$ and the private key $S_{i,j}$ and stores ($Y_{i,j}$, $S_{i,j}$) securely.

$$Y_{i,j}=H_1\left({\mathit{ID}}_{i,j}\right)\in G_2$$

(7)

$$S_{i,j}=Y_{i,j}^x\in G_2$$

(8)

3.5. Mutual Authentication Phase

After user $U_{i,j}$ and organization $F_i$ input (${\mathit{ID}}_{i,j}$, ${\mathit{PW}}_{i,j}$) and are authenticated, the session key will be generated. The steps in detail are described as follows and are illustrated in Figure 6.

Figure 6. Mutual authentication phase. The session key will be generated in this phase.

Step 1. User $U_{i,j}$ and organization $F_i$ input (${{\mathit{ID}}^{\prime }}_{i,j}$, ${{\mathit{PW}}^{\prime }}_{i,j}$) and send to the APP.

Step 2. The APP computes (${X^{\prime }}_{i,j}$, ${R^{\prime }}_{i,j}$) according to the equations below.

$${X^{\prime }}_{i,j}=H\left({{\mathit{PW}}^{\prime }}_{i,j}\left|\right|b_{i,j}\right)$$

(9)

$${R^{\prime }}_{i,j}=A_{i,j}⨁H\left({{\mathit{ID}}^{\prime }}_{i,j}\left|\right|{X^{\prime }}_{i,j}\right)$$

(10)

Step 3. The APP generates $k_{1_{i,j}}\in Z_q^{*}$ randomly, computes ($K_{1_{i,j}}$, $V_{1_{i,j}}$), and sends ($K_{1_{i,j}}$, $V_{1_{i,j}}$, ${{\mathit{ID}}^{\prime }}_{i,j}$) to server S.

$$K_{1_{i,j}}=k_{1_{i,j}}P$$

(11)

$$V_{1_{i,j}}=H\left({{\mathit{ID}}^{\prime }}_{i,j}\left|\right|K_{1_{i,j}}\left|\right|{R^{\prime }}_{i,j}\right)$$

(12)

Step 4. Server S computes ${V^{\prime }}_{1_{i,j}}$ and verifies with the received $V_{1_{i,j}}$. If it holds, the identity of user $U_{i,j}$ and organization $F_i$ are verified, or the mutual authentication phase will be terminated.

$${V^{\prime }}_{1_{i,j}}=H\left({{\mathit{ID}}^{\prime }}_{i,j}\left|\right|K_{1_{i,j}}\left|\right|H\right({{\mathit{ID}}^{\prime }}_{i,j}\left|\right|s\left)\right)$$

(13)

Step 5. Server S generates $k_{2_{i,j}}\in Z_q^{*}$ randomly, computes ($K_{2_{i,j}}$, K, $V_{2_{i,j}}$), and sends ($K_{2_{i,j}}$, $V_{2_{i,j}}$) to the APP.

$$K_{2_{i,j}}=k_{2_{i,j}}P$$

(14)

$$K=k_{2_{i,j}}{K}_{1_{i,j}}$$

(15)

$$V_{2_{i,j}}=H\left(K_{1_{i,j}}\left|\right|H\right({{\mathit{ID}}^{\prime }}_{i,j}\left|\right|s\left)\left|\right|K_{2_{i,j}}\left|\right|K\right)$$

(16)

Step 6. The APP computes (K, ${V^{\prime }}_{2_{i,j}}$) and verifies with the received $V_{2_{i,j}}$. If it holds, the identity of the system is verified or the mutual authentication phase will be terminated.

$$K=k_{1_{i,j}}{K}_{2_{i,j}}$$

(17)

$${V^{\prime }}_{2_{i,j}}=H\left(K_{1_{i,j}}\left|\right|{R^{\prime }}_{i,j}\left|\right|{K^{\prime }}_{2_{i,j}}\left|\right|K\right)$$

(18)

Step 7. The APP computes ($V_{3_{i,j}}$, SK) and sends $V_{3_{i,j}}$ to the system.

$$V_{3_{i,j}}=H\left({R^{\prime }}_{i,j}\left|\right|{V^{\prime }}_{2_{i,j}}\left|\right|K\right)$$

