最新区块链论文速读--CCF C会议 TrustCom 2023 共30篇附pdf下载（2/6）-EW帮帮网

Conference：22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

CCF level：CCF C

Categories：Network and Information Security

Year：2023

Num：30

Conference time：1-3 November 2023

第1~5篇区块链文章请点击此处查看

Title:

ChainPass: A Privacy-preserving Complete Cross-chain Authentication for Consortium Blockchains

ChainPass：一种保护隐私的联盟链完全跨链认证方案

Authors:

Key words:

cross-chain, paillier crytosystem, unlinkability, complete compatibility, consortium blockchain

跨链、paillier 密码系统、不可链接性、完全兼容、联盟链

Abstract:

Consortium blockchains have been widely used in many industries such as medical care, finance, and so on. The business data on different blockchains are isolated from each other. In order to share the value data, it is necessary to achieve cross-chain access. Existing cross-chain technologies are mainly aimed at public blockchains, while consortium blockchain users hold identity credentials to participate in transactions, which has higher security requirements. In addition, most of the existing consortium blockchains use pluggable cryptography components. If all consortium blockchains participating in the cross-chain are required to be configured with the same cryptosystem, the cost will be too high. To solve the above privacy protection and compatibility issues, we propose a privacy-preserving complete cross-chain authentication scheme and name it ChainPass. Chain-Pass introduces paillier homomorphic encryption and pseudonym technologies, allowing users to use the original cryptosystem to generate public and private keys and participate in cross-chain transactions. At the same time, the user’s pseudonym is updated according to the user’s public key. ChainPass protects users’ privacy while ensuring complete compatibility. Security analysis and performance evaluation prove that ChainPass has better security and higher efficiency.

联盟链在医疗、金融等多个行业得到广泛应用，不同区块链上的业务数据相互隔离，为了共享价值数据，需要实现跨链访问。现有的跨链技术主要针对公链，而联盟链用户持有身份凭证参与交易，对安全性要求较高。另外，现有的联盟链大多采用可插拔的密码组件，如果要求所有参与跨链的联盟链都配置相同的密码系统，成本过高。针对上述隐私保护和兼容性问题，我们提出了一种隐私保护的完全跨链认证方案，并命名为ChainPass。ChainPass引入了paillier同态加密和假名技术，允许用户使用原有的密码系统生成公私钥并参与跨链交易，同时根据用户的公钥更新用户的假名，在保证完全兼容性的同时保护了用户的隐私。安全分析与性能评估证明ChainPass具有更好的安全性和更高的效率。

Pdf link:

https://ieeexplore.ieee.org/document/10538918

Title:

VMR-Tree: Efficient and Verifiable Location-based kNN Queries on Blockchain

VMR-Tree：区块链上高效且可验证的基于位置的 kNN 查询

Authors:

Key words:

Blockchain, kNN Query, Query Authentication

区块链，kNN 查询，查询认证

Abstract:

In recent years, blockchain technology has received extensive attention and applied in various fields including health-care, IoT and database systems. Utilizing the decentralization and anti-tampering properties, the blockchain provides potential solutions to achieve verification of data queries, without the assumption of the trusted third parties in traditional data verification studies. However, for kNN queries, a common query type in practical location-based scenarios, few existing solutions can directly support the location-based kNN query processing and result authentication based on blockchain. To address this problem, in this paper, we propose a blockchain-based verifiable kNN query processing method. In this method, we first design a novel authenticated data structure called VMR-Tree, which stores the data objects and their neighboring objects in leaf nodes and stores the hash values used for data verification in non-leaf nodes. To verify the results with the minimum size of verification objects (VOs), we design a query result verification method based on the blockchain, in which the client can verify the query results by processing the VOs generated based on the proposed VMR-Tree index and the blockchain. Besides, we further propose an optimization algorithm to reduce the size of VOs. We theoretically analyze the computational complexity and security guarantees of the proposed approaches. We also conducted extensive experiments on real and synthetic datasets to evaluate the efficiency of the proposed method on the result verification of location-based kNN queries.

