Journal of Parallel and Distributed Computing 152 (2021) 167–176

Contents lists available at ScienceDirect

J. Parallel Distrib. Comput.

journal homepage: www.elsevier.com/locate/jpdc

A trustworthy industrial data management scheme based on

redactable blockchain
∗
Cheng Zhang a,c , Zhifei Ni b , Yang Xu c , , Entao Luo d , Linweiya Chen e , Yaoxue Zhang c
a
School of Computer Science and Engineering , Central South University, Changsha 410083, China
b
School of Computer and Information Engineering, Hunan University of Technology and Business, Changsha 410205, China
c
College of Computer Science and Electronic Engineering, Hunan University, Changsha 410082, China
d
College of Electronics and Information Engineering, Hunan University of Science and Engineering, Yongzhou 425199, China
e
Technology and Product Management Department, Agricultural Bank of China, Changsha 410000, China

article info a b s t r a c t

Article history: Industrial data plays a key role in the industrial internet, and its secure collection problem has
Received 31 August 2020 been highly valued by researchers. As Industrial Internet of Things (IIoT) devices are geographically
Received in revised form 6 January 2021 dispersed and difficult to link, blockchain technology is usually introduced to solve the security
Accepted 26 February 2021
management problem of industrial data. Unfortunately, the IIoT device is not stable, and it may leave
Available online 16 March 2021
incorrect messages in the blockchain, which will be permanently stored with potentially catastrophic
Keywords: consequences. As an effective solution, the redactable blockchain technology can allow people to
Industrial data management modify the data on the blockchain. However, the existing redactable blockchain cannot guarantee
Redactable blockchain industrial data security in the industrial internet due to requirements of trusted third parties, large
Trapdoor management overheads or lack of accountability mechanism. In this paper, we propose a trustworthy industrial data
Accountability
management scheme based on redactable blockchain in the industrial internet. To avoid additional
Security
burdens on industrial blockchain systems, a double-blockchain architecture is established to separate
trapdoor management transactions. Distributed chameleon hash parameter generation and trapdoor
recovery methods can avoid the security problems faced by the centralized organization. The fault-
tolerant trapdoor recovery mechanism based on verifiable secret sharing technology as an alternative
enhances the security of the system. The blockchain will record various information in the trapdoor
management process and use it as evidence for accountability when disputes arise. The theoretical
analysis and experiments show that the approach can effectively deal with malicious behaviors and
has acceptable overhead.
© 2021 Elsevier Inc. All rights reserved.

1. Introduction easy for IIoT devices to be connected [15]. Meanwhile, the secu-
rity problem of the large amount of data generated by the device
Over the past few years, the Internet of Things (IoT) has over- has also caused people’s concerns.
whelmingly changed the manners people connect with things The security of the industrial data involves the entire link of
in the surroundings [33]. Nevertheless, it can also be applied to the manufacturing process of collecting, transmitting, storing and
industrial areas, including machines, control systems, information analyzing data. In the industrial internet, once the data security
systems and so on, which is the so-called Industrial IoT (IIoT) issues happen, machines and equipment may be attacked, and the
[8,21]. IIoT aims to bring a revolution to the traditional manu- production process will be stopped [20,22]. For example, in 2015,
facturing and take us into an intelligent era where machines are a malicious attack on the Ukrainian power system caused a large-
highly connected. In order to achieve this goal, industrial data scale blackout [32]. In 2017, the Wanna Cry virus attacked many
should be gathered and then used to enhance the production industrial companies around the world [26]. Therefore, how to
performance and management efficiency. However, due to the ensure industrial data security and credibility in a complex and
geographical distribution and inconsistency of standard, it is not changeable industrial environment will be a huge challenge.
Fortunately, the emergence of blockchain and smart contract
∗ Corresponding author. technology makes it possible to solve the above problems [34,35].
Based on distributed data storage and chain structure, blockchain
E-mail addresses: zhangcheng_sy@csu.edu.cn (C. Zhang),
15755322673@163.com (Z. Ni), xuyangcs@hnu.edu.cn (Y. Xu),
technology has the characteristics of decentralization, tamper-
cs_entaoluo@csu.edu.cn (E. Luo), chenlwy@csu.edu.cn (L. Chen), zyx@csu.edu.cn resistance, and reliability, are introduced to solve the above
(Y. Zhang). problems in recent researches [37,39]. Compared to traditional

https://doi.org/10.1016/j.jpdc.2021.02.026
0743-7315/© 2021 Elsevier Inc. All rights reserved.
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