(19)

$$\mathit{SK}=H\left({{\mathit{ID}}^{\prime }}_{i,j}\left|\right|K\left|\right|K_{1_{i,j}}\left|\right|K_{2_{i,j}}\right)$$

(20)

Step 8. The server S computes ${V^{\prime }}_{3_{i,j}}$ and verifies with the received $V_{3_{i,j}}$. If it holds, K is verified, and the system computes SK, or the mutual authentication phase will be terminated.

$${V^{\prime }}_{3_{i,j}}=H\left(H\right({\mathit{ID}}_{i,j}\left|\right|s\left)\left|\right|V_{2_{i,j}}\left|\right|K\right)$$

(21)

Note that interactions between user $U_{i,j}$ and the server from Step 3 to 7 are to ensure the legitimate identity of each other and negotiate a common session key $\mathit{SK}$ using a key exchange technique, and Steps 7 to 8 are to confirm a session key $\mathit{SK}$.

3.6. Client–Organization Signcryption Phase

User $U_{i,j}$ signs and encrypts message M and generates and sends ${\sigma }_{i,j}$ to organization $F_i$ through the client–organization signcryption phase. The steps in detail are described as follows and are illustrated in Figure 7.

Figure 7. Client–organization signcryption phase.

Step 1. User $U_{i,j}$ sends (${\mathit{ID}}_{i,j}$, ${\mathit{ID}}_i$, M) to the APP.

Step 2. The APP generates $u_{i,j}$ and computes $r_{i,j}$.

$$r_{i,j}=g^{u_{i,j}}$$

(22)

Step 3. The APP uses ($y^{u_{i,j}}$, $r_{i,j}$) to compute ($v_{i,j}$, $k_{i,j}$) as follows.

$$v_{i,j}=e(y^{u_{i,j}},Y_i)\in G_3$$

(23)

$$k_{i,j}=H_2(r_{i,j},v_{i,j})\in {\{0,1\}}^l$$

(24)

Step 4. The APP encrypts ($M$, $k_{i,j}$) to ciphertext $c_{i,j}$ and computes ($h_{i,j}$, ${\rho }_{i,j}$).

$$c_{i,j}={\mathit{Enc}}_{Y_i}\left(k_{i,j}, M\right)$$

(25)

$$h_{i, j}=H_3(M, k_{i,j}, Y_{i,j},Y_i,v_{i,j})\in Z_q$$

(26)

$${\rho }_{i,j}=H_4(M, r_{i,j}, Y_{i,j},Y_i,v_{i,j})\in G_2$$

(27)

Step 5. The APP generates signature $s_{i, j}$ using ($S_{i, j}^{h_{i, j}}$, ${\rho }_{i, j}^{u_{i,j}}$), outputs ${\sigma }_{i,j}$, and sends ${\sigma }_{i,j}$ to organization $F_i$.

$$s_{i, j}=S_{i, j}^{h_{i, j}}{\rho }_{i, j}^{u_{i,j}}\in G_2$$

(28)

$${\sigma }_{i,j}=(r_{i,j},c_{i,j},s_{i, j},{\mathit{IP}}_{i,j},t_{i,j})$$

(29)

3.7. Client–Organization Unsigncryption Phase

After receiving ${\sigma }_{i,j}$, organization $F_i$ decrypts ${\sigma }_{i,j}$ through the client–organization unsigncryption phase. The steps in detail are described as follows and are illustrated in Figure 8.

Figure 8. Client–organization unsigncryption phase.

Step 1. Organization $F_i$ sends (${\mathit{ID}}_{i,j}$, ${\mathit{ID}}_i$, ${\sigma }_{i,j}$) to the APP.

Step 2. The APP computes ($v_{i,j}$, $k_{i,j}$) and recovers the ciphertext as follows.

$$v_{i,j}=e(r_{i,j},S_i)$$

(30)

$$M={\mathit{Dec}}_{S_i}\left(k_{i,j}, c_{i,j}\right)$$

(31)

Step 3. The APP computes ($h_{i,j}$, ${\rho }_{i,j}$) and verifies according to Equation (32). If it holds, the APP outputs M or False.

$$e(P,s_{i, j})?=e(y^{h_{i,j}},y_{i, j})e(r_{i,j},{\rho }_{i,j})$$

(32)

3.8. Organization–Server Signcryption Phase

After completing the previous phase, organization $F_i$ signs and encrypts M and sends ciphertext ${\sigma }_i$ to the server. The steps in detail are described as follows and are illustrated in Figure 9.

