Enhancing Blockchain Security and Efficiency: Solutions for Micropayments, Payment Channels, and IoT Applications

Abstract

Blockchain technology has emerged as a transformative force, revolutionizing industries by enabling decentralized, transparent, and secure systems. However, despite its promise, blockchain faces critical challenges related to security, efficiency, and privacy. As of 2024, there are approximately 420 million cryptocurrency users worldwide, with over 44 million holding Bitcoin. Despite this widespread adoption, the system remains vulnerable to critical threats, one of which is the double-spending attack. In this scenario, a malicious actor attempts to spend the same digital currency multiple times, undermining the integrity of transactions.

In this thesis, we begin by investigating the double-spending problem in Bitcoin networks. Our study highlights the protocol's vulnerabilities, factors contributing to delays, and features that can be exploited to enable double-spending attacks. Additionally, we review existing countermeasures and identify unresolved challenges in detecting and mitigating such attacks. Our observations indicate that reducing confirmation latency is crucial to preventing double-spending attacks in micropayments.

After a thorough analysis of the Bitcoin protocol, we explore existing off-chain solutions for micropayments, such as the Lightning Network, which relies on payment channels to address latency issues and prevent double-spending in micropayments. Payment Channel Networks (PCNs) use Hashed Time-Locked Contracts (HTLCs) for multi-hop payments, which are vulnerable to attacks where malicious users can intentionally stall payments, exhaust channel capacity, or steal routing fees from honest users along the payment path. To address these challenges, we propose a Commitment-based Time Locked Contract (CommTLC), a solution that detects, punishes, and prevents adversaries in Fakey, Griefing, and Wormhole attacks. We implement the proposed scheme and analyze its security within the Universal Composability (UC) framework. Our experimental analysis shows that adversary detection times for Fakey, Griefing, and Wormhole attacks reduce to just a few milliseconds---specifically, less than 112 ms for a payment path involving five users---making it the first work to measure detection times for these attacks.

In addition to our secured off-chain solution, we propose an on-chain solution to reduce confirmation latency for micropayment transactions without requiring users to deposit collateral. Specifically, we introduce Q_pay, a protocol designed to expedite the validation of Bitcoin payments. Under the Q_pay protocol, sellers are guaranteed payment and can provide fast service to buyers once a "committee" approves the transaction. We evaluate Q_pay using 600 Bitcoin nodes on an emulated network. The results show that Q_pay is highly efficient, achieving approval latencies of 0.37 seconds for a 16-member committee and 0.91 seconds for a 512-member committee. This demonstrates that the Bitcoin blockchain can facilitate secure and nearly instant (< 1 second) micropayments.

Next, we address privacy-related challenges in Internet-of-Things (IoT)-based applications using blockchain technology. Our first application focuses on the calibration hierarchy in industrial IoT. Calibration hierarchy involves establishing a traceable chain from trusted reference units to device certifications, ensuring measurement accuracy and reliability. However, adversarial relationships between participants often lead to the disclosure of sensitive information, such as device or manufacturer identities and inter-entity relationships. To address this issue, we propose a Decentralized Traceable Hierarchy (DTH) system leveraging Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zkSNARK) that securely stores valid certificates, enables traceability verification, and supports certificate revocation. Experimental results show that certificate proposal verification takes 12.3 ms, while proof verification takes 4.5 ms, highlighting the scheme’s efficiency. In the literature, there is no existing work that meets all the stated requirements in the calibration system for a direct comparison of these results.

Finally, we propose a Smart Contract-based Task Offloading Framework (SC-TOF), an efficient solution for offloading tasks from IoT devices to edge servers while protecting the sender’s identity and confidential information. It leverages blockchain technology with Schnorr multi-signatures and smart contracts to ensure security and provide incentives. We implement SC-TOF using the iFogSim simulator and the Ethereum blockchain. Simulation results demonstrate that SC-TOF enables reliable data transmission and secure task offloading, achieving completion times of 0.8 seconds for a 20 MB task and 5.2 seconds for a 200 MB task. These results are faster than most existing blockchain-based and cloud-based offloading solutions. While edge-computing-based schemes without blockchain achieve similar latencies due to proximity, our scheme offers the additional advantage of enhanced security by eliminating delays caused by routing through multiple intermediaries and preserving privacy.

This thesis addresses key challenges in blockchain security, efficiency, and privacy across various applications, providing innovative solutions to support secure and efficient decentralized systems.