schemes, blockchain helps manage distributed devices and gather • We design a dual-blockchain architecture to separate data
data in a low-cost way [14,29]. However, owing to the expo- management from other transactions in blockchain-based
nential growth of the equipment performance, some security industrial systems. The proposed industrial data manage-
problems begin to show in the blockchain. Powerful attacks, such ment process will be executed on the supervising blockchain
as the 51% attack, will lead to the wrong data being recorded on without the need for industrial devices to participate in the
the blockchain and then result in catastrophic consequences [3]. whole process.
Attacks on a single IIoT device may also cause it to leave the • We propose a blockchain-based trapdoor recovery account-
incorrect information on the blockchain. Under this circumstance, ability mechanism. The blockchain is used to record various
Ateniese et al. [4] proposed the redactable blockchain, which data during the setup process of the redactable blockchain,
is capable of editing the previously produced blocks. By adopt- which helps us use the smart contract to verify the correct-
ing the chameleon hash function, a redactable blockchain can ness of the trapdoor fragment published by the trapdoor
easily delete the malicious or wrong contents, which ensures holder, thereby making it reliable to achieve accountability.
the security of industrial data and the normal operating of the • Theoretical analysis and experiments show that the ap-
machines. proach can effectively manage data in blockchain-based in-
By now, many redactable blockchain technologies have al- dustrial systems, and deal with various malicious behaviors.
ready been proposed [13]. Most of them are based on the The cost of the scheme is acceptable.
chameleon hash function, and can be divided into centralized ap- The rest of this article is organized as follows. Section 2 in-
proaches and distributed approaches according to their trapdoor troduces some related work. Section 3 gives the background
management methods. The centralized redactable blockchain ap- knowledge required for the project. We define the system model
proaches use a trusted central organization to hold trapdoors and and threat model of the approach in Section 4 and Section 5.
modify block content [17,28]. Although this type of scheme has Section 6 introduces the scheme in detail. Section 7 and Section 8
great advantages in terms of performance and effectiveness, there respectively analyze the security and evaluate the performance of
may not be a trusted third party in the decentralized industrial the scheme. The last section summarizes our approach.
internet, and it is susceptible to some security problems such
as single-point failures and performance bottlenecks. Therefore, 2. Related work
these approaches are difficult to protect industrial data security
in industrial internet. Meanwhile, distributed schemes that do not Some recent literature points out that the current central-
rely on a central organization usually divide a trapdoor into mul- ized industrial data management applications have flaws in se-
tiple parts and is held by multiple privileged nodes, thus avoiding curity and efficiency [1]. Driven by this problem, in industrial
attacks caused by the trusted third party [14,19]. However, during fields, such as manufacturing, energy and supply chain, many
the trapdoor recovery process, if the attacked trapdoor holder blockchain-based industrial data management approaches have
maliciously provides the incorrect trapdoor fragments or fails to been proposed. Liu et al. [24] proposed the concept of indus-
respond in time, these schemes will consume a lot of computing trial blockchain, using blockchain as middleware to decentrally
resources to restore the complete trapdoor, and it is difficult to manage the life cycle of industrial products. [31] used blockchain
trace and arbitrate the malicious trapdoor holder. technology to promote machine to machine (M2M) interaction
Motivated by the above challenges faced by blockchain sys- in the context of the chemical industry. [7] gave the concept of
tems in the industrial internet, this paper proposes a trustwor- a traceable supply chain based on the blockchain. Benefit from
thy industrial data management scheme based on redact-able the decentralization, traceability, and anti-tampering functions
blockchain. The scheme introduces the blockchain to realize the of the blockchain, there are already many approaches that use
distributed chameleon hash parameter generation and trapdoor the blockchain to ensure the security of industrial data in the
recovery process. With the help of the block-chain, trapdoor process of collection, storage and sharing. However, these studies
holders can gradually generate the public key of the chameleon did not consider the impact of malicious information on industrial
hash using their trapdoor fragments. The blockchain will record blockchain systems. It is also necessary to manage the data on the
this process and serve as evidence of accountability. When a block blockchain in time.
needs to be edited, the trapdoor holder will gradually disclose its Undoubtedly, redactable blockchain technology is extremely
trapdoor on the blockchain, and the smart contract will verify important for blockchain management. At present, there has
the correctness of the trapdoor fragment. In order to prevent been a lot of researches aimed at realizing the modification of
malicious trapdoor holders from hindering trapdoor recovery, we blockchain in different scenarios. Nakamoto discussed the issue of
also design a fault-tolerant trapdoor recovery mechanism based redactable blockchain when he proposed the Bitcoin blockchain
on verifiable secret sharing technology as an alternative method. in 2008 [27]. Subsequently, the first redactable blockchain
By adding backups of trapdoor fragments, our approach can re- scheme based on the chameleon hash function was proposed
store the complete trapdoor without collecting all the trapdoor in 2016 [4]. The chameleon hash function is a special one-
fragments. In addition, we separate the trapdoor management way trapdoor function. The trapdoor holder can easily find hash
from the daily affairs of the blockchain, and all trapdoor manage- conflicts using the trapdoor. This scheme uses the chameleon
ment transactions will occur on another supervision blockchain, hash function to generate the hash value of the block, and uses a
thereby minimizing the burden of the IIoT devices in the original trapdoor to find out the hash conflict of the original block, So as to
blockchain system. Summarily, the main contributions of our avoid changing the hash value of the block while modifying the
approach are summarized as follows. block content. Most of the existing data management schemes
of blockchain-based systems use a centralized architecture and
• We provide a trustworthy industrial data management modify the data on the blockchain through a trusted entity. Palm
scheme for blockchain-based industrial systems. By intro- et al. [28] designed an editing decision-making mechanism for
ducing the redactable blockchain and improving the public the content of the block, so that the nodes in the blockchain
key generation algorithm of the chameleon hash can continuously detect the content on the blockchain and mark
function, our scheme enables industrial data to be effectively whether it is redundant information or important information,
maintained and avoids the security risks associated with so as to decide whether to edit or not through a consensus
traditional centralized management. mechanism. However, the detection process of this scheme will
168
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

block body in the form of transactions. And the block header

records the hash value of the previous block (except the first
block), the hash value of all transactions in this block, the times-
tamp, etc. Among them, the hash value of the previous block can
be regarded as a pointer to the previous block. In this way, all the
blocks are linked together by the hash value. Changing any data
in a block will make the hash value of the entire block change,
thus affecting subsequent blocks. At the same time, each node in
the blockchain network will store a copy of the blockchain data
locally, and the consensus mechanism will ensure the consistency
of the data stored by each node. These designs ensure that the
blockchain is difficult to tamper with.
Smart contracts, program codes that run on the blockchain,
greatly expand the capabilities of the blockchain. Ethereum was
Fig. 1. The blockchain structure.
the first project to use smart contracts in the blockchain in
2013 [11]. The blockchain nodes in Ethereum deploy the
Ethereum Virtual Machine (EVN) locally. The instruction set of the
bring greater overhead. Alfaidi et al. [2] gave a redactable medical EVM is Turing complete, and the EVM is designed to run the same
blockchain based on the chameleon hash function to realize the code exactly as expected. Once the smart contract is broadcast
sharing of medical data and error information modification. Xu into the blockchain, all nodes will run the program in the EVM
et al. [36] provided an identity management scheme based on
and agree on the outcome of the program through a consensus
the redactable blockchain, which implements a lightweight user
mechanism. Therefore, users are able to build smart contracts
authentication using blockchain and enables users to log out
to implement functionally complex decentralized applications on
their identity information after exiting the network. In terms of
the blockchain.
the industrial internet environment, Huang et al. [15] proposed
an improved chameleon hash algorithm and a public key sig-
3.2. Chameleon hash function
nature algorithm to allow authorized IIoT devices to edit the
blockchain. In addition, there are also some distributed data man-
agement schemes. Li et al. [19] proposed a distributed redactable A chameleon hash function is a hash function with trapdoors.
blockchain solution, which distributes trapdoors to multiple trap- It is collision-resistant for outsiders, but if a trapdoor is known,
door holders and generates editing decisions through voting. But it is easy to find collisions. This means that trapdoor holders can
if a trapdoor holder is attacked, the security and efficiency of the find an x′ ̸ = x that satisfies Hash (x) = Hash (x′ ), while it is almost
scheme will be greatly affected. Deuber et al. [9] proposed a dual- impossible for anyone else without a trapdoor to find a collision.
blockchain architecture in the public blockchain environment. The earliest chameleon hash scheme was proposed by Krawczyk
This solution keeps a blockchain executing normally, while the and Rabin [16]. The basic structure of the chameleon hash is as
other blockchain records the editing information of the previous follows.
blockchain, so as to realize the data management without touch-
(1) Setup. Input the security parameter λ, output two large
ing the existing blockchain. The similar redactable blockchain
prime numbers p and q that satisfy q | (p − 1), and output
approaches were also proposed in [18,25].
a generator g of a q order multiplicative group Zp∗ .
However, most of the above schemes use a trusted central
organization to manage trapdoors and change blocks. Such a (2) KeyGen. According to the system parameters p, q, g and
central organization may not exist in the industrial environment the randomly selected private key x ∈ Zq∗ , output the public
and faces the risk of being attacked. In addition, some schemes key y = g x mod p.
that use distributed trapdoor management methods require more (3) Hash. For the random number r and public key y, the
resources during the trapdoor recovery process, which brings chameleon hash value of message m can be calculated as
a greater burden to industrial devices, and it also need to be Hash(m, r , y) = g m yr mod p.
more secure. Therefore, it is necessary to study a secure and (4) Forge. Input the new message m′ , the random number r,
accountable industrial data management scheme based on the the private key x and the origin message m, we can gener-
redactable blockchain. ate r ′ = (m − m′ + xr)x−1 mod p satisfying Hash(m, r , y) =
Hash(m′ , r ′ , y).
3. Preliminaries
The correctness of the chameleon hash function can be proved
In this section, we introduce some necessary background as follows:
knowledge of our approach. ′ ′
Hash(m′ , r ′ , y) = g m yr mod p
′ ′
3.1. Blockchain and smart contract = g m g xr mod p
′ ′ −1
= g m +x(m−m +xr)x mod p (1)
Blockchain is a technology that enables multiple participants
who do not trust each other to agree on some data. It was first = g m+xr mod p
used in the Bitcoin project as a distributed digital ledger [27]. = g m yr mod p
As a distributed P2P data storage system, blockchain has features
= Hash(m, r , y)
such as decentralization, traceability, anti-tampering, etc., and is
now widely used in the Internet of Things, healthcare and other The collision resistance of the chameleon hash function is
fields [5,12,23,38]. based on the discrete logarithm problem. If the security parame-
A typical blockchain structure is shown in Fig. 1. The ter is large enough and the attacker does not know the trapdoor,
blockchain is composed of multiple blocks, and each block con- there is no known polynomial time algorithm that can obtain the
tains a block header and a block body. Data is recorded in the collision of the hash function [10].
169
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

