IET Blockchain最新文献

Blockchain technology has emerged and evolved as a disruptive technology with the potential to be applied in various fields, including digital finance, healthcare, and the Internet of Things (IoT). Besides being a distributed ledger, blockchain enables decentralized and trusted storage/computation without relying on a central trusted party. However, the growing heterogeneity of blockchain platforms and the expanding range of applications have resulted in escalating security and privacy concerns. These concerns encompass persistent privacy breaches, vulnerabilities in smart contracts, and the “impossible triangle” problem. These challenges have emerged as the primary obstacles to the development and seamless integration of blockchain technology with industry applications.

To address the security and privacy challenges in blockchain platforms and its applications, numerous researchers have conducted extensive studies in this field by leveraging advanced technologies, including new cryptographic protocols and deep learning techniques. This special issue aims to highlight research perspectives, articles, and experimental studies pertaining to “Security and Privacy Issues in Blockchain and Its Applications”.

In this special issue, we received a total of 19 papers, out of which 17 underwent a rigorous peer-review process. However, two papers were excluded from the peer-reviewed selection because one was submitted in a draft form and the other was voluntarily withdrawn by the authors. Out of the 17 papers submitted for review, 10 were accepted for publication, six were rejected without being transferred, and one was rejected and referred to a transfer service. The exceptional quality of all the submissions played a crucial role in ensuring the success of this special issue.

These accepted papers can be classified into two categories, namely blockchain application security and cross-chain interaction security. The papers in the first category focus on analyzing and providing insights into the security of blockchain applications. Their objective is to keep readers informed about the latest trends, developments, challenges, and opportunities in blockchain application security. Moreover, significant research efforts have been dedicated to security analysis and detection in typical blockchain applications. The papers in this category are of Zhou et al., Grybniak et al., Lv et al., Li et al., Gong et al., Xiao et al. and Videira et al. These contributions further enhance our understanding and capability to safeguard blockchain applications from potential security threats. The second category of papers presents novel solutions that target the enhancement of security in cross-system interactions. These papers are of Feng et al., Xu et al. and Yu et al. By addressing the specific challenges associated with cross-system communication, these solutions contribute to the development of robust and secure blockchain networks. A brief presentation

The personal lending marketplace, known as Peer-to-Peer (P2P) lending, has increased globally. However, providing unsecured loans to peers without requiring collateral remains a challenge. A platform called TrustLend is proposed to enable trustworthy transactions in the personal lending application. The platform attempts to eliminate or minimize the collateral requirement. The trustworthiness score adds to this platform's variable selection rules and can help lenders decide on reliable candidates as borrowers. The prototype implementing the TrustLend platform based on Ethereum smart contracts that use the trustworthiness score is also described and it is illustrated with a Decentralized Application (DApp) case study and customized smart contracts. The prototype demonstrates fundamental features and supports borrowers, lenders, and recommenders in establishing proposals and approvals. Finally, the prototype shows how end-users can easily access loans with reduced collateral without hidden costs and swift transactions.

With the rapid development of blockchain technology in the financial sector, the security of blockchain is being put to the test due to an increase in phishing fraud. Therefore, it is essential to study more effective measures and better solutions. Graph models have been proven to provide abundant information for downstream assignments. In this study, a graph-based embedding classification method is proposed for phishing detection on Ethereum by modeling its transaction records using subgraphs. Initially, the transaction data of normal addresses and an equal number of confirmed phishing addresses are collected through web crawling. Multiple subgraphs using the collected transaction records are constructed, with each subgraph containing a target address and its nearby transaction network. To extract features of the addresses, a modified Graph2Vec model called imgraph2vec is designed, which considers block height, timestamp, and amount of transactions. Finally, the Extreme Gradient Boosting (XGBoost) algorithm is employed to detect phishing and normal addresses. The experimental results show that the proposed method achieves good performance in phishing detection, indicating the effectiveness of imgraph2vec in feature acquisition of transaction networks compared to existing models.

A major drawback in deploying central bank digital currencies (CBDC) is the offline puzzle, which requires that a CBDC must keep the liquidity provision given by cash, and, simultaneously, avoid double-spending, cloning, and other issues. The puzzle is solved by minting the coins in serial numbers, which are stored on a local blockchain inside a smartphone or EMV card. The local blockchain is strengthened by a two-stage approval architecture that mitigates attacks and enables non-repudiation handling. The coins are protected by hardware keys embedded in the microchip and can be continuously mined by the wallet to enhance security. The coins can be either minted as hot coins, which can be retrieved in case of loss, or minted as cold coins, like physical cash.

