A cross-chain trusted reputation scheme for a shared charging platform based on blockchain

解决的三个问题

  • 1) It is difficult to verify the authenticity of information. When calculating reputation of the multi-chain charging model, C2T smart contract needs to call the information on different blockchains. Due to different consensus mechanisms adopted by different blockchains, the authenticity of the information cannot be mutually verified.
    这里是跨链数据真实性的问题
  • 2) It is difficult to verify the real-time of information. Reputation is a real-time concept. To ensure the validity of reputation, real-time data need to be called from different blockchains. The authenticity of data is not the same as real-time: the authenticity of data can be verified by the information on the blockchain, while outdated real data cannot reflect its real-time performance.
    数据实时性的问题
  • 3) The calculated reputation may be inconsistent with the information recorded in the blockchain. During the process of calculating reputation, information on blockchains is still being written, which will cause the calculated reputation to be inconsistent with the information on the blockchain, resulting in invalid reputation.
    计算过程中链上数据仍然在更新,导致数据一致性的问题

主要贡献

1) To solve the problem of calculating reputation in the multi-chain charging model, we design a $C_2T$ smart contract to implement information calls between different blockchains.
为了解决单链存储和查询信息的效率问题,提出了一种多链架构模型,并且设计了一种$C_2T$智能合约进行多链数据查询
2) To verify the authenticity of information called between different blockchains, we propose a data mutual trust mechanism based on merkel proof. In the data mutual trust mechanism, one party can quickly prove the authenticity of specific data on other blockchains without obtaining the full data.
解决上面的问题一,数据真实性的问题,利用默克尔证明快速进行验证数据真实性并且不用获取到全部信息
3) Considering the block size limitation issue, to achieve real-time validation of cross-chain information, we propose a new data structure called VerRealTime composed of multiple counting bloom filters (MCBF), which can ensure the real-time of cross chain information and save space.
利用多重计数布隆过滤器解决上述问题二,数据实时性的问题,淘汰和替代旧数据
4) To ensure that the reputation is consistent with the information on blockchains, this paper utilizes hash mutexes to lock the information resources used in calculating reputation. After calculating reputation, $C_2T$ smart contract unlocks the locked information to ensure a strong consistency of reputation.
解决上述问题3,数据一致性的问题,使用哈希互斥在计算的过程中锁定信息
5) We analyze the security of $C_2T$ smart contract in theory. Besides, we conduct experiments on the consumption and effects of $C_2T$ smart contract

详解

Background:

  • C1 身份信息链,保存了接入的EV、CP的证书
  • C2 充电信息链,保存了每一次的充电信息
  • C3 repuation链,保存了充电评价

多链架构

架构图

$C_2T$合约工作流程图

  • 1 EV充电完毕发起评价请求至C3,C3激励$C_2T$合约,传入参数为ID
  • 2 为了保证请求的真实性,合约向C1发起请求,获取对应ID对应的证书,并且将证书发送给合约进行check
  • 3 如果步骤2没有问题,那么合约向C2发起请求,查询对应的EV和CP的id的最近一条充电记录
  • 4 合约获取到所需全部信息,进行reputation calculation之后结果保存至C3链

解决方案

  • 数据来源认证
    $C_2T$合约部署在$C_3$上,其中负责验证的模块$M_v$是单独工作的,

CallReq q = {$C_j$ , Q} (j ∈ {1, 2}, Q = (ID, $c’$ )) $c’$代表查询语句

认证流程图

其中c是query result,然后等于说$C_3$在自己链中维护了一个存储的merkle树,其中叶子结点保存了全部的info。

  • 数据实时性
    MCBF解决数据实时性:优化只需要一次哈希,常规BF与CBF都需要做多次哈希

    分为三步:

    • 初始化:k个CBF置零,哈希得到r,用r对k个大质数mod
    • 查询部分:这个比较简单,就是判断k个CBF中有一个为0则不是实时
    • 更新部分:就是先删除再插入
  • 数据一致性:使用哈希锁对即将查询的资源进行lock,两个哈希,一个上锁一个解锁

安全性分析

  • Authenticity attacks.

  • Real-time attacks

  • Inter-chain write mutual exclusion attack

实验结果

reputation 计算公式:


$R_{cp,n−1}$ 代表上一次盖CP的分数
$\mu$ 是可调整的参数,由rating数据的变化速度决定
$W_n$ 是用户给出的评价等级
$E_n$ 是CP的得分的期望
$\phi(R_{cn,n-1})$ 是衰减函数

每一步骤和不同的结果的Gas费用

不同深度的merkel树的验证过程的gas消耗

一些可以改进的地方

  • 设立一个比较具体的背景:比如说物流

  • 根据接入链数量动态调整Merkle的高度缓解监管链存储压力(设计一种算法)

  • 链之间的通信方式?应该还是要通过路由,如果智能合约直接发起请求,那么就破坏了链本身的安全性(可以用第一篇论文的跨链框架)

  • 要维护一颗不断有实时信息写入的merkel树开销比较大,并且数据越多,结点数量越多,存储的开销越大。(改进merkel树的结构与设计,这里打算使用递归Merkle树,这样可以维护树的高度保持不变,添加数据也不会有额外的存储开销,并且将叶子结点使用双向链表连接加速查询和实现删除的效果)

  • 对正在进行的数据进行上锁,如果这个时候有了请求更新会被丢弃吗?(是否可以添加一个缓冲队列,如果冲突则在下一个区块打包)

  • 攻击者可以随意伪造一个合法的但是不存在的merkel证明,这个就无法验证(使用递归默克尔树)

  • 实验只计算了消耗的gas,并没有把耗时考虑进去

  • 取多链数据时,考虑下多链数据的隐私保护,使用同态加密