Search Results (27)

With the rapid advancement in artificial intelligence, autonomous driving has emerged as a prominent research frontier. Autonomous vehicles rely on high-precision high-definition map data, necessitating timely map updates by map companies to accurately reflect road conditions. This paper proposes an efficient and fair map-data-sharing mechanism for vehicular networks. To encourage vehicles to share data, we introduce a reputation unit to resolve the cold-start issue for new vehicles, effectively distinguishing legitimate new vehicles from malicious attackers. Considering both the budget constraints of map companies and heterogeneous data collection capabilities of vehicles, we design a fair incentive mechanism based on the proposed reputation unit and a reverse auction algorithm, achieving an optimal balance between data quality and procurement costs. Furthermore, the scheme has been developed to facilitate mutual authentication between vehicles and Roadside Unit(RSU), thereby ensuring the security of shared data. In order to address the issue of redundant authentication in overlapping RSU coverage areas, we construct a Merkle hash tree structure using a set of anonymous certificates, enabling single-round identity verification to enhance authentication efficiency. A security analysis demonstrates the robustness of the scheme, while performance evaluations and the experimental results validate its effectiveness and practicality. Full article

The security of commonly used cryptographic systems like RSA and ECC might be threatened by the future development of quantum computing. Verkle-based HORST decreases the size of signatures by 75% (from 12.8 KB to 3.2 KB) and enables O(1)-sized proofs by replacing Merkle trees with Verkle trees. Because verification shifts from O(log t) to constant time, it is ideal for blockchain and IoT applications that require short signatures and fast validation. In order to increase efficiency, this study introduces Verkle-based HORST, a hash-based signature method that uses Verkle trees. Our primary contributions are the following: a formal security analysis proving maintained protection levels under standard assumptions; a thorough performance evaluation demonstrating significant improvements in signature size and verification complexity in comparison to conventional Merkle tree approaches; and a novel signature construction employing polynomial commitments to achieve compact proofs. The proposed approach has a lot of benefits for real-world implementation, especially when dealing with situations that call for a large number of signatures or settings with limited resources. We offer comprehensive implementation instructions and parameter choices to promote uptake while preserving hash-based cryptography’s quantum-resistant security features. Our findings suggest that this method is a good fit for post-quantum cryptography systems’ standardization. Full article

Blockchains are designed to produce a secure, append-only sequence of transactions. Establishing transaction sequentiality is typically achieved by underlying consensus protocols that either prevent forks entirely (no-forking-ever) or make forks short-lived. The main challenges facing blockchains are to achieve this no-forking condition while achieving high throughput, low response time, and low energy costs. This paper presents the Bounce blockchain protocol along with throughput and response time experiments. The core of the Bounce system is a set of satellites that partition time slots. The satellite for slot i signs a commit record that includes the hash of the commit record of slot $i-1$ as well as a sequence of zero or more Merkle tree roots whose corresponding Merkle trees each has thousands or millions of transactions. The ledger consists of the transactions in the sequence of the Merkle trees corresponding to the roots of the sequence of commit records. Thus, the satellites work as arbiters that decide the next block(s) for the blockchain. Satellites orbiting around the Earth are harder to tamper with and harder to isolate than terrestrial data centers, though our protocol could work with terrestrial data centers as well. Under reasonable assumptions—intermittently failing but non-Byzantine (i.e., non-traitorous) satellites, possibly Byzantine Ground Stations, and “exposure-averse” administrators—the Bounce System achieves high availability and a no-fork-ever blockchain. Our experiments show that the protocol achieves high transactional throughput (5.2 million transactions per two-second slot), low response time (less than three seconds for “premium” transactions and less than ten seconds for “economy” transactions), and minimal energy consumption (under 0.05 joules per transaction). Moreover, given five more cloud sites of the kinds currently available in CloudLab, Clemson, we show how the design could achieve throughputs of 15.2 million transactions per two second slot with the same response time profile. Full article