Figure 9. Organization–server signcryption phase.

Step 1. Organization $F_i$ sends (${\mathit{ID}}_i$, ${\mathit{ID}}_{\mathit{Sys}}$, M) to the APP.

Step 2. The APP generates $u_i$ and computes $r_i$.

$$r_i=g^{u_i}$$

(33)

Step 3. The APP uses ($y^{u_i}$, $r_i$) to compute ($v_i$, $k_i$) as follows.

$$v_i=e(y^{u_i},Y_{\mathit{Sys}})\in G_3$$

(34)

$$k_i=H_2(r_i,v_i)\in {\{0,1\}}^l$$

(35)

Step 4. The APP encrypts ($M$, $k_i$) to ciphertext $c_i$ and computes ($h_i$, ${\rho }_i$).

$$c_i={\mathit{Enc}}_{Y_{\mathit{Sys}}}\left(k_i, M\right)$$

(36)

$$h_i=H_3(M, k_i, Y_i,Y_{\mathit{Sys}},v_i)\in Z_q$$

(37)

$${\rho }_i=H_4(M, r_i, Y_i,Y_{\mathit{Sys}},v_i)\in G_2$$

(38)

Step 5. The APP generates signature $s_i$ using ($S_i^{h_i}$, ${\rho }_i^{u_i}$), outputs ${\sigma }_i$, and sends ${\sigma }_i$ to the server.

$$s_i=S_i^{h_i}{\rho }_i^{u_i}\in G_2$$

(39)

$${\sigma }_i=(r_i,c_i,s_i,{\mathit{IP}}_i,t_i)$$

(40)

3.9. Organization–Server Unsigncryption Phase

After receiving ${\sigma }_{i,j}$, the server decrypts ${\sigma }_{i,j}$ through the organization–server unsigncryption phase. The steps in detail are described as follows and are illustrated in Figure 10.

Figure 10. Organization–server unsigncryption phase.

Step 1. The server calculates ($v_i$, $k_i$) and recovers M.

$$v_i=e\left(r_i, S_{\mathit{Sys}}\right)$$

(41)

$$k_i=H_2(r_i,v_i)$$

(42)

$$M={\mathit{Dec}}_{S_{\mathit{Sys}}}(k_i,c_i)$$

(43)

Step 2. The server calculates ($h_i$, ${\rho }_i$) and verifies using ($h_i$, ${\rho }_i$). If the verification is successful, the server receives M, or the server outputs False.

$$h_{i,j}=H_3(M,r_{i,j},Y_{i,j},Y_i,v_{i,j})$$

(44)

$${\rho }_i=H_4(M,r_i,Y_i,Y_{\mathit{Sys}},v_i)$$

(45)

$$e(P,s_i)?=e\left(y^{h_i}, y_i\right)e(r_i,{\rho }_i)$$

(46)

Step 3. After successful verification, the server sends ${\sigma }_i$ to blockchain server, and the blockchain server stores ${\sigma }_i$.

3.10. Block Generation of Private Blockchain

The blockchain server generates a private block PriB using ${\sigma }_i$ and writes to a private blockchain. The steps in detail are described as follows and are illustrated in Figure 11.

Figure 11. Block generation of private blockchain.

Step 1. The blockchain server obtains $\mathit{PreviousHash}$ from the private blockchain and verifies ${\sigma }_{\mathit{Sys}}$.

Step 2. The blockchain server generates signature ${\sigma }_{\mathit{Sys}}$ using (${\sigma }_i$, ${\mathit{IP}}_S$, $t_{\mathit{Sys}}$) and defines the initial value of Nonce as 0.

$${\sigma }_{\mathit{Sys}}=\mathit{ECDSA}({\sigma }_i,{\mathit{IP}}_{\mathit{Sys}}, t_{\mathit{Sys}})$$

(47)

Step 3. The blockchain server S executes loop judgment while satisfying the difficulty level Difficulty. If the conditional judgment is satisfied, Nonce will be added as 1, and the loop judgment will be terminated.

