A BlockchainBased Continuous Micropayment Scheme Using Lockable Signature
Abstract
:1. Introduction
 (1)
 In the midst of continual transactions, Alice or Bob could engage in deceptive or default payments, causing loss to the counterpart.
 (2)
 An external adversary could compromise the intermediate link of the continuous transactions and acquire transaction messages, incurring losses for either Alice or Bob.
1.1. Our Main Contributions
1.2. Organization
2. Preliminaries
2.1. Digital Signature
 (1)
 Existential Unforgeability: Within a signature scheme, any adversary can forge a message’s signature. However, the probability of the adversary forging successfully cannot exceed the negligible probability obtained by inputting the security parameters, even if the adversary has seen the signatures of numerous selfselected messages.
 (2)
 Correctness: All secure signatures must be verifiable with a probability of unverifiability lower than the negligible probability obtained by the input security parameters. With an overwhelmingly high probability, all valid signatures must be verified.$$\underset{pk,sk,m}{\mathrm{Pr}}[{\mathrm{Verify}}_{\mathrm{pk}}(\mathrm{m},{\mathrm{Sign}}_{\mathrm{sk}(\mathrm{m})})=1]>1negl(\lambda )$$
2.2. Hash Function and Hash Chain
 (1)
 It can take as input a string of any length.
 (2)
 It can generate fixedlength output values.
 (3)
 Its computation time is reasonable.
 (1)
 Collision resistance: For a given set of functions $\mathit{h}\in H$, it should be computationally infeasible to find a pair of distinct strings x, y such that $h(x)=h(y)$. More formally,$$\mathrm{Pr}[\mathcal{A}({1}^{k})\to (x,y):x\ne y\wedge \mathit{h}(x)\ne \mathit{h}(y)]<\u03f5({1}^{k}),$$
 (2)
 Onewayness: The computation process of the function should be straightforward; given a value h and computing $\mathit{f}(x)=h$, if x cannot be found in the computation, the cryptographic hash function $\mathit{f}\in H$ is defined as a oneway function. More formally,$$\mathrm{Pr}[{\{0,1\}}^{k}\to h;\mathcal{A}({1}^{k},h)\to x:h=\mathit{f}(x)]<\u03f5({1}^{k})$$
2.3. Blockchain
2.4. Payment Channel
3. System Model
3.1. System Model
 (1)
 Bank (B): B acts as the transaction overseer and does not facilitate payment channels for users (clients and vendors) with low reputation scores. Once the transaction is initiated, the bank sends the total transaction amount and the signatures of the transaction messages (transaction amount, parts of both parties’ identification information, and send time) to the clients.
 (2)
 Clients (C): C is the initiator of the transaction. Only clients with a reputation score above 50 in their bank account can successfully start transactions. If a client engages in a fraudulent transaction during continuous micropayments, their bank account’s reputation score will be deducted according to the severity of the misconduct.
 (3)
 Vendors (V): V is the recipient of the transaction. Vendors with a credit score above 50 in their bank account can successfully accept transactions. If a vendor engages in fraudulent behavior during continuous micropayments, the bank account’s reputation score will be deducted based on the severity of the infraction.
 (4)
 Blockchain ($\mathbb{B}$): $\mathbb{B}$ is used to record transactions between the two parties. Only when the transaction is successfully completed will the initial and final transaction information be uploaded and recorded successfully.
3.2. Definitions of Lockable Signatures
3.3. Definitions of Micropayment Algorithms
3.4. Threat Model
 Both parties may not be trustworthy, possessing the potential to engage in malicious actions.
 We presume that user communication occurs synchronously.
 The foundational blockchain is secure and impervious to manipulation by malicious entities.