3.3. Verifiable secret sharing (2) TrapdoorGen. In this algorithm, KGC sets up a complete
trapdoor. KGC also fragments the trapdoor and calculates the
The verifiable secret sharing scheme was first proposed by backup of the trapdoor fragments.
Shamir [30]. This scheme divides the secret into n parts, even if (3) PKGen. This algorithm enables a trapdoor holder to gener-
some of them are damaged, the system can recover the original ate a public key fragment of the chameleon hash.
key by collecting t secret fragments. It consists of the following (4) CHash. According to the random number, public key and
steps. system parameters, the algorithm calculates the chameleon hash
of a message.
(1) Setup. Randomly select two large prime numbers p and q (5) VerRestore. The trapdoor holders call this algorithm in
satisfying q | (p − 1). Let g be the q-order element, n be the turn to restore the complete trapdoor. The algorithm outputs 0
number of secret holders and t be the threshold value. for failure and 1 for success.
(2) SecretGen. The secret distributor secretly chooses coeffi- (6) AltRestore. As an alternative, this algorithm enables trap-
cients aj , j ∈ [0, t − 1] to construct the following equation, door holders to restore a complete trapdoor based on partial
where a0 is the secret to be kept. trapdoor fragments if the previous algorithm fails.
(7) Forge. The algorithm gets as input the old message, the old
f (x) = a0 + a1 x + a2 x2 + · · · + at −1 xt −1 (2)
random number, the chameleon hash value, the trapdoor infor-
For each secret holder, the secret distributor choose xi , i ∈ mation and the new message, outputs a new random number to
[1, n] and calculate f (xi ). The secret fragment (xi , f (xi )) will make the chameleon hash value of the new message unchanged.
be sent to n holders. In the life cycle of the system, Setup only needs to be executed
(3) Reconstruct. If the secret holders decide to restore the once at the beginning. Subsequently, the system checks whether
secret, each holder will publish their secret fragments it the data on the blockchain needs to be modified after a period
keeps to other holders. After collecting at least t correct of time. In a modification cycle, TrapdoorGen and PKGen will
secret fragments, holders can obtain all coefficients of f (x) be executed once, and the two trapdoor restore algorithms will
through the Lagrange interpolation polynomial, and a0 is be executed at most once, CHash and Forge may be executed
the recovered secret. multiple times.

Mathematical challenges based on discrete logarithms and 5. Threat model

Lagrange interpolated polynomials can be used as a guarantee
of computational safety. Finding p and q for sufficiently large In this section, we define the threat model of our approach.
prime numbers can be a guarantee of increased computational Our research mainly focuses on managing data in industrial sys-
difficulty. In terms of Lagrange interpolation polynomial safety, tems based on blockchain, especially the modification of data
Even a t-1 person with unlimited computational power cannot on the blockchain. Therefore, events such as trapdoor holder
crack the polynomial, which is relatively safe for the available selection are out of our scope. We assume that there are some
computational power [6]. pre-selected trapdoor holders, which can be authorized nodes in
the consortium blockchain or nodes with a good reputation. Simi-
4. System model larly, the cross-blockchain technology required in the approach is
also reliable, and some existing mature cross-blockchain schemes
In order to realize secure industrial data management in the can be adopted.
industrial internet based on blockchain, we design a secure and On this basis, we assume that trapdoor holders may be at-
distributed management method for redactable blockchain. There tacked. They may lose trapdoor fragments or send wrong trap-
are four main kinds of entities in the system: system man- door fragments, thereby preventing the management of industrial
ager, key generation center, trapdoor holder and executor. Their data on the blockchain. Meanwhile, we assume that a reasonable
definitions are as follows. number of trapdoor holders are set up in the system, and the
attacker cannot attack most trapdoor holders at the same time.
• System Manager is an entity used to deploy blockchain and In addition, we assume that most nodes in the blockchain are
generate system parameters. After completing the initial- honest, and the consensus mechanism of the blockchain is secure.
ization task, he will be offline and no longer participate in These mean that the blockchain is reliable in the scheme, it can
subsequent blockchain operations. effectively save the data, and the smart contract can also get the
• Key Generation Center (KGC) is a trusted third party used correct operation result. Blockchain technology can protect our
to generate trapdoors. It is only called when a trapdoor system from DDoS attacks. Attacks on blockchain infrastructure
needs to be generated, and will send trapdoor fragments to are no longer within our consideration. We also assume that the
the trapdoor holder as required. blockchain system will not be attacked before the formal opera-
• Trapdoor Holders are some entities with good reputation tion, that is, in the initialization and setup phases, each entity can
and capability. They join the redactable blockchain and the honestly generate parameters according to our approach.
supervision blockchain, and are responsible for storing trap-
door fragments. He can be served by edge devices in indus- 6. Approach
trial environments.
• Executor is a special trapdoor holder who is responsible In this section, we detail the proposed trustworthy industrial
to reconstruct the blockchain after recovering the complete data management scheme and provide basic notations which are
trapdoor. necessary to understand our approach in Table 1 (see Fig. 2).

