Pub Date : 2025-09-01DOI: 10.1016/j.bcra.2025.100287
Chu Chen , Xuan Wang , Bin Yu , Yumo Tian , Xiaoyu Lu , Pinghong Ren , Jin Liu
With the widespread adoption of WebAssembly (Wasm) smart contracts in popular blockchain platforms such as EOSIO, vulnerability attacks on Wasm smart contracts have become a serious problem. To protect the legitimate interests of blockchain users, it is necessary to detect vulnerabilities in Wasm smart contracts. However, detection faces a great challenge in that the source code of Wasm smart contracts is rarely released publicly. Although many approaches have made great progress in vulnerability detection, they still suffer from inefficiently generating function invocation sequences to track inter-function dependencies, ineffectively tracking sensitive information flows, and a considerable number of False Positives (FPs). To address these issues, we present a new concolic fuzzing approach for detecting vulnerabilities in Wasm smart contracts via information flows and function invocation sequences, namely, WASIF. Also, we implement the open-source prototype of the WASIF and conduct extensive experiments to evaluate it. The experimental results show that WASIF effectively and efficiently detects vulnerabilities in Wasm smart contracts and outperforms the state-of-the-art concolic fuzzer WASAI on most metrics.
{"title":"WASIF: In-depth detection of vulnerabilities in Wasm smart contracts via information flows and function invocation sequences","authors":"Chu Chen , Xuan Wang , Bin Yu , Yumo Tian , Xiaoyu Lu , Pinghong Ren , Jin Liu","doi":"10.1016/j.bcra.2025.100287","DOIUrl":"10.1016/j.bcra.2025.100287","url":null,"abstract":"<div><div>With the widespread adoption of WebAssembly (Wasm) smart contracts in popular blockchain platforms such as EOSIO, vulnerability attacks on Wasm smart contracts have become a serious problem. To protect the legitimate interests of blockchain users, it is necessary to detect vulnerabilities in Wasm smart contracts. However, detection faces a great challenge in that the source code of Wasm smart contracts is rarely released publicly. Although many approaches have made great progress in vulnerability detection, they still suffer from inefficiently generating function invocation sequences to track inter-function dependencies, ineffectively tracking sensitive information flows, and a considerable number of False Positives (FPs). To address these issues, we present a new concolic fuzzing approach for detecting vulnerabilities in Wasm smart contracts via information flows and function invocation sequences, namely, WASIF. Also, we implement the open-source prototype of the WASIF and conduct extensive experiments to evaluate it. The experimental results show that WASIF effectively and efficiently detects vulnerabilities in Wasm smart contracts and outperforms the state-of-the-art concolic fuzzer WASAI on most metrics.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 3","pages":"Article 100287"},"PeriodicalIF":5.6,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144925056","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-01DOI: 10.1016/j.bcra.2025.100292
Huijian Han , Mingwei Wang , Feng Yang , Linpeng Jia , Yi Sun , Rui Zhang
Rollup stands out as one of the most effective techniques for blockchain Layer-2 scaling. By processing transactions off-chain, it significantly enhances the throughput. However, the most rollup implementations currently rely on centralized sequencers, exposing the system and users to censorship attacks and risking network paralysis. In contrast, fully decentralized sequencers encounter latency issues and reduced throughput during the consensus phase. We propose a multislot weighted leader election algorithm based on shared sequencers, apply the proposer–builder separation (PBS) model, and use the fuzzy cognitive map (FCM) to analyze and optimize the important influence parameters. With its low trust dependence and high functionality, the probability of selecting malicious nodes is reduced. The sequencing and consensus are separated, so that the transaction can quickly reach soft confirmation. We implement this algorithm in a shared sequencer prototype. The experimental results show that the proposed algorithm parameter settings are in line with the expectations, and the probability of electing malicious nodes is significantly reduced. The transactions per second (TPS) of the network can cope with the throughput requirements of the Layer-2.
