Enhancing Account Information Anonymity in Blockchain-Based IoT Access Control Using Zero-Knowledge Proofs

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This paper proposes a blockchain-based IoT access control system using zero-knowledge proof to address account anonymity and privacy preservation. It introduces a combined access control mechanism to verify access rights without disclosing account information. 

Suggestions:

1. For Figures 6,7,8, and 9, the system interface screenshots, and token information could be moved to the appendix section.
2. The description from line 497 to line 510 in the "hardware configuration" part would benefit from being presented in a tabular format.
3.  In the abstract, the statement regarding the superiority of the proposed scheme over others is too general. Please provide specific numerical metrics to quantitatively demonstrate the performance advantages. Concrete data will significantly strengthen the credibility and impact of the claims.
4.  The security proofs are insufficient. Please add a section for security proof when applying zero - knowledge proof schemes in the context of IoT and blockchain (for example, unforgeability of capabilities under your adversary model).

Author Response

Please see the attachment. Thank you so much for your kind comments and understanding.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The authors present a novel blockchain-based IoT access control system aimed at mitigating concerns regarding account privacy. This work makes a meaningful contribution to the field. The topic is both timely and highly relevant to the journal’s scope. Overall, the manuscript is well-organized and clearly structured. It is recommended for acceptance after minor revisions based on the following comments:

1. Contribution Section: The current contribution section is overly redundant. To help readers quickly grasp the key innovations and understand how this work improves upon or differs from related studies, please consider reorganizing and streamlining this section.
2. Section 3.3 – Identity Forgery: The explanation in Section 3.3 is vague and lacks depth. Please provide a more detailed analysis of the identity forgery attack scenario, including the specific requirements and steps involved in launching such an attack. Adding a concrete example or instance would also enhance clarity.
3. Figure 4 Quality: The quality of Figure 4 is relatively low, and some text is obscured. Please replace it with a higher-resolution version to ensure all content is clearly visible and legible.

Author Response

Please see the attachment. Thank you so much for your kind comments and understanding.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

Please read the attachment. Thank you.

Comments for author File: Comments.pdf

Author Response

Please see the attachment. Thank you so much for your kind comments and understanding.

Author Response File: Author Response.pdf

Reviewer 4 Report

Comments and Suggestions for Authors

Some additions are needed to improve this article:

• Rewrite the abstract for better clarity and coherence.

• Summarize the chapters using graphs to enhance readability.

• Elaborate on Section 4 (Proposed System Architecture) with more detailed explanations.

• Improve the clarity and interpretation of Figure 4.

• Provide a more comprehensive explanation of Pseudocode Algorithm 1.

• Expand the discussion of Figure 12 with additional explanation.

• Delete Section 9 (Patent), as it is not applicable.

Recommendation: Accept for inclusion, subject to the above revisions.

Author Response

Please see the attachment. Thank you so much for your kind comments and understanding.

Author Response File: Author Response.pdf

Reviewer 5 Report

Comments and Suggestions for Authors

In this paper, the authors propose a blockchain-based access control system designed for IoT environments. This paper is well written and provides a solid experimental section. There are some concerns that should be addressed:

 

1) There is no formal security verification of the proposed methodology. For example the paper [24] (Lin, X.; Zhang, Y.; Huang, C.; Xing, B.; Chen, L.; Hu, D.; Chen, Y. An Access Control System Based on Blockchain with Zero-Knowledge Rollups in High-Traffic IoT Environments. Sensors 2023, 23. https://doi.org/10.3390/s23073443) from the related work has such analysis using a dedicated formal security verification tool. To be convincing the work should have such analysis.

2) The organization of the paper (“[The remainder of this paper is structured as follows]…………[Finally, section VI concludes this paper]”) does not reflect the reality of the paper content. The authors have to update this paragraph (organization of the paper) according to the actual content.

3) In order to increase the readability the authors should place the figures as close as possible to the referencing point in the text. 

4) There are some typos that should be addressed:

• and tbe function ⇔ and the function
• additional information[17] ⇔ additional information [17],etc.

Author Response

Please see the attachment. Thank you so much for your kind comments and understanding.

Author Response File: Author Response.pdf

Round 2

Reviewer 3 Report

Comments and Suggestions for Authors

Dear Editor and Authors: 

Thank you for providing the point-to-point responses. 

All concerns have been addressed. 

Thank you for reading. 

 

Reviewer 5 Report

Comments and Suggestions for Authors

The authors responded to my comments, I don't have further concerns.