Our trustworthy industrial data management scheme consists 6.1. Overview

of seven algorithms, their definitions are as follows.
(1) Setup. Based on the security parameter λ, the algorithm This article proposes a trustworthy industrial data manage-
generate some necessary system parameters and initializes the ment scheme to manage data in blockchain-based industrial sys-
redactable blockchain and supervision blockchain. tems. The framework of the proposed scheme is shown in Fig. 3.
170
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

Fig. 2. The overview of the trustworthy industrial data management scheme.

Table 1 holders will publish their backups on the supervision blockchain

Notations. and restore the complete trapdoor. Finally, the executor uses the
Notation Description trapdoor to modify the block information as requested.
p Large prime
q Large prime
g Generator 6.2. Off-chain setup phase
n Number of trapdoor holders
i Serial number of trapdoor holders In this phase, the system manager calls Setup algorithm to
xi Trapdoor fragment
f (xi ) Backup of the trapdoor fragment
generate some necessary system parameters. Then, KGC calls
THi Trapdoor holder TrapdoorGen algorithm to generate a trapdoor of the chameleon
T Complete trapdoor hash function, and sends the trapdoor fragments to the prese-
t Number of trapdoor fragments lected trapdoor holders. The two algorithms are constructed as
aj Coefficient of f (x), a0 = T
follows.
y Public key
yi Public key fragment Setup. Given a security parameter, the system manager gener-
m Original block message ates some system parameters and deploys the redactable
r Original random number blockchain and the supervision blockchain.
m′ New block message
r′ New random number • With the security parameter λ, the algorithm generates
system parameters {p, q, g }, in which p and q are two large
prime numbers satisfying q | (p − 1), and g is an element of
The industrial system is deployed on a redactable blockchain, order q in Zp∗ .
and a supervision blockchain is introduced to credibly supervise • The system manager deploys the supervision and the
the management operations on the redactable blockchain. By redactable blockchain. System parameters p, q and g are
separating data storage from data management, this dual-chain recorded on the smart contracts of these two block-chain.
architecture can effectively reduce system coupling. Then, trapdoor holders and other nodes are added to the
Our scheme is mainly composed of three phases: off-chain supervision blockchain for on-chain setup.
setup, on-chain setup, and industrial data management phase.
After the Setup algorithm is executed, the system manager
In the off-chain setup phase, the system manager deploys the
will be off-line and no longer participate in the subsequent setups
blockchain system and set the system parameters. Meanwhile,
of the scheme.
KGC generates and distributes trapdoor fragments and backups
TrapdoorGen. Given a security parameter, KGC generates trap-
to each trapdoor holder. Then, trapdoor holders use their own
door of the chameleon hash function and distributes the trapdoor
trapdoor fragments to jointly generate the public key of the
chameleon hash through the supervision blockchain. After setting fragments to n trapdoor holders.
up, industrial devices began to use the redactable blockchain to • For n preselected trapdoor holders {TH1 , TH2 , . . . , THn }, KGC
realize various functions. The system regularly checks the correct- secretly chooses n random numbers {x1 , x2 , . . . , xn } as trap-
ness of the data on the blockchain, and the scheme enters the door fragments, in which xi ∈ Zq∗ and i ∈ [1, n]. Then
data management phase when the system detects incorrect data. it computes T =
∏n
i=1 xi as the complete trapdoor of the
Nodes on the supervision blockchain will first make joint editing chameleon hash function.
decisions. Subsequently, trapdoor holders successively publish • According to the security parameter λ, KGC secretly gener-
the trapdoor fragments on the blockchain and the smart contract ates a polynomial of degree t − 1 as follows:
will verify their correctness. If the trapdoor holder is attacked and
the trapdoor fails to be restored correctly, the remaining trapdoor f (x) = a0 + a1 x + · · · + at −1 xt −1 (3)
171
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

Fig. 3. The performance of our scheme in the off-chain and on-chain parts.

in which aj (j ∈ [0, t-1]) is the coefficient of the polynomial, • Similar to the previous steps, subsequent trapdoor holders
and a0 = T . calculate new public key fragments and publish them on
• For each trapdoor fragment xi , KGC calculates f (xi ) and sends the supervision blockchain until all trapdoor holders have
(xi , f (xi )) to the THi through an off-chain secure channel, in completed the calculation. Specifically, a trapdoor holder
which f (xi ) is the backup of xi . THi calculates yi as follows.
x x
In this algorithm, trapdoor fragments are distributed in a yi = yi−i 1 mod p → y = ynn−1 mod p (6)
manner similar to verifiable secret sharing, and t honest trap- ∏n
door holders can reconstruct the complete trapdoor through their Finally, the complete public key y = yn = g i=1 xi mod p.
f (xi ). Finally, KGC goes off-line until a new trapdoor needs to be {y, g , p} will be sent to the redactable blockchain as public param-
generated. eters through a secure cross-blockchain channel. The chameleon
hash function will replace the traditional hash function in the
6.3. On-chain setup phase redactable blockchain. In other words, in the redactable
blockchain, the hash value stored in the block header is the
To achieve verifiability in the subsequent trapdoor restore chameleon hash value.
process, it is also necessary for the trapdoor holders to jointly
generate the public key of the chameleon hash function through 6.4. Data management phase
the blockchain. The public key generation algorithm PKGen can
be defined as follows.
After all settings are completed, industrial users can use the
PKGen. Based on the trapdoor fragments saved by each trap-
redactable blockchain to store industrial data. The operations in
door holder, the algorithm generates the public key of the
this phase mainly include recording data and modifying data on
chameleon hash function.
the redactable blockchain.
• The first trapdoor holder TH1 calculates the following equa-
tion: 6.4.1. Storing data
x1
Similar to other blockchain systems, when users use the
y1 = g mod p (4) blockchain to store industrial data, these data will be stored in
in which y1 is the first public key fragment and x1 is TH1 ’s blocks. But the difference is that our scheme uses the chameleon
trapdoor fragment. Then TH1 publishes y1 on the supervi- hash function instead of the traditional hash function. blockchain
sion blockchain. nodes can use the CHash algorithm to calculate the hash value
• After receiving y1 from supervision blockchain, TH2 calcu- of the block to generate and verify a new block. The CHash
lates second public key fragment y2 based on the x2 it has algorithm is defined as follows.
saved as follows. CHash. Given a message m, the public key y and system pa-
x
y2 = y12 mod p rameters g and p, the blockchain node chooses a random number
r ∈ Zq∗ and calculates the chameleon hash of the message as:
= (g x1 mod p)x2 mod p (5)
= g x1 x2 mod p CHash(m, r , y, p, g) = g m yr mod p (7)
Then TH2 also publishes the calculation result on the super- In order to save data on the blockchain, blockchain nodes
vision blockchain. will broadcast their data in the form of transactions. Then the
172
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