Nowadays, quantum computing is developing at an unprecedented speed. This will pose a serious threat to the security of widely used public-key cryptosystems in the near future. Scientists are actively looking for ways to protect against quantum attacks; however, existing solutions still face different limitations in terms of efficiency and practicality. This paper explores hash-based digital signature schemes, post-quantum vector commitments and Verkle tree-based approaches for protecting against quantum attacks. The paper proposes an improved approach to generating digital signatures based on Verkle trees using lattice based vector commitments. In order to further reduce the memory space, the paper offers the methodology of integrating a post-quantum secure pseudo-random number generator into the scheme. Finally, the paper proposes an efficient post-quantum digital signature scheme based on Verkle trees, which minimizes memory requirements and reduces the signature size. Our proposed framework has strong resistance to quantum attacks, as well as high speed and efficiency. This study is an important contribution to the elaboration of post-quantum cryptosystems, which lays the foundation for developing secure and practical digital signature systems in the face of emerging quantum threats. Full article

The expansion of cloud-based storage has intensified concerns about integrity, security, and fair compensation for third-party auditors. Existing authentication methods often compromise privacy with high computational costs, punctuating the need for an efficient and transparent verification system. This study proposes a privacy-preserving authentication framework that combines blockchain-driven smart contracts with an optimized ranked-based Merkle hash tree (RBMHT). Experimental results demonstrated that our approach lowers computational costs by 24.02% and reduces communication overhead by 86.22% compared to existing solutions. By minimizing redundant operations and limiting auditor–cloud interactions, the systems improve reliability and scalability. This makes it well-suited for applications where privacy and trust are critical. Beyond performance gains, the scheme constitutes self-executing smart contracts, preventing dishonest collusions. By bridging security, dependability, and fairness, our findings set a new standard for reliable cloud attestation for a more secure and transparent auditing system. Full article

Cryptographic accumulators are now fundamental for secure applications across blockchain, IoT, and big data, powering anonymous credentials, streamlining key management, and enabling efficient data filtering. However, existing accumulator methods, like RSA, bilinear pairing, and Merkle trees, are hampered by storage bloat, computational burdens, and reliance on trusted administrators. To solve these problems, we introduce a hash-chain-based ordered universal accumulator that eliminates these drawbacks. Our scheme uses collision-resistant hash functions to dynamically manage sets while providing strong, verifiable membership and non-membership proofs, all without a trusted administrator. The benefits include self-certification, batch verification, and consistent representation of accumulated sets. Testing shows our scheme cuts storage by roughly 50% compared to Merkle trees and significantly speeds up computation over RSA-based approaches. This lightweight and scalable solution is ideal for constrained environments like IoT and blockchain, unlocking wider decentralized application adoption. Full article

This research paper explores the CONIKS key management system’s security and efficiency, a system designed to ensure transparency and privacy in cryptographic operations. We conducted a comprehensive analysis of the underlying mathematical principles, focusing on cryptographic hash functions and digital signature schemes, and their implementation in the CONIKS model. Through the use of Merkle trees, we verified the integrity of the system, while zero-knowledge proofs were utilized to ensure the confidentiality of key bindings. We conducted experimental evaluations to measure the performance of cryptographic operations like key generation, signing, and verification with varying key sizes and compared the results against theoretical expectations. Our findings demonstrate that the system performs as predicted by cryptographic theory, with only minor deviations in computational time complexities. The analysis also reveals significant trade-offs between security and efficiency, particularly when larger key sizes are used. These results confirm that the CONIKS system offers a robust framework for secure and efficient key management, highlighting its potential for real-world applications in secure communication systems. Full article

Addressing the critical challenge of ensuring data integrity in decentralized systems, this paper delves into the underexplored area of data falsification probabilities within Merkle Trees, which are pivotal in blockchain and Internet of Things (IoT) technologies. Despite their widespread use, a comprehensive understanding of the probabilistic aspects of data security in these structures remains a gap in current research. Our study aims to bridge this gap by developing a theoretical framework to calculate the probability of data falsification, taking into account various scenarios based on the length of the Merkle path and hash length. The research progresses from the derivation of an exact formula for falsification probability to an approximation suitable for cases with significantly large hash lengths. Empirical experiments validate the theoretical models, exploring simulations with diverse hash lengths and Merkle path lengths. The findings reveal a decrease in falsification probability with increasing hash length and an inverse relationship with longer Merkle paths. A numerical analysis quantifies the discrepancy between exact and approximate probabilities, underscoring the conditions for the effective application of the approximation. This work offers crucial insights into optimizing Merkle Tree structures for bolstering security in blockchain and IoT systems, achieving a balance between computational efficiency and data integrity. Full article