4. Our Construction
4.1. Framework Overview
4.2. Detailed LS
 $\mathrm{KeyGen}({1}^{\lambda})\to (pk,sk),(\widehat{pk},\widehat{sk})$:
 $\mathrm{Lock}(sk,m,\widehat{sk},\widehat{m})\to \ell \mathtt{k}$
 Select $\mathit{k}$ from the finite field ${\mathbb{Z}}_{q}$$${\mathbb{Z}}_{q}\to \mathit{k}$$
 Select the instance key $\mathit{k}$ from the finite field ${\mathbb{Z}}_{q}$$${\mathbb{Z}}_{q}\to \mathit{k}$$
 $\mathrm{Unlock}(pk,m,\widehat{pk},\widehat{m},\widehat{\sigma},\ell \mathtt{k})\to \sigma $:Output$$\sigma :=\ell \mathtt{k}\oplus H(\widehat{\sigma})$$
 $\mathbf{Vf}\mathbf{(}\mathit{p}\mathit{k}\mathbf{,}\mathit{m}\mathbf{,}\mathbf{Unlock}\mathbf{(}\mathit{p}\mathit{k}\mathbf{,}\mathit{m}\mathbf{,}\widehat{\mathit{p}\mathit{k}}\mathbf{,}\widehat{\mathit{m}},\widehat{\mathbf{\sigma}},\mathbf{\ell}\mathtt{k}\mathbf{)}\mathbf{)}=\mathbf{1}$:(1) $\mathrm{Verify}(pk,m,\sigma ),\{pk\in G,\sigma \in ({\mathbb{Z}}_{q},{\mathbb{Z}}_{q})\}$Parse $\sigma $ as $(\mathrm{sig},{r}_{x})$Compute$$({{r}_{x}}^{\prime},{{r}_{y}}^{\prime})={\mathcal{R}}^{\prime}:=\frac{H(m)\xb7G}{\mathrm{sig}}+\frac{pk\xb7{r}_{x}}{\mathrm{sig}}$$Output 1 if and only if$$({{r}_{x}}^{\prime}\phantom{\rule{3.33333pt}{0ex}}\mathrm{mod}\phantom{\rule{3.33333pt}{0ex}}q)=({r}_{x}\phantom{\rule{3.33333pt}{0ex}}\mathrm{mod}\phantom{\rule{3.33333pt}{0ex}}q)$$(2) $\mathbf{Vf}\mathbf{(}\mathit{p}\mathit{k}\mathbf{,}\mathit{m}\mathbf{,}\mathbf{Unlock}\mathbf{(}\mathit{p}\mathit{k}\mathbf{,}\mathit{m}\mathbf{,}\widehat{\mathit{p}\mathit{k}}\mathbf{,}\widehat{\mathit{m}},\widehat{\mathbf{\sigma}},\mathbf{\ell}\mathtt{k}\mathbf{)}\mathbf{)}$
Algorithm 1 The unlockability of lockable signature. 
Input: ${1}^{\lambda}$ Output: ${b}_{0}\wedge {b}_{1}$

 (1)
 Correctness: This ensures that lockable signature schemes can be successfully unlocked at the conclusion of a series of transactions.
 (2)
 Efficiency: Lockable signatures exhibit greater efficiency during transactions compared with traditional schemes that employ a trusted third party to oversee the entire transaction process.
 (3)
 Completeness: Lockable signature schemes can deter the interruption of the transaction process by external adversaries who might initiate a transactionintercept attack. (Adversary $\mathcal{A}$ obtains the transaction message (time or phase) in the middle of the micropayment transaction using a hash chain. Then $\mathcal{A}$ can trace back to the first transaction, and the account messages of transaction parties are exposed).
Algorithm 2 The invisibility of lockable signature. 