miners select some transactions from the transaction pool, pack • First, if there are some honest trapdoor holders who have
them into a block and broadcast. The chameleon hash value and published their trapdoor fragments and backups, the re-
the random number of these transactions will be stored in the maining trapdoor holders who have not yet published will
block header. After receiving a new block, the blockchain node publish their saved trapdoor backups on the blockchain in
will use the chameleon hash function to verify the correctness of turn.
the block. Finally, after the consensus of most nodes, the data is • Each trapdoor holder chooses t backups of the trapdoor frag-
stored on the blockchain. ments. These backups can be regarded as the t secrets in the
verifiable secret sharing protocol, and the trapdoor holder
6.4.2. Editing data can use the following equation to calculate the possible
In our scheme, the data on the redactable blockchain will also trapdoor.
be checked regularly. After detecting the wrong data, trapdoor ∑t ( ) ∏t (x−xl )
f (x) = j=1 f xj l =1 xj −xl
mod p (10)
holders can use the VerRestore or AltRestore algorithms to re- l̸ =j

store the trapdoor, and let the executor use the Forge algorithm The trapdoor calculated by each trapdoor holder will be
to modify the data. The execution process of these algorithms is published on the blockchain.
explained as follows. • The smart contract counts the possible trapdoors published
VerRestore. Based on the trapdoor fragments saved by each by each trapdoor holder, and the final consensus result of
trapdoor holder, the algorithm generates the complete trapdoor the majority is the correct trapdoor.
of the chameleon hash function.
After recovering the complete trapdoor, the executor will trig-
• The first trapdoor holder TH1 publishes its x1 and f (x1 ) on ger the Forge algorithm to modify the error message.
the supervision blockchain. Considering that the trapdoor Forge. Given a trapdoor T , a block information to be modified,
holder may have disclosed wrong information, we label the the algorithm generates a new block to replace the original block.
trapdoor fragments it discloses as x′1 and f ′ (x1 ).
• After receiving x′1 and f ′ (x1 ) from blockchain, other trapdoor • For an error block message m, the executor needs to modify
holders compute the following equation: it to m′ as required and keep the hash value of the block
′
unchanged. For this, he needs to find a specific random
y′1 = g x1 mod p (8) number r ′ that satisfy CHash(m, r , y) = CHash(m′ , r ′ , y). r ′
′ can be obtained as follows.
Then they verify whether y1 ≡ y1 is established to deter-
mine the correctness of x′1 , in which y1 has been stored r ′ = (m − m′ + Tr) · T −1 mod q (11)
in the blockchain in the on-chain setup phase. If the ver-
• The executor will broadcast m′ and r ′ on the redactable
ification is passed, the scheme will continue. Otherwise,
blockchain to other trapdoor holders. These trapdoor hold-
the node who finds the error will report it to the smart
ers will verify whether m′ meets the request and whether
contract, and the smart contract will check the error in the
the new hash value is consistent. If the verification is passed,
subsequent steps.
the above content will be further broadcast to other nodes in
• After TH1 discloses x1 , subsequent trapdoor holders will dis-
the redactable blockchain. The node will change the locally
close their key fragments in turn. Specifically, if the previous
saved m to m′ and finish the blockchain editing work.
trapdoor holder THi−1 publishes the correct∏i trapdoor, then
the next trapdoor holder THi calculates j=1 xj , where xi is 7. Security analysis
∏i−1
the trapdoor fragment it saved, and j=1 xj is the calculation
∏i
result of the previous trapdoor holder. THi publishes j=1 xj Based on the discrete logarithm (DL) problem, we first prove
and xi on the supervision ∏blockchain. that nodes in the blockchain cannot obtain the trapdoor frag-
• Similarly, after receiving ij=1 x′j and f ′ (xi ) from THi , other ments of others, and then prove that no node can obtain the
nodes will check the correctness of the published informa- complete trapdoor fragment, thus ensuring the security of our
tion by the following equation: scheme. Finally, we also analyze that our scheme can handle all
∏i ′
kinds of malicious behaviors correctly.
j=1 xj
y′i = g mod p (9)
Assumption 1 (Discrete Logarithm Problem). Given g a ∈ G where
And the nodes will trigger the smart contract for verification G is a cyclic multiplicative group of prime order q, a ∈ Zq∗ and
when y′i ̸ = yi . g is a generator of G, there is no probabilistic polynomial time
• After receiving a report that the trapdoor fragment issued by algorithm that can compute a with non-negligible probability.
THi is wrong, other trapdoor holders will calculate Eq. (9)
and determine whether y′i is equal to yi . Each trapdoor According to Assumption 1, we deduce the following theo-
holder’s verification result will also be published on the rems:
blockchain, and the smart contract will recognize the result
of the majority as the final result. If it is correct, the super- Theorem 1. If Assumption 1 holds, for an adversary who knows p, g
vising blockchain will record the reported node as a false and {y1 , y2 , . . . , yn }, there is no polynomial time algorithm (PPT) for
accusation. Otherwise, the smart contract will mark the THi finding a trapdoor fragment xi .
as malicious and terminate the algorithm.
Proof of Theorem 1
If the scheme executed without a problem, the algorithm According to the method of generating public key fragments,
outputs a complete trapdoor T . Otherwise, the remaining honest all public key fragments are generators of Zp . Therefore, solving
trapdoor holders will execute the alternative AltRestore algo- xi based on yi−1 , yi and p is a DL problem, and the adversary
rithm to restore the trapdoor. cannot obtain trapdoor fragments based on the above information
AltRestore. According to t backups of trapdoor fragments, alone. Then we consider the impact of the remaining elements
the algorithm generates the complete trapdoor of the chameleon on solving the above DL problem. The public key fragment before
hash function. yi has nothing to do with xi , so it cannot help solve the above
173
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

