Abstract
As emerging next-generation information technologies, blockchains have unique advantages in information transparency and transaction security. They have attracted great attentions in social and financial fields. However, the rapid development of quantum computation and the impending realization of quantum supremacy have had significant impacts on the advantages of traditional blockchain based on traditional cryptography. Here, we propose a blockchain algorithm based on asymmetric quantum encryption and a stake vote consensus algorithm. The algorithm combines a consensus algorithm based on the delegated proof of stake with node behaviour and Borda count (DPoSB) and quantum digital signature technology based on quantum state computational distinguishability with a fully flipped permutation () problem. DPoSB is used to generate blocks by voting, while the quantum signature applies quantum one-way functions to guarantee the security of transactions. The analysis shows that this combination offers better protection than other existing quantum-resistant blockchains. The combination can effectively resist the threat of quantum computation on blockchain technology and provide a new platform to ensure the security of blockchain.
Subject terms: Information theory and computation, Quantum physics
Introduction
The concept1 of blockchain technology was first introduced by Satoshi Nakamoto in 2008. Blockchain is a decentralized block of data linked in a chronological chain network to provide a distributed shared ledger and database. For example, in the first blockchain system, i.e. Bitcoin, each block contains two parts, namely, the block header and block body. The block header contains the hash value of the current block, the hash value of the previous block, the timestamp, and information about the Merkel tree; the block body contains the transaction information and the corresponding digital signature. One advantage of the blockchain is the usage of a distributed network, which provides the transparency and security of transaction information. After more than ten years of rapid development, this technology is not limited to Bitcoin and other cryptocurrencies but also attracts intense attention from multidisciplinary areas, such as finance, energy, medical care, and government affairs.
At the core of blockchain technologies, the most important aspects are consensus algorithms and digital signatures. Consensus algorithms can be used to generate blocks, while digital signatures can secure transaction information. For example, the consensus algorithm used in the Bitcoin network is proof of work (PoW)1, which allows every miner to compete through computing power based on a hash algorithm. The miner with higher hash power tends to have larger probabilities to find the correct hash solution, and the first miner that finds the correct hash value will generate a new block. In addition, there are other consensus algorithms such as proof of stack (PoS)2, delegated proof of stack (DPoS)3, and delegated proof of stake with node’s behaviour and Borda count(DPoSB)4. They do not rely on computing power and thus could lower the power consumption. There is also a Byzantine algorithm5 that achieves consensus in communication in the presence of malicious nodes.
Digital signatures are an essential application of public-key cryptography. Encryption methods commonly used in the digital signatures of a classical blockchain are Rivest-Shamir-Adleman (RSA)6 and elliptic curve cryptography (ECC)7. These well-developed encryption algorithms are too complex for classical computers to crack, ensuring the security of the digital signatures. However, Shor and others have found that a quantum algorithm can effectively solve the integer decomposition problem and the discrete logarithmic problem8, which are the critical parts of the encryption methods. In this case, the security of blockchain technology based on the digital signatures is under the threat of quantum computation.
Several physical systems have been developed to realize quantum computation. Quantum supremacy was demonstrated on a programmable superconducting quantum processor with 53 qubits by Google9. Pogorelov et al.10 performed 50-qubit ion trap quantum computing. Moreover, Zhong et al.11 demonstrated a 76-qubit quantum computer with photons for boson sampling and a programmable quantum nanophotonic chip with many photons12.
Therefore, it has become urgent to develop new methods to protect against the threat of quantum computing. One effective approach is to develop quantum cryptography techniques based on the unique nature of quantum physics. For example, the quantum signature technology based on quantum state computational distinguishability with fully flipped permutations () problem, utilizing the complexity of problem for quantum computation, can guarantee the security of the signature process. In addition, there are also quantum key distribution (QKD) techniques used in quantum information, such as the most famous BB84 protocol13. These techniques help to improve security in communication processes even in the presence of quantum computation.