$$H(\mathit{Nonce}\parallel \mathrm{PreviousHash}\parallel {\sigma }_{\mathit{Sys}}\parallel {\sigma }_i\parallel {{\sigma }_{i,j}}_1\parallel {{\sigma }_{i,j}}_2\parallel \mathit{Optional}\mathit{Fields})<\mathit{Difficulty}\mathit{do}$$

(48)

Step 4. The private block $\mathit{PriB}({\sigma }_S,{\sigma }_i, {{\sigma }_{i,j}}_1,{{\sigma }_{i,j}}_2, {s_{i,j}}_1,{s_{i,j}}_2, \mathit{Nonce}, \mathit{Difficulty},\mathit{Optional}\mathit{Fields})$ is generated and sent to the private blockchain system. After that, the block number ${\mathit{PriBlockNo}}_n$ is generated and sent to the private blockchain system.

3.11. Block Verification of Private Blockchain

User $U_{i,j}$ obtains and verifies (${\sigma }_i,$ $\mathit{PriB}$). If PriB is verified successfully, user $U_{i,j}$ outputs True or False. The steps in detail are described as follows.

Step 1. User $U_{i,j}$ obtains $\mathit{PriB}$ from the private blockchain server.

Step 2. User $U_{i,j}$ verifies if $\mathrm{H}(\mathrm{Nonce}\parallel \mathrm{PreviousHash}\parallel {\mathrm{\sigma }}_{\mathrm{Sys}}\parallel {\mathrm{\sigma }}_{\mathrm{i}}\parallel {\mathrm{\sigma }}_{\mathrm{i},\mathrm{j}}\parallel \mathrm{Optional} \mathrm{Fields}\parallel \mathrm{Other}\mathrm{Fields})$ satisfies Difficulty or not.

Step 3. User $U_{i,j}$ verifies (${\sigma }_i, {{\sigma }_{i,j}}_1,{{\sigma }_{i,j}}_2,{\sigma }_{\mathit{Sys}}$).

Step 4. User $U_{i,j}$ verifies signcryption message. If private block is correct, user $U_{i,j}$ outputs True or False.

$$\mathrm{me}(P,s_i)?=e\left(y^{h_i}, y_i\right)e(r_i,{\rho }_i)$$

(49)

3.12. Block Generation of Public Blockchain

During the block generation phase of the public chain, the blockchain server takes multiple private chain blocks ${\mathit{PriB}}_n$ and generates the public chain block $\mathit{PriB}$ which are then written into the public blockchain. The steps in detail are described as follows and are illustrated in Figure 12.

Figure 12. Block generation of public blockchain.

Step 1. The blockchain server obtains the private chain block ${\mathit{PriB}}_n$ corresponding to ${\mathit{PriBlockNo}}_n$.

Step 2. The blockchain server extracts $s_{i,j}$ from multiple private chain blocks ${\mathit{PriB}}_n$.

Step 3. The blockchain server calculates $\mathit{BSig}$, generates a public chain block $\mathit{PubB}$, and transmits $\mathit{PubB}$ to the public blockchain.

$$\mathit{BSig}={s_{i,j}}_1{s_{i,j}}_2\dots {s_{i,j}}_n$$

(50)

$$\mathit{PubB}=({\mathit{PriBlockNo}}_n,\mathit{BSig},\mathit{Optional} \mathit{Fields})$$

(51)

Step 4. The blockchain server writes $\mathit{PubB}$ into the public blockchain and generates the corresponding block number ${\mathit{PriBlockNo}}_n$.

Step 5. Return ${\mathit{PriBlockNo}}_n$ to blockchain server.

3.13. Block Verification of Public Blockchain

During the aggregation verification phase, user $U_{i,j}$ verifies the public chain block $\mathit{PubB}$ to confirm whether a corresponding private block exists, whether the private block signature is correct, and whether the aggregate signature is correct using public parameters. When multiple public chain blocks pass the verification, it outputs True, indicating that the aggregation verification is successful and valid; otherwise, it outputs False. The steps in detail are described below.

Step 1. User $U_{i,j}$ obtains ($s_n$, $\mathit{PubB}$) from the blockchain server.

Step 2. User $U_{i,j}$ verifies whether ${\mathit{PriBlockNo}}_n$ exists in a private chain and obtains the private block ${\mathit{PriB}}_n$.