近年来，区块链技术受到广泛关注，并应用于医疗健康、物联网、数据库系统等各个领域。利用区块链的去中心化和防篡改特性，它为实现数据查询的验证提供了潜在的解决方案，而无需传统数据验证研究中对可信第三方的假设。然而，对于实际位置场景中常见的查询类型kNN查询，很少有现有的解决方案能够直接支持基于区块链的位置kNN查询处理和结果认证。针对这一问题，本文提出了一种基于区块链的可验证kNN查询处理方法。在该方法中，我们首先设计了一种新的可验证数据结构VMR-Tree，它将数据对象及其相邻对象存储在叶节点中，将用于数据验证的哈希值存储在非叶节点中。为了以最小的验证对象（VO）大小验证结果，我们设计了一种基于区块链的查询结果验证方法，其中客户端可以通过处理基于提出的VMR-Tree索引和区块链生成的VO来验证查询结果。此外，我们还提出了一种优化算法来减少VO的大小。我们从理论上分析了所提方法的计算复杂度和安全保证。我们还在真实和合成数据集上进行了广泛的实验，以评估所提方法在基于位置的kNN查询结果验证方面的效率。

Pdf link:

https://ieeexplore.ieee.org/document/10538850

Title:

UNITE: Privacy-Aware Verifiable Quality Assessment via Federated Learning in Blockchain-Empowered Crowdsourcing

UNITE：通过区块链众包中的联合学习实现隐私感知可验证质量评估

Authors:

Key words:

Quality assessment, crowdsourcing, federated learning, differential privacy, blockchain

质量评估、众包、联邦学习、差分隐私、区块链

Abstract:

As a new type of task execution mode, crowdsourcing makes use of crowd/worker intelligence to collaboratively complete diverse tasks published by task requesters. Quality assessment is an important stage in crowdsourcing as the publicly recruited workers often vary in reliability when performing tasks. Prior works on crowdsourcing quality assessment either ignore the possible privacy disclosure from the task data or are vulnerable to biased evaluation from malicious evaluators. In this paper, we propose a privacy-aware verifiable crowdsourcing quality assessment scheme UNITE against semi-honest and malicious adversaries. UNITE explores federated learning for privacy-aware training of task models, which serves as an indicator of quality assessment. To prevent attackers from deducing the task data from model gradients, we design a secure model update protocol based on differential privacy and perform it with blockchain smart contracts for trustworthy model aggregation. In the presence of malicious requesters providing incorrect assessments, we exploit Pedersen Commitment to generate evidence, which is recorded on-chain with some metadata for public audit. Detailed privacy analysis demonstrates that our differential privacy scheme satisfies (ε,δ)-local differential privacy. Finally, we conducted extensive experiments on two real-world datasets and deployed the smart contracts on Hyperledger Fabric to demonstrate good accuracy and both on-chain and off-chain performance.

作为一种新型的任务执行模式，众包利用众包/工人智能来协同完成任务请求者发布的各种任务。质量评估是众包中的一个重要阶段，因为公开招募的工人在执行任务时的可靠性往往参差不齐。先前的众包质量评估研究要么忽略了任务数据可能泄露的隐私，要么容易受到恶意评估者的偏见评估。在本文中，我们提出了一种隐私感知的可验证众包质量评估方案 UNITE，以对抗半诚实和恶意的对手。UNITE 探索了联邦学习，用于隐私感知的任务模型训练，作为质量评估的指标。为了防止攻击者从模型梯度中推断出任务数据，我们设计了一个基于差分隐私的安全模型更新协议，并使用区块链智能合约执行该协议，以实现可信的模型聚合。当存在恶意请求者提供不正确的评估时，我们利用 Pedersen 承诺来生成证据，该证据与一些元数据一起记录在链上以供公众审计。详细的隐私分析表明，我们的差分隐私方案满足 (ε,δ)-局部差分隐私。最后，我们在两个真实数据集上进行了大量实验，并在 Hyperledger Fabric 上部署了智能合约，以展示良好的准确性以及链上和链下性能。

Pdf link:

https://ieeexplore.ieee.org/document/10538937

Title:

FedJudge: Blockchain-based full-lifecycle trustworthy federated learning incentive mechanism

FedJudge：基于区块链的全生命周期可信联邦学习激励机制

Authors:

Key words:

federated learning, blockchain, participant selection, incentive mechanisms, lifecycle model

联邦学习、区块链、参与者选择、激励机制、生命周期模型

Abstract:

In the realm of federated learning systems, establishing fair and trustworthy incentive mechanisms stands as a pivotal challenge. Unlike conventional distributed machine learning, federated learning operates within a decentralized client cluster, where participants meticulously assess incentives and costs before opting to engage. This paper introduces FedJudge, a novel Blockchain-based incentive mechanism that ensures trustworthiness throughout the complete lifecycle of federated learning. To address the issue of evaluating clients’ contributions to the federated model, we adapt the Shapley value algorithm from game theory, resulting in FedShapley. This framework impartially and credibly quantifies the marginal impact of each client on the federated model’s advancement. To ensure objectivity, credibility, and scalability in the FedShapley computation process, we propose FedShapleyPMC—a trusted parallel algorithm harnessing smart contract technology on the blockchain. Furthermore, we implement an automated payment allocation system based on a cryptographic token infrastructure on the blockchain. This implementation guarantees a trustworthy incentive mechanism throughout the federated learning process. Through empirical validation and analysis on authentic datasets, we demonstrate that FedJudge significantly enhances Byzantine fault tolerance while concurrently reducing computation and communication complexities. These advancements are achieved without compromising the robust privacy and security safe-guards.

在联邦学习系统领域，建立公平可信的激励机制是一项关键挑战。与传统的分布式机器学习不同，联邦学习在去中心化的客户端集群中运行，参与者在选择参与之前会仔细评估激励和成本。本文介绍了 FedJudge，这是一种基于区块链的新型激励机制，可确保联邦学习整个生命周期的可信度。为了解决评估客户端对联邦模型贡献的问题，我们采用了博弈论中的 Shapley 值算法，从而产生了 FedShapley。该框架公正可信地量化了每个客户端对联邦模型进步的边际影响。为了确保 FedShapley 计算过程的客观性、可信度和可扩展性，我们提出了 FedShapleyPMC——一种利用区块链上的智能合约技术的可信并行算法。此外，我们基于区块链上的加密代币基础设施实现了自动支付分配系统。此实现保证了整个联邦学习过程中的可信激励机制。通过对真实数据集进行实证验证和分析，我们证明 FedJudge 显著增强了拜占庭容错能力，同时降低了计算和通信复杂性。这些进步是在不损害强大的隐私和安全保障的情况下实现的。

Pdf link:

https://ieeexplore.ieee.org/document/10538966

Title:

A Practical and Privacy-Preserving Vehicular Data Sharing Framework by Using Blockchain

基于区块链的实用且保护隐私的车辆数据共享框架

Authors:

Key words:

vehicular social network, vehicular data sharing, symmetric searchable encryption, keyword search, blockchain

车辆社交网络、车辆数据共享、对称可搜索加密、关键字搜索、区块链

Abstract:

As the integration of the Internet of Vehicles and social networks, vehicular social networks (VSNs) are promising to boost the realization of intelligent transportation system. Recently, vehicular data privacy has been paid increasing attention in data sharing. Searchable encryption as a promising cryptographic primitive can be utilized to ensure vehicular data confidentiality without sacrificing data searchability. However, most vehicular data sharing schemes rely on centralized cloud servers, which are vulnerable to the single point of failure and distributed denial of service (DDoS) attacks. In this paper, we propose VehShare, a decentralized framework for privacy-preserving vehicular data sharing. We resort to the smart contract to implement a trusted platform for vehicles to share their encrypted vehicular data. To provide efficient access control, we design an authorization-based on-chain access control scheme with a lightweight cryptographic primitive. Moreover, we design a time synchronization-based non-interactive search token generation scheme to achieve efficient privacy-preserving search queries, while satisfying forward and backward security. We formally analyze the security of VehShare and extensive experiments demonstrate the efficiency of VehShare.

作为车联网与社交网络的融合，车载社交网络有望助力智能交通系统的实现。近年来，车辆数据隐私在数据共享中受到越来越多的关注。可搜索加密作为一种有前途的密码原语，可用于确保车辆数据的机密性而不牺牲数据的可搜索性。然而，大多数车辆数据共享方案依赖于集中式云服务器，这些服务器容易受到单点故障和分布式拒绝服务 (DDoS) 攻击。在本文中，我们提出了 VehShare，一个用于隐私保护的车辆数据共享的去中心化框架。我们借助智能合约来实现一个可信的平台，供车辆共享其加密的车辆数据。为了提供有效的访问控制，我们设计了一个基于授权的链上访问控制方案，该方案具有轻量级密码原语。此外，我们设计了一个基于时间同步的非交互式搜索令牌生成方案，以实现高效的隐私保护搜索查询，同时满足前向和后向安全性。我们正式分析了VehShare的安全性，并通过大量实验证明了VehShare的效率。