In this case, these algorithms can be involved in blockchain technologies, which further improve system securities. Several attempts have been made. For example, quantum key distribution (QKD) techniques, such as the most famous BB84 protocol13, used in quantum information have been applied to blockchains14; quantum entanglement in time has been used to produce blocks15, which is combined with quantum signature algorithms16. However, quantum signatures are not used in the QKD blockchain algorithm; a blockchain generated by the use of entanglement in time cannot trace back the transaction information, and thus the improvement in the overall security of the blockchain is poor.
To guarantee blockchain network security under quantum supremacy, we propose a quantum blockchain method that combines the DPoSB consensus algorithm4 and quantum signatures established with quantum signature technology based on quantum state computational distinguishability with a fully flipped permutation () problem17. The former is developed from DPoS, which keeps the voting system and considers the influence of malicious behaviours in votes to improve security when malicious nodes are in a blockchain system. A quantum signature method using a quantum asymmetric cryptography approach is a signature method designed based on the complexity of the problem for quantum computation to guarantee the security of the signature process. Here we combine them together. The blockchain generates blocks by DPoSB and signs transactions by a quantum one-way function18 based on the problem. Mining here is not necessary to make great savings on computing resources, which greatly saves computing resources and increases the speed of block generation. Different from other quantum signature methods14,15,16, this method is not constrained19,20 by probabilities and does not require a large number of one-time pads, which thus saves substantial communication overheads. Discussions about security models and quantum information-theoretical security are introduced in the security analysis. It can be found that our blockchain is secure even in the malicious adversary model. Our results show that this signature method in quantum blockchain is more secure than other quantum signatures. In this paper, the data structure of blockchain network is introduced in “Data structure of the blockchain ” and our quantum blockchain section algorithm is analyzed in “Quantum blockchain algorithm” section. Then, the security of the blockchain algorithm is analyzed in “Security analysis of the blockchain” section, and the blockchain algorithm is compared with other existing quantum blockchains in “Comparison with other quantum blockchain signature methods” section. The conclusion is given at the end.
Data structure of the blockchain
A block acting as a unit in our blockchain system is constructed by a block header and a block body, as shown in Fig. 1. The information in the block header contains the address of the current block, the address of the previous block and the timestamp. The block body contains the transaction information that has passed through the quantum signature verification process. Due to the vital point of DPoSB, blockchain nodes do not need to participate in mining; namely, there is no computing force competition; thus, the hash value in the block is not necessary and can be replaced with the explicit address. We can begin from the block in the end to find the desired information according to the block addresses.
Quantum blockchain algorithm
In the blockchain, the signer generates the transaction and then uses a private key to sign, and the receiver authenticates the transaction by using the signer’s public key to ensure transaction security in the aspect of cryptography.
First, our quantum blockchain network contains nodes, and n (>2n) witness nodes are elected to generate blocks in turn by DPoSB13. Then the nodes sign transactions through a quantum one-way function based on the problem. The witness nodes verify the transactions signed by the nodes and package the transactions into blockchain network if it passes through the verification process.
Blocks created by DPoSB
One key characteristic of DPoSB is voting, which is developed from DPoS. By the application of voting, the computing source originally used for mining can be largely saved. In voting, the n nodes with the highest votes are elected as the witness nodes responsible to generate blocks in turn. Let us assume that there are nodes in a blockchain system. First, 2n (>2n) candidate nodes are elected by voting, and then n witness nodes among the candidate nodes are elected. However, sometimes there are some malicious nodes appearing in the system, which hinder the generation of blocks.
There are four types of malicious behaviours denoted by . Each is distributed by a weight and the maximum threshold is the largest number of times the behaviour is accepted in the system. Below are the types of ,
=1(fp): This indicates that the failure of transaction package, where and =Max1.
=2 (fv): This indicates that the failure of block check, where and =Max2.
=3 (bn): The failure of node communication, where and =Max3.
=4 (other): Other types of malicious behaviour, where and =Max4.
Then DPoSB introduces malicious behaviour punishment calculation in the algorithm to address this issue and the mechanism of the Borda score to fairly select the witness nodes. We calculate the malicious behaviour weight ratio for the th node:
where represents the number of times the behaviour is performed by the th node makes.