DL problem. Meanwhile, the public key fragments after i are all supervise its behavior, and the trapdoor holders in the redactable
exponential operations based on yi , which is also not helpful blockchain will verify their modifications. In the Data manage-
for solving the above DL problem. Therefore, there is no PPT ment phase, if the executor fails to modify the block information
adversary can find xi in a limited time. □ according to the request, the rest of the trapdoor holders in the
On this basis, we demonstrate that the introduction of block redactable blockchain will reject this modification and replace the
chain does not expose the trapdoor. We have proved in executor, thus preventing the centralized executor from making
Theorem 1 that the adversary cannot obtain the trapdoor frag- mistakes.
ment xi , so he cannot calculate the complete trapdoor by obtain-
ing trapdoor fragments. As for the scenario where the adversary 8. Evaluation
directly obtains the trapdoor, that is, the adversary tries to obtain
the complete trapdoor through the yn−1 , yn , p published on the In this section, we provide the configuration of the experi-
blockchain, this is also a DL problem. Therefore, no adversary ment environment, then test and analyze the performance of our
can obtain a complete trapdoor through the information on the scheme in terms of on-chain and off-chain overhead.
blockchain.
8.1. Experiment environment
Theorem 2. Our approach can detect the false trapdoor fragment
published by the malicious trapdoor holder. To evaluate the performance and effectiveness of our ap-
proach, we simulated the proposed trapdoor management mech-
Proof of Theorem 2 anism on the computer. The configuration of the device is a
According to our approach, the trapdoor holder ui will pub- 2.2 GHz 4 core CPU and 16 GB RAM. We used Matlab to sim-
lish the trapdoor fragment xi on the blockchain, and the smart ulate the off-chain calculation process, and built a consortium
contract will verify the correctness of xi by calculating yi = blockchain as the supervision blockchain based on the PoA con-
x
yi−i 1 mod p where yi−1 and yi are saved on the blockchain in sensus mechanism using the Ethereum Geth client. The security
the previous step. Therefore, the malicious trapdoor holder can parameter of the scheme is set to 512 bits. The number of trap-
only cheat in this process by forging a fake x′i that satisfy yi = door holders is set by referring to the number of authority nodes
x′
yi−i 1 mod p. When we set a large enough p, this constitutes a in the consortium blockchain. We simulated the execution pro-
discrete logarithm problem. According to Assumption 1, there cess of the scheme in different scenarios, and tested the time
is no algorithm that can find x′ that meets the conditions in a consumption of off-chain operations and the gas consumption of
limited time, so the smart contract can find the false trapdoor on-chain operations.
fragment. □
On this basis, we further analyze how our approach deals 8.2. Off-chain part cost
with various malicious behaviors. According to the threat model,
a trapdoor holder may perform malicious actions due to be- We first tested the total time cost of generating public keys
ing attacked or for his own benefit. These malicious behaviors under different conditions, and the results are shown in Fig. 3(a).
include: We can see that as the number of trapdoor holders increases, the
time it takes for the distributed public key generation process
(1) A malicious THi provides wrong (xi , f (xi )) in the step 2 of to gradually increase, but the average computational overhead
the editing phase.
required by each trapdoor holder is stable and acceptable.
(2) A malicious THi does not provide (xi , f (xi )) in time in the In order to estimate the performance of our trapdoor
step 2 of the editing phase. recovery mechanism, we then tested the overhead of perform-
(3) A malicious THi makes wrong voting in the step 3 of the ing VerRestore and AltRestore algorithms in the data manage-
editing phase. ment phase. As shown in Fig. 3(b), the more trapdoor fragments
Since the entities in the system do not perform meaningless needed, the more complicated the calculation polynomial needed
abnormal behaviors, we do not consider the situation where the to recover the trapdoor, and the more time overhead. According
holder announces the correct trapdoor fragments and the wrong to our security assumptions, since most trapdoor holders are
backup at the same time. honest, the number of trapdoor fragments required to restore the
We believe that the blockchain technology is credible, so our trapdoor should not exceed half of the total number of trapdoor
solution can use smart contracts to correctly verify the trap- holders. Therefore, for a trapdoor holder, the cost of performing a
door fragments uploaded by each trapdoor holder and detect verifiable trapdoor restore process in the supervision blockchain
the malicious behavior of them in time. In addition, we also is greater than the cost of performing a fault-tolerant trapdoor
set up a fault-tolerant trapdoor recovery method to deal with restore process. However, verifiable trapdoor restore is still nec-
the unexpected scenario caused by the case (1). Therefore, the essary, because if the wrong trapdoor holder cannot be found, the
behavior in the case (1) will be discovered in time and cannot hin- malicious behavior of the trapdoor holder will have no cost.
der the recovery of the trapdoor. Similarly, we require trapdoor We also tested the computational cost of a honest trapdoor
holders to complete the specified operation in the step 2 of the holder in order to recover the complete trapdoor in the pres-
editing phase within a certain period of time. When the case (2) ence of k malicious trapdoor holders. As shown in Fig. 3(c),
occurs, the approach will mark the trapdoor holder as a malicious when the number of malicious trapdoor holders is fixed, the
entity and execute the fault-tolerant trapdoor recovery method to greater the number of trapdoor holders, the greater the com-
prevent accidental losses. Finally, when the case (3) occurs, since putational time cost, but the higher the security of the sys-
we assume that most trapdoor holders in the system are honest, tem. At the same time, when the number of trapdoor holders
the wrong vote of a few malicious trapdoor holders will not affect is fixed, the larger the number of malicious trapdoor holders,
the final voting result, and the scheme will eventually restore the the smaller the additional calculation overhead. This is because
correct trapdoor and execute the correct editing. when the number of malicious trapdoor holders is large, the
In our scheme, the executor, as the central entity responsible verifiable trapdoor recovery mechanism can detect errors earlier
for executing editing operations, is a vulnerable point in the and perform the fault-tolerant trapdoor recovery process in time,
system. To this end, we set up a distributed consensus method to which avoids subsequent meaningless calculations. In short, the
174
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