Rollup是区块链第2层扩展最有效的技术之一。通过处理链下交易,它显著提高了吞吐量。然而,大多数rollup实现目前依赖于集中式测序器,这将系统和用户暴露于审查攻击之下,并有网络瘫痪的风险。相比之下,完全分散的测序器在共识阶段遇到延迟问题和吞吐量降低。提出了一种基于共享序列的多时隙加权领袖选举算法,采用提议者-构建者分离(PBS)模型,并利用模糊认知图(FCM)对重要影响参数进行分析和优化。该算法具有较低的信任依赖性和较高的功能性,降低了选择恶意节点的概率。排序和共识分离,使交易能够快速达到软确认。我们在一个共享的音序器原型中实现了这个算法。实验结果表明,提出的算法参数设置符合预期,显著降低了恶意节点的当选概率。网络的TPS (transactions per second)可以满足第二层的吞吐量要求。
{"title":"A Layer-2 expansion shared sequencer model for blockchain scalability","authors":"Huijian Han , Mingwei Wang , Feng Yang , Linpeng Jia , Yi Sun , Rui Zhang","doi":"10.1016/j.bcra.2025.100292","DOIUrl":"10.1016/j.bcra.2025.100292","url":null,"abstract":"<div><div>Rollup stands out as one of the most effective techniques for blockchain Layer-2 scaling. By processing transactions off-chain, it significantly enhances the throughput. However, the most rollup implementations currently rely on centralized sequencers, exposing the system and users to censorship attacks and risking network paralysis. In contrast, fully decentralized sequencers encounter latency issues and reduced throughput during the consensus phase. We propose a multislot weighted leader election algorithm based on shared sequencers, apply the proposer–builder separation (PBS) model, and use the fuzzy cognitive map (FCM) to analyze and optimize the important influence parameters. With its low trust dependence and high functionality, the probability of selecting malicious nodes is reduced. The sequencing and consensus are separated, so that the transaction can quickly reach soft confirmation. We implement this algorithm in a shared sequencer prototype. The experimental results show that the proposed algorithm parameter settings are in line with the expectations, and the probability of electing malicious nodes is significantly reduced. The transactions per second (TPS) of the network can cope with the throughput requirements of the Layer-2.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 3","pages":"Article 100292"},"PeriodicalIF":5.6,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145120932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-08-19DOI: 10.1016/j.bcra.2025.100358
Wittawat Kositwattanarerk
{"title":"Corrigendum to “Dynamic exponent market maker: personalized portfolio manager and one pool to trade them all”","authors":"Wittawat Kositwattanarerk","doi":"10.1016/j.bcra.2025.100358","DOIUrl":"10.1016/j.bcra.2025.100358","url":null,"abstract":"","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 3","pages":"Article 100358"},"PeriodicalIF":5.6,"publicationDate":"2025-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144865132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-06-20DOI: 10.1016/j.bcra.2025.100319
Rahma Mukta , Shantanu Pal , Kowshik Chowdhury , Michael Hitchens , Hye-young Paik , Salil S. Kanhere
As digital ecosystems become more complex with decentralized technologies like the Internet of Things (IoT) and blockchain, traditional access control models fail to meet the security needs of dynamic, high-risk environments. The need for dynamic, fine-grained access control mechanisms has become critical, particularly in environments where trust must be continuously evaluated, and access decisions must adapt to real-time conditions. Traditional models often rely on static identity management and centralized trust assumptions, which are inadequate for modern, decentralized, and highly dynamic environments such as IoT ecosystems. Consequently, existing solutions lack fine-grained identity management, flexible delegation, and continuous trust evaluation, highlighting the need for a more robust, adaptive, and decentralized access control architecture. To address these gaps, this paper presents a novel access control architecture that integrates self-sovereign identity (SSI) and decentralized identifier (DID)-based access control with zero trust principles, enhanced by a flexible capability-based access control (CapBAC) approach. Leveraging SSI and DID allows entities to manage their identities without relying on a central authority, aligning with zero-trust principles. The integration of CapBAC ensures flexible, context-aware, and attribute-based access control, where access rights are dynamically granted based on the requester's capabilities. This enables fine-grained delegation of access rights, allowing trusted entities to delegate specific privileges to others without compromising overall security. Continuous trust evaluation is employed to assess the authenticity of access requests, mitigating the risks posed by compromised devices or users. The proposed architecture also incorporates blockchain technology to ensure transparent, immutable, and secure management of access logs, providing traceability and accountability for all access events. We demonstrate the feasibility and effectiveness of this solution through performance evaluations and comparisons with existing access control schemes, showing its superior security, scalability, and adaptability in real-world scenarios. Our work demonstrates a comprehensive, decentralized, and scalable solution for secure access control delegation using zero trust-driven principles.