With the rapid application of consortium chains, supervising these systems has become a challenge for governments. The centralized model fails to deliver supervision services that are both open and transparent. Given the benefits of decentralization, non-tampering, and traceability offered by blockchains, researchers propose the concept of ‘governing the chain by chain’, which involves supervising multiple consortium chains by constructing a blockchain. Under this idea, the cross-chain scheme becomes the key to achieving excellent supervision. Existing studies have shortcomings and cannot meet the requirements of universality, security, and efficiency in cross-chain supervision scenarios. Aiming at the challenges, we propose ChainKeeper, a cross-chain scheme for governing the chain by chain. The innovation of our work lies in three points. First, a modular node proxy program is designed to adapt to various implementations of consortium chains. Second, a verifiable node random selection method is put forward to improve the throughput of cross-chain data transmission. Finally, a verifiable identity threshold signature method is proposed to prevent the cheating behavior of malicious nodes. To verify the universality of ChainKeeper, we built a prototype system on three types of consortium chains. The experimental results show that ChainKeeper can achieve high throughput, outperforming two state-of-the-art cross-chain schemes.

The security of smart contract has always been one of the significant problems in blockchain. As shown in previous studies, vulnerabilities in smart contracts can lead to unpredictable losses. With the rapid growth of the number of smart contracts, more and more data driven detection technologies based on machine learning have been proposed. However, some state-of-the-art approaches mainly rely on the source code of smart contract. These methods are limited by the openness of the source code and the version of the programming language. To address this problem, we propose a novel vulnerability detection method based on transformer by constructing the control flow graph (CFG) of smart contracts operation codes (opcodes), which shields the difference of various versions of program language. Extensive experiments are conducted to evaluate the effectiveness of the proposed method on the authors' own collected dataset. The experimental results show that the proposed method achieves 94.36% accuracy in vulnerability detection, which performs better than other state-of-the-art methods.

The anonymous and tamper-proof nature of the blockchain poses significant challenges in auditing and regulating the behaviour and data on the chain. Criminal activities and anomalies are frequently changing, and fraudsters are devising new ways to evade detection. Moreover, the high volume and complexity of transactions and asymmetric errors make data classification more challenging. Also, class imbalances and high labelling costs are hindering the development of effective algorithms. In response to these issues, the authors present BlockDetective, a novel framework based on GCN that utilizes student–teacher architecture to detect fraudulent cryptocurrency transactions that are related to money laundering. The authors’ method leverages pre-training and fine-tuning, allowing the pre-trained model (teacher) to adapt better to the new data distribution and enhance the prediction performance while teaching a new, light-weight model (student) that provides abstract and top-level information. The authors’ experimental results show that BlockDetective outperforms state-of-the-art research methods by achieving top-notch performance in detecting fraudulent transactions on the blockchain. This framework can assist regulators and auditors in detecting and preventing fraudulent activities on the blockchain, thereby promoting a more secure and transparent financial system.

Metaverse is a digital value interaction network based on blockchain technology, with an important economic system component. While both traditional financial industries and crypto-native industries have made significant progress by leveraging blockchain, the value stream of each remains limited to separate ecosystems. To bridge this gap between off-chain and on-chain economic systems, an on-chain trading model was proposed using HD key derivation technique for direct uploading onto chains without going through centralized services for IoT data transmission. To improve the current status of NFTs as static assets, a token protocol binding each NFT with a unique account address was proposed. Additionally, oracle technique was leveraged with a decentralized and distributed trust model spanning across on-chain and off-chain components which securely pushes data between smart contracts and Web-APIs. A decentralized trading model was developed based on smart contracts implementing automated market makers according to CFMM algorithm. Parallel transaction computing was executed based on the DAG model to ensure high operational performance and security standards of underlying blockchain. Finally, the on-chain trading system of real world asset backed digital assets was developed integrating all the above key techniques that correspond to crucial functions of a complete economic system in Metaverse.

The reentrancy vulnerability in smart contracts has caused significant losses in the digital currency economy. Existing solutions for detecting and repairing this vulnerability are limited in scope and lack a comprehensive framework. Additionally, there is currently a lack of guidance methods for effectively pinpointing the location of vulnerabilities. The proposed bytecode-level method addresses these challenges by incorporating a detection module, an auxiliary localization module, and a repair module. An opcode classification method is introduced using vulnerability features and a BiLSTM-Attention-based sequence model to enhance detection accuracy. To overcome difficulties in vulnerability localization, an auxiliary localization method based on data flow and control flow analysis is proposed, enabling developers to better locate vulnerabilities. Current reentrancy vulnerability repair methods are analyzed and strategies for three reachable patterns are proposed. The bytecode rewriting strategy utilizes Trampoline technology for repair, while a fuel optimization method reduces bytecode generation length to optimize gas costs. Through extensive experimental validation, the effectiveness and superiority of the proposed methods are confirmed, further validating the feasibility of the entire framework. Experimental results demonstrate that the framework offers enhanced protection against reentrancy vulnerability attacks in smart contracts.