off-chain computing overhead of the scheme is reasonable and achieve reliable accountability. In addition, a fault-tolerant trap-
acceptable. door recovery mechanism based on verifiable secret sharing tech-
Finally, we tested the total time cost of executing a fault- nology will be used as a guarantee measure to restore a complete
tolerant trapdoor recovery method in a scenario where there are trapdoor when all trapdoor fragments cannot be collected. The
different numbers of malicious trapdoor holders when n = 11 Security analysis and experiments have proved the effectiveness
and t = 6. As shown in Fig. 3(d), when we only set a malicious of our scheme.
trapdoor holder, the holder will be found and excluded in step 2 In the future, we will further combine the reputation mech-
of the editing phase. At this time, there are 10 honest trapdoor anism and consensus mechanism to study the trapdoor holder
holders left in the scheme, so the scheme only needs to perform management mechanism of the redactable blockchain, so as to
a calculation to recover the complete trapdoor, and its time cost build a complete redactable blockchain model together with
is about 45 ms. While when the number of malicious trapdoor the proposed approach. In addition, we also plan to deploy our
holders increases, the verifiable trapdoor recovery process can- scheme on the HyperLedger Fabric blockchain platform to make
not exclude all malicious trapdoor holders. Therefore, honest it more feasible.
trapdoor holders may need to perform fault-tolerant trapdoor
recovery processes multiple times to get the correct trapdoor, the CRediT authorship contribution statement
corresponding time overhead suddenly increases.
Cheng Zhang: Visualization, Writing - original draft, Supervi-
8.3. On-chain part cost sion, Software. Zhifei Ni: Data curation, Writing - original draft.
Yang Xu: Project administration, Writing - review & editing,
According to our approach, the operations on the redact- Funding acquisition. Entao Luo: Investigation, Writing - origi-
able blockchain are mainly for nodes to receive broadcasts and nal draft. Linweiya Chen: Investigation, Writing - original draft,
modify local block information. The operations involved in the Software. Yaoxue Zhang: Conceptualization, Writing - review &
supervision blockchain include saving public key fragments, mak- editing.
ing modified decisions, restoring trapdoors, etc. Therefore, the
Declaration of competing interest
main operating overhead of our approach is on the supervi-
sion blockchain, and the operating overhead in the redactable
The authors declare that they have no known competing finan-
blockchain is small and can be omitted. In order to reasonably test
cial interests or personal relationships that could have appeared
the cost of operations on the blockchain, we implemented our
to influence the work reported in this paper.
supervision blockchain using Ethereum, and tested the amount
of gas consumed to execute different operations in the approach.
Acknowledgments
In Ethereum, performing calculation tasks or storing data on
the blockchain requires a certain amount of gas. For example,
This work was supported in part by the Fundamental Research
storing a non-zero number on a blockchain costs 20,000 units
Funds for the Central Universities, China (No. 531118010454),
of gas. Specific gas consumption rules can refer to [11]. The gas the National Natural Science Foundation of China (NSFC) (No.
consumption can comprehensively reflect the computational and 62002113, No. 61632009) and the Science and Technology Key
storage burdens to nodes by the introduction of blockchain. Projects of Hunan Province, China (No. 2018TP3001).
The gas consumption of the main on-chain operations in the
scheme is shown in Fig. 3(e). Most on-chain operations only need References
to save data on the blockchain and perform simple calculations,
and the amount of gas consumed is low. According to the current [1] J. Al-Jaroodi, N. Mohamed, Blockchain in industries: A survey, IEEE Access
price of Ether and gas, the operation (e) that requires the most 7 (2019) 36500–36515.
gas will consume about 0.006 ETH (≈4.398 USD), and other [2] A. Alfaidi, E. Chow, Redactable blockchain in mobile healthcare system,
in: International Conference on Health Informatics and Medical Systems,
operations require less overhead. Under the condition that the 2019, pp. 90–93.
price of Ether is very high, these are relatively cheap operations. [3] M. Ali, J. Nelson, R. Shea, M.J. Freedman, Blockstack: A global naming and
In conclusion, our approach has good performance in the off- storage system secured by blockchains, in: 2016 USENIX Annual Technical
chain aspect, and does not bring too much computing and stor- Conference, 2016, pp. 181–194.
[4] G. Ateniese, B. Magri, D. Venturi, E. Andrade, Redactable blockchain –
age overhead to the blockchain system, and can achieve secure or – rewriting history in bitcoin and friends, in: 2017 IEEE European
redactable blockchain trapdoor management in the industrial Symposium on Security and Privacy, 2017, pp. 111–126.
internet. [5] A. Azaria, A. Ekblaw, T. Vieira, A. Lippman, Medrec: Using blockchain for
medical data access and permission management, in: 2016 International
Conference on Open and Big Data, OBD, IEEE, 2016, pp. 25–30.
9. Conclusion
[6] J.-P. Berrut, L.N. Trefethen, Barycentric lagrange interpolation, SIAM Rev.
46 (3) (2004) 501–517.
In this article, we provide trustworthy industrial data man- [7] T. Bocek, B.B. Rodrigues, T. Strasser, B. Stiller, Blockchains everywhere -
agement scheme based on redactable blockchain in the IIoT en- a use-case of blockchains in the pharma supply-chain, in: 2017 IFIP/IEEE
Symposium on Integrated Network and Service Management, IM, 2017,
vironment. The proposed approach is based on the block-chain
pp. 772–777.
technology, which avoids dependence on trusted third parties. [8] H. Boyes, B. Hallaq, J. Cunningham, T. Watson, The industrial internet of
We design a dual-blockchain architecture to reduce the burden things (IIoT): An analysis framework, Comput. Ind. 101 (2018) 1–12.
of trapdoor management operations on IIoT devices. We use the [9] D. Deuber, B. Magri, S. Aravinda Krishnan Thyagarajan, Redactable
supervisory blockchain as an evidence recorder to keep records blockchain in the permissionless setting, in: IEEE Symposium on Security
and Privacy, S&P, 2019, pp. 124–138.
of operations performed by various entities during the trapdoor [10] W. Diffie, M. Hellman, New directions in cryptography, IEEE Trans. Inform.
management process. Trapdoor holders will use an improved Theory 22 (6) (1976) 644–654.
public key generation algorithm to compute the public key of [11] Ethereum, Ethereum yellow paper, 2020, URL https://ethereum.github.io/
the chameleon hash on the supervision blockchain, and jointly yellowpaper/paper.pdf.
[12] B. Huang, R. Zhang, Z. Lu, Y. Zhang, J. Wu, L. Zhan, P.C. Hung, BPS:
restore the complete trapdoor in the editing phase. The smart A reliable and efficient pub/sub communication model with blockchain-
contract will verify that the trapdoor fragment published by the enhanced paradigm in multi-tenant edge cloud, J. Parallel Distrib. Comput.
trapdoor holder based on the previously saved evidence, thereby 143 (2020) 167–178.

175
C. Zhang, Z. Ni, Y. Xu et al. Journal of Parallel and Distributed Computing 152 (2021) 167–176

[13] K. Huang, X. Zhang, Y. Mu, F. Rezaeibagha, X. Du, Scalable and redactable Cheng Zhang received his B.Sc. degree from Shenyang
blockchain with update and anonymity, Inform. Sci. 546 (2020) 25–41. University of Technology. He is currently a master stu-
[14] K. Huang, X. Zhang, Y. Mu, F. Rezaeibagha, X. Du, N. Guizani, Achieving dent at the School of Computer Science & Engineering,
intelligent trust-layer for internet-of-things via self-redactable blockchain, Central South University, China. His research interests
IEEE Trans. Ind. Inf. 16 (4) (2020) 2677–2686. mainly focus on the network security and blockchain.

[15] K. Huang, X. Zhang, Y. Mu, X. Wang, G. Yang, X. Du, F. Rezaeibagha, Q.