{"title":"Zero trust-driven access control delegation using blockchain","authors":"Rahma Mukta , Shantanu Pal , Kowshik Chowdhury , Michael Hitchens , Hye-young Paik , Salil S. Kanhere","doi":"10.1016/j.bcra.2025.100319","DOIUrl":"10.1016/j.bcra.2025.100319","url":null,"abstract":"<div><div>As digital ecosystems become more complex with decentralized technologies like the Internet of Things (IoT) and blockchain, traditional access control models fail to meet the security needs of dynamic, high-risk environments. The need for dynamic, fine-grained access control mechanisms has become critical, particularly in environments where trust must be continuously evaluated, and access decisions must adapt to real-time conditions. Traditional models often rely on static identity management and centralized trust assumptions, which are inadequate for modern, decentralized, and highly dynamic environments such as IoT ecosystems. Consequently, existing solutions lack fine-grained identity management, flexible delegation, and continuous trust evaluation, highlighting the need for a more robust, adaptive, and decentralized access control architecture. To address these gaps, this paper presents a novel access control architecture that integrates self-sovereign identity (SSI) and decentralized identifier (DID)-based access control with zero trust principles, enhanced by a flexible capability-based access control (CapBAC) approach. Leveraging SSI and DID allows entities to manage their identities without relying on a central authority, aligning with zero-trust principles. The integration of CapBAC ensures flexible, context-aware, and attribute-based access control, where access rights are dynamically granted based on the requester's capabilities. This enables fine-grained delegation of access rights, allowing trusted entities to delegate specific privileges to others without compromising overall security. Continuous trust evaluation is employed to assess the authenticity of access requests, mitigating the risks posed by compromised devices or users. The proposed architecture also incorporates blockchain technology to ensure transparent, immutable, and secure management of access logs, providing traceability and accountability for all access events. We demonstrate the feasibility and effectiveness of this solution through performance evaluations and comparisons with existing access control schemes, showing its superior security, scalability, and adaptability in real-world scenarios. Our work demonstrates a comprehensive, decentralized, and scalable solution for secure access control delegation using zero trust-driven principles.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"7 1","pages":"Article 100319"},"PeriodicalIF":5.6,"publicationDate":"2025-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146024719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-06-01DOI: 10.1016/j.bcra.2024.100267
Taiwu Pang , Zheming Ye , Zhao Zhang , Cheqing Jin
While the potential applications of the consortium blockchain are becoming increasingly evident, the fault tolerance of systems in complex and changeable real environments has become an increasingly important factor. In recent years, many blockchain-oriented fault tolerance testing tools have been proposed. However, the selected fault sets cannot cover all kinds of problems that the consortium blockchain may encounter in real scenarios. Moreover, a rationality analysis of test results is often missing from these tools. In addition, it is also worth considering how to optimize system performance in the fault continuous stage. In this paper, we propose a general full-stack fault injection platform that can support the orderly injection of different kinds of Byzantine and non-Byzantine failures in a distributed scenario. Regarding the unclear underlying principles affecting system performance due to faults, we conduct an attribution analysis of various faults' influences on the consortium blockchain. Based on conclusions drawn form the attribution analysis, we design and implement the test-driven optimization strategy. The experimental results show that the optimization strategy can shorten the system average delay to less than one-third of that before optimization by reducing the throughput by about 15% in most fault scenarios.