Input:
${1}^{\lambda}$ Output: ${b}_{0}\wedge {b}_{1}$

4.3. Detailed CMS
 $B\to C:\{F,T{x}_{p,0},{\mathbb{O}}_{C,V},{\sigma}_{0}\}$${\sigma}_{0}=\mathrm{Sign}({ts}_{0},{m}_{0},{\mathbb{O}}_{C},{\mathbb{O}}_{V})$
 $C\to V:\{{f}_{i},T{x}_{p,i},\ell {\mathtt{k}}_{i}\},\left\{i=1,\dots ,n1\right\}$${f}_{i}=H({f}_{i1})$${\sigma}_{i}=\mathrm{Sign}({ts}_{i},{m}_{i})$$\mathrm{Lock}(\ell {\mathtt{k}}_{i},{\sigma}_{i1})\to \ell {\mathtt{k}}_{i}:={\sigma}_{i1}\oplus H({\sigma}_{i})$
 $C\to V:\{{f}_{n},T{x}_{p,n},\ell {\mathtt{k}}_{n}\}$${f}_{n}=H({f}_{n1})$${\sigma}_{n}=\mathrm{Sign}({ts}_{n},{m}_{n})$$\mathrm{Lock}(\ell {\mathtt{k}}_{n})\to \ell {\mathtt{k}}_{n}:={\sigma}_{n})$
 $V:\mathrm{Vf}({\sigma}_{i},{m}_{i})=1$$\ell {\mathtt{k}}_{n}:={\sigma}_{n}$$\mathrm{Unlock}(\ell {\mathtt{k}}_{i1},{\sigma}_{i})\to {\sigma}_{i1}:=\ell {\mathtt{k}}_{i1}\oplus H({\sigma}_{i})$
 $(T{x}_{p,0},T{x}_{p,n})\to \mathbb{B}$
5. Security Analysis
6. Experiment
7. Related Work
8. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
 Zhang, Y.; Deng, R.H.; Liu, X.; Zheng, D. Blockchain based efficient and robust fair payment for outsourcing services in cloud computing. Inf. Sci. 2018, 462, 262–277. [Google Scholar] [CrossRef]
 Syed, T.A.; Alzahrani, A.; Jan, S.; Siddiqui, M.S.; Nadeem, A.; Alghamdi, T. A comparative analysis of blockchain architecture and its applications: Problems and recommendations. IEEE Access 2019, 7, 176838–176869. [Google Scholar] [CrossRef]
 Dai, H.N.; Zheng, Z.; Zhang, Y. Blockchain for Internet of Things: A survey. IEEE Internet Things J. 2019, 6, 8076–8094. [Google Scholar]
 Konstantinidis, I.; Siaminos, G.; Timplalexis, C.; Zervas, P.; Peristeras, V.; Decker, S. Blockchain for business applications: A systematic literature review. In Proceedings of the International Conference on Business Information Systems, Berlin, Germany, 18–20 July 2018; Springer: Cham, Switzerland, 2018; pp. 384–399. [Google Scholar]
 Pandey, A.A.; Fernandez, T.F.; Bansal, R.; Tyagi, A.K. Maintaining Scalability in Blockchain. In Proceedings of the International Conference on Intelligent Systems Design and Applications, Online, 12–14 December 2022; Springer: Cham, Switzerland, 2022; pp. 34–45. [Google Scholar]
 Li, D.; Liu, J.; Tang, Z.; Wu, Q.; Guan, Z. Agentchain: A decentralized crosschain exchange system. In Proceedings of the 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (Trustcom/BigdataSE), Rotorua, New Zealand, 5–8 August 2019; pp. 491–498. [Google Scholar]
 Ying, N.; Wu, T.W. xlumi: Payment channel protocol and offchain payment in blockchain contract systems. arXiv 2021, arXiv:2101.10621. [Google Scholar]
 Erdin, E.; Mercan, S.; Akkaya, K. An evaluation of cryptocurrency payment channel networks and their privacy implications. arXiv 2021, arXiv:2102.02659. [Google Scholar]
 Pass, R.; Shelat, A. Micropayments for decentralized currencies. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015; pp. 207–218. [Google Scholar]
 Avarikioti, Z.; Thyfronitis Litos, O.S.; Wattenhofer, R. Cerberus channels: Incentivizing watchtowers for bitcoin. In Proceedings of the International Conference on Financial Cryptography and Data Security, Kota Kinabalu, Malaysia, 10–14 February 2020; Springer: Cham, Switzerland, 2020; pp. 346–366. [Google Scholar]
 Takahashi, T.; Otsuka, A. Probabilistic micropayments with transferability. In Proceedings of the European Symposium on Research in Computer Security, Online, 4–8 October 2021; Springer: Cham, Switzerland, 2021; pp. 390–406. [Google Scholar]
 Poon, J.; Dryja, T. The Bitcoin Lightning Network: Scalable OffChain Instant Payments. 2016, pp. 1–59. Available online: http://lightning.network/lightningnetworkpaperDRAFT0.5.pdf (accessed on 27 July 2023).