Step 3. User $U_{i,j}$ verifies whether $\mathit{BSig}$ is consistent with the signature in the private block ${\mathit{PriB}}_n$.

Step 4. User $U_{i,j}$ uses the hash function with ($m,r_n,Y_n,Y_{\mathit{Sys}},v_n$) to generate $h_n$.

Step 5. User $U_{i,j}$ verifies the aggregate signature. If the public chain block $\mathit{PubB}$ is correct, user $U_{i,j}$ outputs True, otherwise, False.

$$e(P,s_i)?=e\left(y^{h_i}, y_i\right)e(r_i,{\rho }_i)$$

(52)

4. Security Analysis

This paper applies the random oracle model [38], BAN logic [39], and the automated validation of internet security protocols and applications (AVISPA) [40,41] for formal security proof. The process of the random oracle model proof can refer to other works using the random oracle model, including Li’s work [42] because of a similar process of proof. In addition, the process of BAN logic can refer to other works using BAN logic, including Parameswarath and Sikdar’s work [43] because of a similar process of proof that aims to prove that principles in schemes can believe established session keys. This paper will not describe the random oracle model [38] and the BAN logic [39] proof in detail. Informal security presents theoretical analyses that are present for the proof of fulfillment of the security requirements of the proposed scheme.

4.1. Formal Security Analysis Using AVISPA

The AVISPA tool was utilized for analyzing large-scale internet security-sensitive protocols and applications [40,41]. The AVISPA tool executes simulation protocols specified in the HLPSL language [41]. To validate cryptographic protocols, the AVISPA tool includes four back-ends: the observational finite model checker (OFMC), the constraint logic-based attack searcher (CLAtSe), the SAT-based model checker (SATMC), and the tree automaton-based security protocol analysis with automatic approximation (TA4SP). We utilized the AVISPA tool and security protocol animator (SPAN) to provide security proofs for the proposed scheme. The proposed protocol was verified using the OFMC and CLAtSe back-ends within the AVISPA tool. We have two organizations: user (client/member) U and server S. To validate the proposed scheme, we considered three secrecy goals and two authentication goals, as follows.

• secrecy_of g1: Bij is the private key of user (U).
• secrecy_of g2: PWij is the private key of user (U).
• secrecy_of g3: S’ is the private key of system (S).
• authentication_on k1ij: Server S performs identity authentication on user U based on the k1ij’ received from the message sent by user U.
• authentication_on k2ij: User U performs identity authentication on server S based on the k2ij’ received from the message sent by user U.

After executing the tool, as shown in Figure 13, the analysis results of the proposed protocol using OFMC and CL-AtSe back-ends confirm that specified confidentiality and identity authentication properties were satisfied for a finite number of sessions within the environmental organizations. Therefore, the proposed scheme can withstand both active and passive attacks. The results of the formal security analysis using AVISPA are shown in Figure 13.

Figure 13. Results of formal security analysis using AVISPA. The results show that the proposed scheme can withstand both active and passive attacks.

4.2. Mutual Authentication

During the login and authentication phases, both the user and system engage to mutually authenticate each other’s identity. The users send their information to the system, which then verifies the user’s identity and generates a session key K. The system then sends its information and session key K to the user. The user confirms the system’s identity and generates a session key SK based on the session key K, which is then sent back to the system. The system, based on the received session key K, verifies whether it was sent by itself. If so, it generates a corresponding session key SK. It is unlikely for an attacker to forge the user’s identity because any discrepancies in identity verification or session key validation would be detected. Intercepting the conversation is also improbable since it requires the possession of the session key SK.

4.3. Integrity

If an attacker attempts to tamper with transaction points, it would be impractical due to this research placing timestamp points on the blockchain. When an attacker tries to alter information on a block, they would need to change the tampered block and all preceding blocks to succeed. In terms of computational complexity, this is nearly impossible to achieve, and the cost would be prohibitively high. Therefore, blockchain ensures the integrity, authenticity, and security of data.