{"title":"Fault tolerance testing and tuning for consortium blockchain","authors":"Taiwu Pang , Zheming Ye , Zhao Zhang , Cheqing Jin","doi":"10.1016/j.bcra.2024.100267","DOIUrl":"10.1016/j.bcra.2024.100267","url":null,"abstract":"<div><div>While the potential applications of the consortium blockchain are becoming increasingly evident, the fault tolerance of systems in complex and changeable real environments has become an increasingly important factor. In recent years, many blockchain-oriented fault tolerance testing tools have been proposed. However, the selected fault sets cannot cover all kinds of problems that the consortium blockchain may encounter in real scenarios. Moreover, a rationality analysis of test results is often missing from these tools. In addition, it is also worth considering how to optimize system performance in the fault continuous stage. In this paper, we propose a general full-stack fault injection platform that can support the orderly injection of different kinds of Byzantine and non-Byzantine failures in a distributed scenario. Regarding the unclear underlying principles affecting system performance due to faults, we conduct an attribution analysis of various faults' influences on the consortium blockchain. Based on conclusions drawn form the attribution analysis, we design and implement the test-driven optimization strategy. The experimental results show that the optimization strategy can shorten the system average delay to less than one-third of that before optimization by reducing the throughput by about 15% in most fault scenarios.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 2","pages":"Article 100267"},"PeriodicalIF":6.9,"publicationDate":"2025-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144470083","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-06-01DOI: 10.1016/j.bcra.2024.100269
Mostafa Chegenizadeh , Nickolay Larionov , Sina Rafati Niya , Yury Yanovich , Claudio J. Tessone
In this paper, we analyze shared send mixers (SSMs) within Cardano's extended unspent transaction output (EUTXO) model, presenting significant contributions to the understanding of UTXO-based blockchains. Firstly, we define the EUTXO SSM untangling problem and propose an algorithm to address it, along with providing an open-source implementation of the solution. Utilizing real transaction examples, we formulate and solve this problem in a systematic manner, shedding light on the intricacies of coin circulation within the Cardano blockchain. Through our analysis, we reveal some insights into the usage of SSMs, including statistics on their frequency and effectiveness in untangling transactions. With this method, our findings show that 11% of transactions seem to involve SSMs, 83% of which enable unique untangling. Moreover, we discuss the potential application of our algorithm in enhancing the address clustering results of transaction-level heuristics. Overall, our work contributes to a deeper understanding of transactional dynamics within UTXO cryptocurrencies, particularly within the context of Cardano's EUTXO model.
{"title":"Cardano shared send transactions untangling in numbers","authors":"Mostafa Chegenizadeh , Nickolay Larionov , Sina Rafati Niya , Yury Yanovich , Claudio J. Tessone","doi":"10.1016/j.bcra.2024.100269","DOIUrl":"10.1016/j.bcra.2024.100269","url":null,"abstract":"<div><div>In this paper, we analyze shared send mixers (SSMs) within Cardano's extended unspent transaction output (EUTXO) model, presenting significant contributions to the understanding of UTXO-based blockchains. Firstly, we define the EUTXO SSM untangling problem and propose an algorithm to address it, along with providing an open-source implementation of the solution. Utilizing real transaction examples, we formulate and solve this problem in a systematic manner, shedding light on the intricacies of coin circulation within the Cardano blockchain. Through our analysis, we reveal some insights into the usage of SSMs, including statistics on their frequency and effectiveness in untangling transactions. With this method, our findings show that 11% of transactions seem to involve SSMs, 83% of which enable unique untangling. Moreover, we discuss the potential application of our algorithm in enhancing the address clustering results of transaction-level heuristics. Overall, our work contributes to a deeper understanding of transactional dynamics within UTXO cryptocurrencies, particularly within the context of Cardano's EUTXO model.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 2","pages":"Article 100269"},"PeriodicalIF":6.9,"publicationDate":"2025-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144470085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The field of Artificial Intelligence (AI) is rapidly evolving, creating a demand for sophisticated models that rely on substantial data and computational resources for training. However, the high costs associated with training these models have limited accessibility, leading to concerns about transparency, biases, and hidden agendas within AI systems. As AI becomes more integrated into governmental services and the pursuit of Artificial General Intelligence (AGI) advances, the necessity for transparent and reliable AI models becomes increasingly critical. Decentralized Federated Learning (DFL) offers decentralized approaches to model training while safeguarding data privacy and ensuring resilience against adversarial participants. Nonetheless, the guarantees provided are not absolute, and even open-weight AI models do not qualify as truly open source. This paper suggests using blockchain technology, smart contracts, and publicly verifiable secret sharing in DFL environments to bolster trust, cooperation, and transparency in model training processes. Our numerical experiments illustrate that the overhead required to offer robust assurances to all peers regarding the correctness of the training process is relatively small. By incorporating these tools, participants can trust that trained models adhere to specified procedures, addressing accountability issues within AI systems and promoting the development of more ethical and dependable applications of AI.