 Decker, C.; Wattenhofer, R. A fast and scalable payment network with bitcoin duplex micropayment channels. In Proceedings of the Symposium on SelfStabilizing Systems, Edmonton, AB, Canada, 18–21 August 2015; Springer: Cham, Switzerland, 2015; pp. 3–18. [Google Scholar]
 Buldas, A.; Laanoja, R.; Truu, A. A blockchainassisted hashbased signature scheme. In Proceedings of the Nordic Conference on Secure IT Systems, Oslo, Norway, 28–30 November 2018; Springer: Cham, Switzerland, 2018; pp. 138–153. [Google Scholar]
 Zhang, J.; Ye, Y.; Wu, W.; Luo, X. Boros: Secure and Efficient OffBlockchain Transactions via Payment Channel Hub. IEEE Trans. Dependable Secur. Comput. 2021, 20, 407–421. [Google Scholar]
 Fazli, M.A.; Nehzati, S.M.; Salarkia, M.A. Building Stable Offchain Payment Networks. arXiv 2021, arXiv:2107.03367. [Google Scholar]
 McCorry, P.; Möser, M.; Shahandasti, S.F.; Hao, F. Towards bitcoin payment networks. In Proceedings of the Australasian Conference on Information Security and Privacy, Melbourne, VIC, Australia, 4–6 July 2016; Springer: Cham, Switzerland, 2016; pp. 57–76. [Google Scholar]
 Doerner, J.; Kondi, Y.; Lee, E.; Shelat, A. Secure twoparty threshold ECDSA from ECDSA assumptions. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 21–23 May 2018; pp. 980–997. [Google Scholar]
 Deepa, N.; Pham, Q.V.; Nguyen, D.C.; Bhattacharya, S.; Prabadevi, B.; Gadekallu, T.R.; Pathirana, P.N. A survey on blockchain for big data: Approaches, opportunities, and future directions. Future Gener. Comput. Syst. 2022, 131, 209–226. [Google Scholar]
 Boneh, D.; Lynn, B.; Shacham, H. Short signatures from the Weil pairing. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, 5–9 December 2001; Springer: Berlin/Heidelberg, Germany, 2001; pp. 514–532. [Google Scholar]
 Malavolta, G.; MorenoSanchez, P.; Schneidewind, C.; Kate, A.; Maffei, M. Anonymous MultiHop Locks for Blockchain Scalability and Interoperability. Cryptology ePrint Archive. 2018. Available online: https://eprint.iacr.org/2018/472.pdf (accessed on 27 July 2023).
 Thyagarajan, S.A.K.; Malavolta, G. Lockable signatures for blockchains: Scriptless scripts for all signatures. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 24–27 May 2021; pp. 37–954. [Google Scholar]
 Li, T.; Yang, A.; Weng, J.; Tong, Y.; Pei, Q. Concurrent and efficient IoT data trading based on probabilistic micropayments. Wirel. Netw. 2022, 29, 607–622. [Google Scholar] [CrossRef]
 Delmolino, K.; Arnett, M.; Kosba, A.; Miller, A.; Shi, E. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In Proceedings of the International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 22–26 February 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 79–94. [Google Scholar]
 Lipton, R.J.; Ostrovsky, R. Micropayments via efficient coinflipping. In Proceedings of the International Conference on Financial Cryptography, Anguilla, British West Indies, 23–25 February 1998; Springer: Berlin/Heidelberg, Germany, 1998; pp. 1–15. [Google Scholar]
 Micali, S.; Rivest, R.L. Micropayments revisited. In Proceedings of the Cryptographer Track at the RSA Conference, San Jose, CA, USA, 18–22 February 2002; Springer: Berlin/Heidelberg, Germany, 2002; pp. 149–163. [Google Scholar]
 Rivest, R.L.; Shamir, A. PayWord and MicroMint: Two simple micropayment schemes. In Proceedings of the International Workshop on Security Protocols, Cambridge, UK, 10–12 April 1996; Springer: Berlin/Heidelberg, Germany, 1996; pp. 69–87. [Google Scholar]
 Mu, Y.; Varadharajan, V.; Lin, Y.X. New micropayment schemes based on Pay Words. In Proceedings of the Australasian Conference on Information Security and Privacy, Brisbane, QLD, Australia, 28–30 November 1997; Springer: Berlin/Heidelberg, Germany, 1997; pp. 283–293. [Google Scholar]