4.4. Non-Repudiation and Traceability

During the aggregation verification phase, user $U_{i,j}$ verifies the public chain block $PubB$ to confirm whether the corresponding private block exists, whether the private block signature is correct, and whether the aggregate signature is correct, using the public parameter PP. When multiple public chain blocks pass the verification, it outputs $\mathit{True}$, indicating that the aggregation verification is successful and valid; otherwise, it outputs $\mathit{False}$. Equation (53) proves the correctness of signature verification.

$$\begin{array}{c}e(P,s_{1,1})\hfill \\ =e(y^{h_{1,1}},y_{1,1})e(r_{1,1},{\rho }_{1,1})e(P,s_{1,1})\hfill \\ =e(P,S_{1,1}^{h_{1,1}}{\rho }_{1,1}^{u_{1,1}})=e(P,S_{1,1}^{h_{1,1}})e(P,{\rho }_{1,1}^{u_{1,1}})=e(P,{Y_{1,1}^x}^{h_{1,1}})\mathrm{e}(P,{\rho }_{1,1}^{u_{1,1}})\hfill \\ =e(P^{{\mathit{xh}}_{1,1}},Y_{1,1})e(P^{u_{1,1}},{\rho }_{1,1})=e(g^{{\mathit{xh}}_{1,1}},Y_{1,1})e(g^{u_{1,1}},{\rho }_{1,1})\hfill \\ =e(y^{h_{1,1}},Y_{1,1})e(r_{1,1},{\rho }_{1,1})\hfill \end{array}$$

(53)

4.5. User Privacy

The user’s identity ${\mathit{ID}}_{i,j}$ will not be transmitted in mutual authentication, client–organization signcryption, or client–organization unsigncryption phases. As a result, user privacy can be protected.

5. Performance Analysis

According to previous research [44], the time of performing a one-way hash function operation ($T_h$) is about 0.0052 milliseconds (ms), an ECC multiplication operation ($T_m$) is about 0.4276 ms, and an encryption operation ($T_{\mathit{ed}}$) is about 0.0215 ms. The time taken for computing XOR operations is ignored because the value is too low to influence the result. The results of the computational complexity and performance time of the proposed scheme are presented and shown in Table 2. In mutual authentication phase (MA), the user will take 0.8864 ms, the organization will take 0.8864 ms, and the server will take 0.876 ms. In the client–organization signcryption phase (CO_S), the user will take 0.9223 ms. In the client–organization unsigncryption phase (CO_U), the organization will take 2.1751 ms. In the organization–server signcryption phase (OS_S), the organization will take 0.9223 ms. In the organization–server unsigncryption phase (OS_U), the server will take 2.1751 ms. The whole execution time is about 10 ms at most. As a result, the proposed scheme proved that it is efficient enough to complete the whole scheme, although there are no requirements or standards about the recommendation of time to perform a cryptographic module. We also compare the mutual authentication phase of the proposed scheme with previous works in Table 3. Although the performance of the proposed scheme is not better than some previous works, such as Shuai et al.’s work [45], the proposed system scenario supposes that the user and organization are using smart phones, which have much more computing and storing resources compared to devices in previous works [45,46,47,48,49,50].

Table 2. Performance analysis of the proposed scheme. The results show the whole execution time is about 10 ms at most, which proves the proposed scheme is efficient enough to complete the whole scheme.

	Role	User	Organization	Server
Phase
MA		$2T_m+6T_h$ $\approx (0.8552+0.0312)$ ms $=0.8864$ ms	$2T_m+6T_h$ $\approx (0.8552+0.0312)$ ms $=0.8864$ ms	$2T_m+4T_h$ $\approx (0.8552+0.0208)$ ms $=0.876$ ms
CO_S		$2T_m+3T_h+1T_{\mathit{ed}}$ $\approx (0.8552+0.0156+0.0215)$ ms $=0.9223$ ms	N/A	N/A
CO_U		N/A	$5T_m+3T_h+1T_{\mathit{ed}}$ $\approx (2.138+0.0156+0.0215)$ ms $=2.1751$ ms	N/A
OS_S		N/A	$2T_m+3T_h+1T_{\mathit{ed}}$ $\approx (0.8552+0.0156+0.0215)$ ms $=0.9223$ ms	N/A
OS_U		N/A	N/A	$5T_m+3T_h+1T_{\mathit{ed}}$ $\approx (2.138+0.0156+0.0215)$ ms $=2.1751$ ms
Total		$4T_m+9T_h+1T_{\mathit{ed}}$ $\approx (1.7104+0.0468+0.0215)$ ms $=1.7787$ ms	$9T_m+12T_h+2T_{\mathit{ed}}$ $\approx (3.8484+0.0624+0.043)$ ms $=3.9538$ ms	$7T_m+7T_h+1T_{\mathit{ed}}$ $\approx (2.9932+0.0364+0.0215)$ ms $=3.0511$ ms

Table 3. Performance comparisons of mutual authentication phases.