{"title":"Unlocking potential of open source model training in decentralized federated learning environment","authors":"Ekaterina Pavlova , Grigorii Melnikov , Yury Yanovich , Alexey Frolov","doi":"10.1016/j.bcra.2024.100264","DOIUrl":"10.1016/j.bcra.2024.100264","url":null,"abstract":"<div><div>The field of Artificial Intelligence (AI) is rapidly evolving, creating a demand for sophisticated models that rely on substantial data and computational resources for training. However, the high costs associated with training these models have limited accessibility, leading to concerns about transparency, biases, and hidden agendas within AI systems. As AI becomes more integrated into governmental services and the pursuit of Artificial General Intelligence (AGI) advances, the necessity for transparent and reliable AI models becomes increasingly critical. Decentralized Federated Learning (DFL) offers decentralized approaches to model training while safeguarding data privacy and ensuring resilience against adversarial participants. Nonetheless, the guarantees provided are not absolute, and even open-weight AI models do not qualify as truly open source. This paper suggests using blockchain technology, smart contracts, and publicly verifiable secret sharing in DFL environments to bolster trust, cooperation, and transparency in model training processes. Our numerical experiments illustrate that the overhead required to offer robust assurances to all peers regarding the correctness of the training process is relatively small. By incorporating these tools, participants can trust that trained models adhere to specified procedures, addressing accountability issues within AI systems and promoting the development of more ethical and dependable applications of AI.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 2","pages":"Article 100264"},"PeriodicalIF":6.9,"publicationDate":"2025-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144298441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-06-01DOI: 10.1016/j.bcra.2024.100260
Zening Zhao , Jinsong Wang , Miao Yang , Haitao Wang
The Bitcoin network comprises numerous nodes, necessitating users to invest significant network requests and time in comprehending its network topology. In this paper, we propose a Bitcoin network topology discovery algorithm that uses lightweight probe nodes to facilitate rapid transmission of network protocols. Building upon this, we introduce a node layer clustering algorithm based on filtering stable network nodes, enabling parallel discovery of the network topology. Additionally, we present an adaptive method for dynamically displaying the layered structure of the network topology. Experimental results demonstrate that our proposed method reduces communication overhead by approximately 72.16% when achieving a 95% similarity in network topology. Furthermore, the algorithm is applicable for discovering the network topology in other blockchain networks with similar structures.
{"title":"An efficient Bitcoin network topology discovery algorithm for dynamic display","authors":"Zening Zhao , Jinsong Wang , Miao Yang , Haitao Wang","doi":"10.1016/j.bcra.2024.100260","DOIUrl":"10.1016/j.bcra.2024.100260","url":null,"abstract":"<div><div>The Bitcoin network comprises numerous nodes, necessitating users to invest significant network requests and time in comprehending its network topology. In this paper, we propose a Bitcoin network topology discovery algorithm that uses lightweight probe nodes to facilitate rapid transmission of network protocols. Building upon this, we introduce a node layer clustering algorithm based on filtering stable network nodes, enabling parallel discovery of the network topology. Additionally, we present an adaptive method for dynamically displaying the layered structure of the network topology. Experimental results demonstrate that our proposed method reduces communication overhead by approximately 72.16% when achieving a 95% similarity in network topology. Furthermore, the algorithm is applicable for discovering the network topology in other blockchain networks with similar structures.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 2","pages":"Article 100260"},"PeriodicalIF":6.9,"publicationDate":"2025-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144307968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-06-01DOI: 10.1016/j.bcra.2024.100272
Xuanming Liu , Jiawen Zhang , Yinghao Wang , Xinpeng Yang , Xiaohu Yang
The trading of data is becoming increasingly important as it holds substantial value. A blockchain-based data marketplace can provide a secure and transparent platform for data exchange. To facilitate this, developing a fair data exchange protocol for digital goods has garnered considerable attention in recent decades. The Zero Knowledge Contingent Payment (ZKCP) protocol enables trustless fair exchanges with the aid of blockchain and zero-knowledge proofs. However, applying this protocol in a practical data marketplace is not trivial.
In this paper, several potential attacks are identified when applying the ZKCP protocol in a practical public data marketplace. To address these issues, we propose SmartZKCP, an enhanced solution that offers improved security measures and increased performance. The protocol is formalized to ensure fairness and secure against potential attacks. Moreover, SmartZKCP offers efficiency optimizations and minimized communication costs. Evaluation results show that SmartZKCP is both practical and efficient, making it applicable in a data exchange marketplace.