Ensuring accountability and integrity in MQTT communications is important for enabling several IoT applications. This paper presents a novel approach that combines blockchain technology and the interplanetary file system (IPFS) to achieve non-repudiation and data integrity in the MQTT protocol. Our solution operates in discrete temporal rounds, during which the broker constructs a Merkle hash tree (MHT) from the messages received. Then the broker publishes the root on the blockchain and the MHT itself on IPFS. This mechanism guarantees that both publishers and subscribers can verify the integrity of the message exchanged. Furthermore, the interactions with the blockchain made by the publishers and the broker ensure they cannot deny having sent the exchanged messages. We provide a detailed security analysis, showing that under standard assumptions, the proposed solution achieves both data integrity and accountability. Additionally, we provided an experimental campaign to study the scalability and the throughput of the system. Our results show that our solution scales well with the number of clients. Furthermore, from our results, it emerges that the throughput reduction depends on the integrity check operations. However, since the frequency of these checks can be freely chosen, we can set it so that the throughput reduction is negligible. Finally, we provided a detailed analysis of the costs of our solution showing that, overall, the execution costs are relatively low, especially given the critical security and accountability benefits it guarantees. Furthermore, our analysis shows that the higher the number of subscribers in the system, the lower the costs per client in our solution. Again, this confirms that our solution does not present any scalability issues. Full article

Denial of Service (DoS) attacks remain a persistent threat to online systems, necessitating continual innovation in defense mechanisms. In this work, we present an improved algorithm for mitigating DoS attacks through the augmentation of client puzzle protocols. Building upon the foundation of hashcash trees, a recently proposed data structure combining hashcash and Merkle trees, we introduce a new version of the data structure that enhances resistance against parallel computation (a common tactic employed by attackers). By incorporating the labels of children and the next node in a breadth-first traversal into the hash function, we establish a sequential processing order that inhibits parallel node evaluation. The added dependency on the next node significantly elevates the complexity of constructing hashcash trees, introducing a linear number of synchronization points and fortifying resilience against potential attacks. Empirical evaluation demonstrates the efficacy of our approach, showcasing its ability to accurately control puzzle difficulty while bolstering system security against DoS threats. Full article

Zero-knowledge proofs have emerged as a powerful tool for enhancing privacy and security in blockchain applications. However, the efficiency and scalability of proof systems remain a significant challenge, particularly in the context of Merkle tree inclusion proofs. Traditional proof aggregation techniques based on AND logic suffer from a high verification complexity and data communication overhead, limiting their practicality for large-scale applications. In this paper, we propose a novel proof aggregation approach based on OR logic, which enables the generation of compact and universally verifiable proofs for Merkle tree inclusion. By adapting and extending the concept of OR composition from Sigma protocols, we achieve a proof size that is independent of the number of leaves in the tree, and verification can be performed using any single valid leaf hash. This represents a significant improvement over AND aggregation, which requires the verifier to process all leaf hashes. We formally define the OR aggregation logic; describe the process of generating universal proofs; and provide a comparative analysis that demonstrates the advantages of our approach in terms of proof size, verification data, and universality. Furthermore, we discuss the potential of combining OR and AND aggregation logics to create complex acceptance functions, enabling the development of expressive and efficient proof systems for various blockchain applications. The proposed techniques have the potential to significantly enhance the scalability, efficiency, and flexibility of zero-knowledge proof systems, paving the way for more practical and adaptive solutions in large-scale blockchain ecosystems. Full article