Schemes	Total Cost	Rough Estimation (ms)
Zou et al. [46]	$6T_m+17T_h$	2.654
Shuai et al. [45]	$3T_m+16T_h$	1.366
Li et al. [47]	$6T_m+20T_h$	2.6696
Wang et al. [48]	$6T_m+25T_h$	2.6956
Li et al. [49]	$6T_m+19T_h$	2.672
Ours	$6T_m+ 16T_h$	2.6488

6. Discussions

The proposed scheme is a blockchain system in a hierarchical structure, which is an approach for social economy services. The security and performance analyses are also provided to prove that the proposed scheme achieved the security properties mentioned with efficiency, as it only needed 10 ms for execution. The proposed scheme not only incorporates the benefits of blockchain technology, such as digitalized and an automatic process, certificated information, decentralized networks, etc., but decreases risks of security by utilizing signcryption and short signature mechanisms to design the proposed scheme.

The limitations of the proposed scheme will be described below. Users have to use applications on mobile devices (APPs) to utilize the proposed system, which means skills and an environment of information technology will be necessary for users. Although the development of information technology has become widespread, we cannot ignore people who do not have such skills or environments. Moreover, APPs should be designed with user-friendly interfaces for which users can spend negligible efforts to learn [32]. For example, institutes or people in rural areas may not have a good wireless communication environment for transferring information, or people may be elderly, who have less motivation, willingness, or abilities to learn about and use APPs. One of the main purposes of the social economy is to help vulnerable groups, but the proposed system cannot maximize effectiveness if the proposed system is not easy to use.

The introduction of the proposed system to the social economy can be planned and evaluated, such as through empirical tests, in the future. Low- earth orbit (LEO) communication networks, like 5G or 6G, can be seen as extensions of wireless communication for rural areas. The development of 5G/6G with LEO communications may be necessary to improve the wireless communication environment. For users, an APP with a user-friendly design is necessary. If a social economy system is executed by an institution or government, the organization should have an adoption strategy including how to help people who are unable or refuse to use the APP, for example, sending caregivers or case managers of the original social economy system to help or act on behalf of them.

We are undergoing the implementation of a real-world social economy system including discussions with the social affairs bureaus of city governments, charity associations, religious groups, etc., which already have social-economy-related services. In the future, the evaluation of the implementation, such as a cost–benefit analysis, user acceptance test, user satisfaction survey, qualitative research with interview activities, etc., will be conducted.

7. Conclusions

The social economy has become more and more important in modern society, and the social economy provides a chance to enhance public services. Information and communication technology interventions provide the informatization of the social economy, which may improve the efficiency and range of applications. Data preservation and transaction mechanisms should be considered in informatized social economies because cybersecurity risks always exist. We designed and evaluated a hierarchical blockchain system for social economy services which applies blockchain technology. The proposed scheme not only incorporates the benefits of blockchain technology, such as a digitalized and automatic process, certificated information, decentralized networks, etc., but decreases risks of security by utilizing signcryption and short signature mechanisms to design the proposed scheme. The proposed scheme was proved to have the security properties to ensure the legitimacy of all parties in the system and security of data and transactions, and blockchain technology and signcryption mechanisms were applied to achieve confidentiality, integrity, non-repudiation, and traceability. The security and performance analysis are also provided to prove that the proposed scheme achieved the above security properties with efficiency. The proposed scheme can be introduced to non-profit organizations, such as social affairs bureaus of city governments, charity associations, religious groups, etc., which already have social-economy-related services, such as the food banks and time banks mentioned in previous sections. By doing so, the efficiency of the social economy can be improved with security mechanisms and a suitable adoption strategy, and the social economy can be expected to be active with digitalization and automation in the future.