{"title":"SmartZKCP: Towards practical data exchange marketplace against active attacks","authors":"Xuanming Liu , Jiawen Zhang , Yinghao Wang , Xinpeng Yang , Xiaohu Yang","doi":"10.1016/j.bcra.2024.100272","DOIUrl":"10.1016/j.bcra.2024.100272","url":null,"abstract":"<div><div>The trading of data is becoming increasingly important as it holds substantial value. A blockchain-based data marketplace can provide a secure and transparent platform for data exchange. To facilitate this, developing a fair data exchange protocol for digital goods has garnered considerable attention in recent decades. The Zero Knowledge Contingent Payment (ZKCP) protocol enables trustless fair exchanges with the aid of blockchain and zero-knowledge proofs. However, applying this protocol in a practical data marketplace is not trivial.</div><div>In this paper, several potential attacks are identified when applying the ZKCP protocol in a practical public data marketplace. To address these issues, we propose SmartZKCP, an enhanced solution that offers improved security measures and increased performance. The protocol is formalized to ensure fairness and secure against potential attacks. Moreover, SmartZKCP offers efficiency optimizations and minimized communication costs. Evaluation results show that SmartZKCP is both practical and efficient, making it applicable in a data exchange marketplace.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 2","pages":"Article 100272"},"PeriodicalIF":6.9,"publicationDate":"2025-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144270707","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-06-01DOI: 10.1016/j.bcra.2024.100263
Yuan Zhou , Yaoyao Zhang , Qinglin Yang , Yuan Liu , Chunming Rong , Zhihong Tian
The Cyber Threat Intelligence (CTI) marketplace is an emerging platform for CTI service requesters to countermeasure advanced cyber attacks, where CTI service providers are employed on payment. To create a trustworthy CTI marketplace environment, consortium-blockchain-based CTI service platforms have been widely proposed, where the blockchain system becomes the third role, crucially impacting the CTI service quality. How to sustainably promote CTI service quality in this tripartite marketplace is a challenging issue, which has not been well investigated in the literature. In this study, we propose a two-stage tripartite dynamic game-model-based incentive mechanism, where the participation incentives of the three parties are promoted under the constraints of Individual Rationality (IR) and Incentive Compatibility (IC). The sustainability of CTI service is quantitatively formalized through the CTI market demand, which impacts the future profits of the three parties. The Nash equilibrium of the proposed incentive mechanism is solved, where the CTI requester offers an optimal price to achieve effective defense against cyber attacks, and the blockchain platform and CTI service providers collaboratively contribute high-quality CTI services. Empirical experimental results show that the higher the quality of CTI services provided in the marketplace, the greater the market demand for CTI, resulting in a sustainable CTI marketplace.
{"title":"A blockchain based efficient incentive mechanism in tripartite cyber threat intelligence service marketplace","authors":"Yuan Zhou , Yaoyao Zhang , Qinglin Yang , Yuan Liu , Chunming Rong , Zhihong Tian","doi":"10.1016/j.bcra.2024.100263","DOIUrl":"10.1016/j.bcra.2024.100263","url":null,"abstract":"<div><div>The Cyber Threat Intelligence (CTI) marketplace is an emerging platform for CTI service requesters to countermeasure advanced cyber attacks, where CTI service providers are employed on payment. To create a trustworthy CTI marketplace environment, consortium-blockchain-based CTI service platforms have been widely proposed, where the blockchain system becomes the third role, crucially impacting the CTI service quality. How to sustainably promote CTI service quality in this tripartite marketplace is a challenging issue, which has not been well investigated in the literature. In this study, we propose a two-stage tripartite dynamic game-model-based incentive mechanism, where the participation incentives of the three parties are promoted under the constraints of Individual Rationality (IR) and Incentive Compatibility (IC). The sustainability of CTI service is quantitatively formalized through the CTI market demand, which impacts the future profits of the three parties. The Nash equilibrium of the proposed incentive mechanism is solved, where the CTI requester offers an optimal price to achieve effective defense against cyber attacks, and the blockchain platform and CTI service providers collaboratively contribute high-quality CTI services. Empirical experimental results show that the higher the quality of CTI services provided in the marketplace, the greater the market demand for CTI, resulting in a sustainable CTI marketplace.</div></div>","PeriodicalId":53141,"journal":{"name":"Blockchain-Research and Applications","volume":"6 2","pages":"Article 100263"},"PeriodicalIF":6.9,"publicationDate":"2025-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144307966","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号