Research on quantum computers has advanced significantly in recent years. If humanity ever creates an effective quantum computer, many of the present public key cryptosystems can be compromised. These cryptosystems are currently found in many commercial products. We have devised solutions that seem to protect us from quantum attacks, but they are unsafe and inefficient for use in everyday life. In the paper, hash-based digital signature techniques are analyzed. A Merkle-tree-based digital signature is assessed. Using a Verkle tree and vector commitments, the paper explores novel ideas. The authors of this article present a unique technology for developing a post-quantum digital signature system using state-of-the-art Verkle tree technology. A Verkle tree, vector commitments, and vector commitments based on lattices for post-quantum features are used for this purpose. The concepts of post-quantum signature design utilizing a Verkle tree are also provided in the paper. Full article

Client puzzle protocols are widely adopted mechanisms for defending against resource exhaustion denial-of-service (DoS) attacks. Among the simplest puzzles used by such protocols, there are cryptographic challenges requiring the finding of hash values with some required properties. However, by the way hash functions are designed, predicting the difficulty of finding hash values with non-trivial properties is impossible. This is the main limitation of simple proof-of-work (PoW) algorithms, such as hashcash. We propose a new data structure combining hashcash and Merkle trees, also known as hash trees. In the proposed data structure, called hashcash tree, all hash values are required to start with a given number of zeros (as for hashcash), and hash values of internal nodes are obtained by hashing the hash values of child nodes (as for hash trees). The client is forced to compute all hash values, but only those in the path from a leaf to the root are required by the server to verify the proof of work. The proposed client puzzle is implemented and evaluated empirically to show that the difficulty of puzzles can be accurately controlled. Full article

With developments in OpenRAN and software-defined radio (SDR), the mobile networking implementations for radio and security control are becoming increasingly software-based. We design and build a lightweight and distributed software assurance scheme, which ensures that a wireless user holds the correct software (version/code) for their wireless networking implementations. Our scheme is distributed (to support the distributed and ad hoc networking that does not utilize the networking-backend infrastructure), lightweight (to support the resource-constrained device operations), modular (to support compatibility with the existing mobile networking protocols), and supports broadcasting (as mobile and wireless networking has broadcasting applications). Our scheme is distinct from the remote code attestation in trusted computing, which requires hardwarebased security and real-time challenge-and-response communications with a centralized trusted server, thus making its deployment prohibitive in the distributed and broadcasting-based mobile networking environments. We design our scheme to be prover-specific and incorporate the Merkle tree for the verification efficiency to make it appropriate for a wireless-broadcasting medium with multiple receivers. In addition to the theoretical design and analysis, we implement our scheme to assure srsRAN (a popular open-source software for cellular technology, including 4G and 5G) and provide a concrete implementation and application instance to highlight our scheme’s modularity, backward compatibility to the existing 4G/5G standardized protocol, and broadcasting support. Our scheme implementation incorporates delivering the proof in the srsRAN-implemented 4G/5G cellular handshake and connection establishment in radio resource control (RRC). We conduct experiments using SDR and various processors to demonstrate the lightweight design and its appropriateness for wireless networking applications. Our results show that the number of hash computations for the proof verification grows logarithmically with the number of software code files being assured and that the verification takes three orders of magnitude less time than the proof generation, while the proof generation overhead itself is negligible compared to the software update period. Full article

Machine learning has become increasingly popular in academic and industrial communities and has been widely implemented in various online applications due to its powerful ability to analyze and use data. Among all the machine learning models, decision tree models stand out due to their great interpretability and simplicity, and have been implemented in cloud computing services for various purposes. Despite its great success, the integrity issue of online decision tree prediction is a growing concern. The correctness and consistency of decision tree predictions in cloud computing systems need more security guarantees since verifying the correctness of the model prediction remains challenging. Meanwhile, blockchain has a promising prospect in two-party machine learning services as the immutable and traceable characteristics satisfy the verifiable settings in machine learning services. In this paper, we initiate the study of decision tree prediction services on blockchain systems and propose VDT, a Verifiable Decision Tree prediction scheme for decision tree prediction. Specifically, by leveraging the Merkle tree and hash function, the scheme allows the service provider to generate a verification proof to convince the client that the output of the decision tree prediction is correctly computed on a particular data sample. It is further extended to an update method for a verifiable decision tree to modify the decision tree model efficiently. We prove the security of the proposed VDT schemes and evaluate their performance using real datasets. Experimental evaluations show that our scheme requires less than one second to produce verifiable proof. Full article