 Nguyen, Q.S. Multidimensional hash chains and application to micropayment schemes. In Proceedings of the International Workshop on Coding and Cryptography, Bergen, Norway, 14–18 March 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 218–228. [Google Scholar]
 Wu, J.; Jiang, S. On Increasing Scalability and Liquidation of Lightning Networks for Blockchains. IEEE Trans. Netw. Sci. Eng. 2022, 9, 2589–2600. [Google Scholar]
 Nofer, M.; Gomber, P.; Hinz, O.; Schiereck, D. Blockchain. Bus. Inf. Syst. Eng. 2017, 59, 183–187. [Google Scholar]
 Burchert, C.; Decker, C.; Wattenhofer, R. Scalable funding of bitcoin micropayment channel networks. R. Soc. Open Sci. 2018, 5, 180089. [Google Scholar] [CrossRef] [PubMed] [Green Version]
 Boudriga, N. A resilient micropayment infrastructure: An approach based on blockchain technology. Kuwait J. Sci. 2022, 49. [Google Scholar] [CrossRef]
 Rezaeibagha, F.; Mu, Y. Efficient micropayment of cryptocurrency from blockchains. Comput. J. 2019, 62, 507–517. [Google Scholar] [CrossRef]
 Lei, H.; Huang, L.; Wang, L.; Chen, J. MPC: Multinode Payment Channel for Offchain Transactions. In Proceedings of the IEEE International Conference on Communications (ICC 2022), Seoul, Republic of Korea, 16–20 May 2022; pp. 4733–4738. [Google Scholar]
 Kao, Y.C.; Shen, K.Y.; Lee, S.T.; Shieh, J.C. Selecting the Fintech Strategy for Supply Chain Finance: A Hybrid Decision Approach for Banks. Mathematics 2022, 10, 2393. [Google Scholar]
 Liu, J.; Yan, L.; Wang, D. A hybrid blockchain model for trusted data of supply chain finance. Wirel. Pers. Commun. 2021, 127, 919–943. [Google Scholar] [CrossRef] [PubMed]
 Issa, W.; Moustafa, N.; Turnbull, B.; Sohrabi, N.; Tari, Z. Blockchainbased federated learning for securing internet of things: A comprehensive survey. ACM Comput. Surv. 2023, 55, 1–43. [Google Scholar]
Notations  Descriptions 

B  Bank 
C  Clients 
V  Vendors 
F  The total amount sent by a bank to clients 
${\mathbb{O}}_{\mathit{C}},\mathit{V}$  Partially identifiable information of clients and vendors 
${S}_{0}$  The bank’s signature on transaction information sent to clients 
$\lambda $  The security parameter 
$mpk$  The master public key 
$msk$  The master secret key 
$\mathbb{S}$  An attribute set 
${Tx}_{p,i}$  The ith transaction 
${ts}_{i}$  The time of the ith transaction 
${\sigma}_{i}$  The client’s signature on the ith transaction information 
$\ell {\mathtt{k}}_{i}$  The lock of the ith transaction 
Notations  Descriptions 

p  A prime 
${\mathbb{Z}}_{q}$  The finite field of integers modulo a prime p. 
$\mathit{G}$  A point on an elliptic curve 
q  The order of group $\mathbb{G}$ 
${\sigma}_{i}$  The client’s signature on the ith transaction information 
$H(\xb7)$  The hash function 
k  The instance key 
${r}_{x}$  The xcoordinate of the elliptic curve point 
${r}_{y}$  The ycoordinate of the elliptic curve point 
$\sigma $  The locked signature 
$\widehat{\sigma}$  The locking signature 
Phase  Resources  

Time  Communication  
Setup  $0.100$ s  311 kb 
Transaction  $0.140$ s  476 kb 
Release  $0.004$ s  0 
Scheme  Client Communication Costs  Vendor Communication Costs 

[23]  $sig+10f+s+10h+m$  $10f$ 
Our scheme  $sig+10f+s+9h$  $10f$ 
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. 
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Wang, W.; Chen, G.; Chu, C.; Lan, W. A BlockchainBased Continuous Micropayment Scheme Using Lockable Signature. Mathematics 2023, 11, 3472. https://doi.org/10.3390/math11163472
Wang W, Chen G, Chu C, Lan W. A BlockchainBased Continuous Micropayment Scheme Using Lockable Signature. Mathematics. 2023; 11(16):3472. https://doi.org/10.3390/math11163472
Chicago/Turabian StyleWang, Wennan, Guoxin Chen, Chiawei Chu, and Wusong Lan. 2023. "A BlockchainBased Continuous Micropayment Scheme Using Lockable Signature" Mathematics 11, no. 16: 3472. https://doi.org/10.3390/math11163472