The valid vote to define the th node is:
where indicates the number of votes by th node for th node in round of block generation (all participants produce a block once as the end of one round).
Then, we sort the valid votes for all nodes, and 2n nodes with the highest votes are elected as the candidate nodes.
The next step is to select n witness nodes from these candidate nodes. We construct the preference matrix:
where .
Then we have the th node’s preference value for the th candidate node: and obtain the Borda score matrix:
We calculate the cumulative Borda scores for each candidate node: .
The Borda scores are sorted for all candidate nodes, and the n candidate nodes with the highest scores are elected as the witness nodes.
The witness nodes can generate blocks in turn, as shown in Fig. 2.
Transaction signing and verification process
Then the nodes sign transactions through a quantum one-way function based on the quantum state computational distinguishability with fully flipped permutations QSCDffproblem.
In quantum algorithms, quantum gate operations 21 can be performed on qubits, which include Hadamard (), qubit flip (), phase flip () operations. The quantum state of a single qubit can be represented as , where and are the counterparts of 0 and 1 in the classical computation. A quantum gate operation can be represented as performing a unitary operator on the quantum state, , to produce a target quantum state.
In the quantum algorithm, signing and verification processes are necessary to ensure a transaction. Here, we use the quantum one-way function based on the problem to finish the signing process.
A brief introduction to the question
We define = {, is even and /2 is odd}. For each , is used to represent a symmetric group of degree . Then we use = {: = and [], where represents all the identity permutations. Each can be represented as an odd permutation that is the product of /2 disjoint transposition 22.
Then we have and the following definition:
For each , there are quantum states and :
For a symmetric group of degree , each group element can be represented as an arrangement with elements, such as a group element in , which can be represented as quantum states: .
The problem is to distinguish the following two quantum states for each :, where the represents a polynomial.
Ref.22 has proven that if is random and unknown there is no quantum algorithm that can solve the problem with non-negligible advantage. However, this problem can be quickly solved with the solution of so that would serve as a trapdoor in the quantum signatures.
A distinguishing algorithm for the problem
Step 1 The quantum circuit used here is shown in Fig. 3a. For a quantum state , ∈ {, }, we prepare the initial state . is input into the first register (a device used to preserve one or more quantum states) of the quantum circuit, and is input into the second register. The Hadamard operation () is performed on , to obtain:
Step 2 The operation is performed on the second register controlled by the first register to obtain:
Step 3 The operations is performed on the first register.
Step 4 The measurement is performed on the first register, and if is obtained, otherwise, .
generating algorithm
can be generated by the following steps. The quantum circuit is shown in Fig. 3b.
Step 1 We prepare the quantum state , input into the first register, and input into the second register. Then, we perform the operation on the first register, and obtain and the .
Step 2 The operation is performed on the second register and controlled by the first register.
Step 3 If the second register reads , we perform a qubit flip operation () 21 on the first register.
Step 4 A uniformly random permutation is performed on the second register.
Step 5 The final state of the second register is output.
Converting algorithm
The symbol function on the symmetric group is as follows:
If σ is an even permutation, ; if is an odd permutation, .
We can convert to by the following operation:
(even permutation × odd permutation = odd permutation, odd permutation × odd permutation = even permutation; is an odd permutation.).
The quantum circuit is shown in Fig. 3c.
Signing transaction process
Below we use an example to show the detailed processes. Alice serves as a signer and Bob as a verifier. Jack acts as the private key generator (PKG), which is a trusted node in the blockchain system, and never exposes the signer's private key or imitates the signer to sign messages. Alice is ready to send a transaction message that she encodes as a bit string , . The transaction can be signed by following steps 17.
Key generation phase
Step 1 Alice randomly selects an odd permutation as the private key, where is the length of the bit string. Then, the unconditionally secure deterministic secure quantum communication (DSQC) protocol23 is used to write the private key in the blockchain to secretly share it. In this case, Jack secretly holds pair, where is Alice's identity code.
Step 2 Alice performs the generation algorithm to obtain the public key . (One bit one key), as shown in Fig. 4a.