Xia, M. Guizani, Building redactable consortium blockchain for industrial
internet-of-things, IEEE Trans. Ind. Inf. 15 (6) (2019) 3670–3679.
[16] H. Krawczyk, T. Rabin, Chameleon hashing and signatures, 1998, pp. 1–22.
[17] M. Kuperberg, Towards Enabling Deletion in Append-Only Blockchains to
Support Data Growth Management and GDPR Compliance, in: 2020 IEEE
International Conference on Blockchain, 2020, pp. 393–400. Zhifei Ni was born in Hefei, Anhui, China in 1995.
[18] N. Lee, J. Yang, M.M.H. Onik, C. Kim, Modifiable public blockchains using He received his B.S degree in Software engineering
truncated hashing and sidechains, IEEE Access 7 (2019) 173571–173582. from Anhui Institute of Information Technology, Wuhu,
Anhui in 2019. He is currently a graduate student
[19] P. Li, H. Xu, T. Ma, Y. Mu, Research on fault-correcting blockchain
of the School of Hunan University of Technology and
technology, J. Cryptol. Res. 5 (5) (2018) 501–509.
Business. He is currently studying for a master’s degree
[20] W. Liang, W. Huang, J. Long, K. Zhang, K. Li, D. Zhang, Deep reinforce- in computer technology. His research interests mainly
ment learning for resource protection and real-time detection in IoT focus on Blockchain technology.
environment, IEEE Internet Things J. 7 (7) (2020) 6392–6401.
[21] W. Liang, J. Long, K.-C. Li, J. Xu, N. Ma, X. Lei, A fast defogging image recog-
nition algorithm based on bilateral hybrid filtering, ACM Trans. Multimed.
Comput. Commun. Appl. (2020) http://dx.doi.org/10.1145/3391297.
[22] W. Liang, S. Xie, J. Long, K.-C. Li, D. Zhang, K. Li, A double PUF-based Yang Xu received the Ph.D. degree in computer science
RFID identity authentication protocol in service-centric internet of things and technology from Central South University, China, in
environments, Inform. Sci. 503 (2019) 129–147. 2019. From 2015 to 2017, he was a visiting Ph.D. stu-
[23] W. Liang, D. Zhang, X. Lei, M. Tang, K.-C. Li, A. Zomaya, Circuit copyright dent at Texas A&M University, USA. He is currently an
blockchain: Blockchain-based homomorphic encryption for IP circuit pro- Assistant Professor at the College of Computer Science
tection, IEEE Trans. Emerg. Top. Comput. (2020) 1–11, http://dx.doi.org/10. and Electronic Engineering, Hunan University, China.
1109/TETC.2020.2993032. He is working in the areas of network computing,
blockchain, and operating system. He has published
[24] X. Liu, W. Wang, H. Guo, A.V. Barenji, Z. Li, G.Q. Huang, Industrial
over 30 articles in international journals and confer-
blockchain based framework for product lifecycle management in industry
ences, including IEEE TSC, TII, TCBB, etc. He was the
4.0, Robot. Comput.-Integr. Manuf. 63 (2020) 101897.
awardee of the Best Paper Award of IEEE International
[25] A. Marsalek, T. Zefferer, A correctable public blockchain, in: 18th IEEE Conference on Internet of People (IoP 2018). He is a member of IEEE, and a
International Conference on Trust, Security and Privacy in Computing and member of CCF Technical Committee on Blockchain. He serves as the Program
Communications/13th IEEE International Conference on Big Data Science Committee Chair for IWCSS 2020, the Publicity Chair for CPSCom 2020, and as
and Engineering, TrustCom/BigDataSE, 2019, pp. 554–561. a reviewer of over 10 international journals.
[26] S. Mohurle, M. Patil, A brief study of wannacry threat: Ransomware attack
2017, Int. J. Adv. Res. Comput. Sci. 8 (5) (2017) 1938–1940.
Entao Luo is a Ph.D. of Department of Computer
[27] S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system, 2008, URL Science and Technology from School of Information
https://git.dhimmel.com/bitcoin-whitepaper/. Science and Engineering, Central South University. Now
[28] E. Palm, O. Schelén, U. Bodin, Selective blockchain transaction pruning and he is a Professor in School of Electronics and Infor-
state derivability, in: Crypto Valley Conference on Blockchain Technology, mation Engineering, Hunan University of Science and
CVCBT, 2018, pp. 31–40. Engineering, Yongzhou, China. His research interests
[29] J. Sengupta, S. Ruj, S.D. Bit, A comprehensive survey on attacks, security include security and privacy issues in cloud computing,
issues and blockchain solutions for IoT and IIot, J. Netw. Comput. Appl. big data, and deep learning. He has published more
149 (2020) 102481. than 20 research articles in refereed international con-
[30] A. Shamir, How to share a secret, Commun. ACM 22 (11) (1979) 612–613. ferences and journals as well as a number of technical
reports (FGCS, IEEE Communication Magazine, IEEE
[31] J.J. Sikorski, J. Haughton, M. Kraft, Blockchain technology in the chemical
Communication Letters etc. ).
industry: Machine-to-machine electricity market, Appl. Energy 195 (2017)
234–246.
[32] Q. Tao, M. Jiang, X. Wang, B. Deng, A cloud-based experimental platform Linweiya Chen received her master degree from the
for networked industrial control systems, Int. J. Model. Simul. Sci. Comput. School of Computer Science and Engineering, Cen-
9 (4) (2018) 1850024. tral South University, China. Now she works in the
agricultural bank of china technology and product man-
[33] L.D. Xu, W. He, S. Li, Internet of things in industries: A survey, IEEE Trans.
agement department. Her research interests include
Ind. Inf. 10 (4) (2014) 2233–2243.
mobile network and distributed processing.
[34] Y. Xu, J. Ren, G. Wang, C. Zhang, J. Yang, Y. Zhang, A blockchain-based
nonrepudiation network computing service scheme for industrial IoT, IEEE
Trans. Ind. Inf. 15 (6) (2019) 3632–3641.
[35] Y. Xu, J. Ren, Y. Zhang, C. Zhang, B. Shen, Y. Zhang, Blockchain empowered
arbitrable data auditing scheme for network storage as a service, IEEE
Trans. Serv. Comput. 13 (2) (2020) 289–300.
Yaoxue Zhang received his B.Sc. (1982) degree from
[36] J. Xu, K. Xue, H. Tian, J. Hong, D.S.L. Wei, P. Hong, An identity management
Northwest Institute of Telecommunication Engineering,
and authentication scheme based on redactable blockchain for mobile
China, and his Ph.D. degree (1989) in computer net-
networks, IEEE Trans. Veh. Technol. 69 (6) (2020) 6688–6698.
working from Tohoku University, Japan. He is currently
[37] Y. Xu, C. Zhang, G. Wang, Z. Qin, Q. Zeng, A blockchain-enabled dedu- a Professor with the School of Computer Science & En-
plicatable data auditing mechanism for network storage services, IEEE gineering, Central South University, China, a Professor
Trans. Emerg. Top. Comput. (2020) 1–12, http://dx.doi.org/10.1109/TETC. with the College of Computer Science and Electronic
2020.3005610. Engineering, Hunan University, China, and a professor
[38] Y. Xu, C. Zhang, Q. Zeng, G. Wang, J. Ren, Y. Zhang, Blockchain-enabled with the Department of Computer Science & Technol-
accountability mechanism against information leakage in vertical industry ogy, Tsinghua University, China. His research interests
services, IEEE Trans. Netw. Sci. Eng. (2020) 1–12, http://dx.doi.org/10.1109/ include computer networking, operating systems, and
TNSE.2020.2976697. transparent computing. He has published over 200 papers. He is the Editor-in-
[39] Z. Zheng, S. Xie, H.-N. Dai, X. Chen, H. Wang, Blockchain challenges and Chief of Chinese Journal of Electronics and a Fellow of the Chinese Academy of
opportunities: a survey, Int. J. Web Grid Serv. 14 (4) (2018) 352–375. Engineering.

176