Research On Security And Privacy Preservation Of Typical Blockchain-based Applications

Blockchain is a distributed database that records data in a decentralized manner on multiple nodes in a network.Each node stores a complete copy of the data,ensuring its integrity,transparency and immutability.The emergence of this technology has addressed the issue of the single point of failure in centralized environments,making data more secure and reliable.However,low-efficient data verification during the consensus process remains a challenge for blockchain scalability.Off-chain technology is widely used to tackle this problem to reduce the frequency of on-chain verifications.On the other hand,blockchain technology has found widespread applications in various fields such as cryptocurrencies and integrated heterogeneous networks.Nonetheless,blockchain platforms used in different applications are incompatible with each other,hindering data interoperability and resulting in data islands.To circumvent this issue,cross-chain technology is widely adopted to interconnect different blockchain platforms and facilitate data transfer.Nonetheless,owing to the inherent transparency of blockchain,protecting the privacy of data stored on it becomes challenging.Furthermore,transactions recorded on the blockchain can reveal relationships between users,thereby compromising identity privacy.Consequently,the on-chain,off-chain,and cross-chain implementations in cryptocurrencies and integrated heterogeneous networks still encounter numerous security and privacy concerns.Firstly,in the context of trust-management-supported integrated heterogeneous networks,ensuring anonymous updates poses challenges,and achieving efficient cross-domain authentication is also a complex task.Secondly,current Bitcoin-compatible mixing protocols exhibit poor robustness and reliability.Finally,existing cryptocurrency cross-chain exchange protocols have poor robustness and their unlinkability is difficult to guarantee.To solve the above problems,this thesis centers on blockchain applications(e.g.,integrated heterogeneous networks and cryptocurrencies),and takes the on-chain,off-chain and crosschain technologies as the main line,to make breakthroughs in the security and privacy protection of blockchain applications.Our contributions are outlined below:(1)In order to address the challenging anonymous updates and inefficient cross-domain authentication problems in integrated heterogeneous networks with trust management,we propose an efficient scheme for anonymous updates and cross-domain authentication called CrossAuth.It achieves fine-grained cross-domain authentication based on both identity and authority,as well as protects both identity privacy and authority privacy.CrossAuth constructs a user information management architecture for integrated heterogeneous networks based on blockchain.It effectively reduces communication delays of cross-domain authentication by avoiding access to the home network.Besides,a ring signature is applied to obfuscate the anonymities of user equipment(UE)with the same trust level.This approach serves to resolve the conflict between trust management and anonymous updates,while also mitigating the potential impact of blockchain transparency on user identity privacy.Meanwhile,the anonymous update can be initiated either by UEs in real time or by the home network(HN)at regular intervals,which improves flexibility and practicability.(2)In order to solve the weak robustness and poor reliability problems in mixing protocols for the Bitcoin network,we propose a Secure Offchain-Supported Bitcoin-Compatible Mixing Protocol,named SofitMix.SofitMix realizes atomicity and mitigates DoS attacks and Sybil attacks by tactfully utilizing hash-time-lock transactions and transaction fees.It applies digital signatures and transactions recorded on the blockchain to effectively prevent collusion attacks.At the same time,it employs multiple-input and multiple-output(MIMO)transactions of Bitcoin to decouple off-chain payments,thereby enhancing the reliability of off-chain payments.Meanwhile,it employs zero-knowledge proofs to disable a mixer to derive the linkage between a payee and an actual payer,which guarantees unlinkability.(3)In order to overcome the challenges of low robustness and the complicated task of ensuring unlinkability in cryptocurrency exchanges,we propose SPCEX,a Secure and Privacypreserving Cryptocurrency EXchange protocol,which gets rid of any dependence on trusted execution environments.SPCEX employs a mixing protocol to break the linkage between traders(i.e.,buyers and sellers)and an exchanger(i.e.,exchange service provider),thus concealing the participation of traders in cross-chain exchanges and preserving their identity privacy.We design a privacy-preserving order-matching scheme based on an improved homomorphic re-encryption algorithm,thus resisting front-running attacks.In addition,we construct atomic transactions with smart contracts to protect the assets of honest traders.Meanwhile,collateral deposits and a punishment mechanism are applied to penalize abnormal behaviors and deter collusive parties,which discourages Sybil attacks and collusion attacks.