Step 3 Alice has a key pair .
Signing phase
Step 1 Alice performs a permutation operation on and obtains the bit string : , where the ,
Step 2 Through the conversion algorithm, Alice encrypts as a quantum sequence: , where , as shown in Fig. 4b.
Step 3 Alice prepares decoy particles (), which are distributed randomly in . She inserts decoy particles randomly into and gets the sequence to check eavesdropping8, as shown in Fig. 4c. She then sends to Bob.
Step 4 After receiving , Alice exposes the location of the decoy particles. Bob checks the particles with the corresponding base. If there is no error, Bob takes the next step, and otherwise the signature generation phase is restarted.
Step 5 Bob performs an eavesdropping check, drops all the decoy particles and finally holds as the quantum signature of Alice.
Verifying phase
Step 1 Bob converts the public key to based on , where and , as shown in Fig. 4d.
Step 2:Bob prepares the decoy particles (), which are randomly in . He randomly inserts the decoy particles into to get the sequence to check for eavesdropping, as shown in Fig. 5a. He then sends to Jack.
Step 3 After Jack receives , Bob exposes the location of the decoy particles. Jack checks the particles with the corresponding base. If there is no error, Jack takes the next step, and otherwise the signature generation phase is restarted.
Step 4 Jack discards all decoy particles and recovers to .
Step 5 Jack recovers the private key according to the identity code , and obtains the bit string by distinguishing , where , as shown in Fig. 5b. Then, permutation is performed on , and is obtained.
Step 6 Jack distinguishes , and obtains the bit string , where , as shown in Fig. 5 (c). If = , Jack claims validation and Bob accepts the signature.
Package the transaction into blockchain
In actual applications, the witness codes elected under DPoSB should be considered trusted signature verifiers. After more than 2/3 of the witness nodes accept the signature, the generated transaction information is valid and packed into the block generated by the current witness node, as shown in Fig. 6. However, when the verifying phase is completed, if less than 2/3 of the witness nodes accept the signature, is discarded by the current witness node.
Security analysis of the blockchain
Security model
Before reviewing the security of our blockchain, we would explain two security models used in information theory and cryptography24.
Semi-honest adversary model Suppose there are some semi-honest adversaries in a system and they follow a protocol correctly but may keep some necessary information to infer additional information later.
Malicious adversary model Suppose there are some malicious adversaries in a system and they may not only keep necessary information to infer additional information, but also attempt to perform breaking-protocol malicious behaviours to get additional information.
In the block generation process, a semi-honest adversary can only keep public information of the block header and block body. Then he cannot infer any useful additional information, because there are no secrets in the public information. In the signing process, a semi-honest adversary can attempt to infer the private key of a signer (the only secret), which however cannot work as shown in "Security of private keys" Section. Therefore our blockchain can keep security in the semi-honest adversary model.
We will demonstrate the security in the malicious adversary model in the next three sections. Generally, when an algorithm or a protocol can keep security in the malicious adversary model it is safer.
Security of the generation of blocks
Consensus algorithms are used in the generation of blocks, and different consensus algorithms have distinct security levels. There are three main breaking-protocol attacks in this process, which belong to the malicious adversary model: 1. Double-spending attacks1. 2. Attacks that crack the hash value in a short time14. 3. Nodes that disturb the generation of blocks on purpose13. Then we will explain how our blockchain has robustness in the block generation process to these attacks in the malicious adversary model.
Attacker nodes can forge another blockchain secretly to forge information in blocks, which is defined as double-spending attacks. The success rate of this attack is higher when the computing force is larger. The success rate becomes 100% when the computing force of one node is larger than half of the total computing force of the blockchain system. However, this attack can be defended against in our blockchain algorithm because it is based on the computing force that is not needed in our algorithm.
An attack that cracks the hash value in a short time is a special attack based on a quantum computer. The quantum computer can use quadratic acceleration to crack the hash value through the Grover algorithm25, which makes nodes that have quantum computers dominate the blockchain systems. However, this attack is still based on computing force, so it can be defended in our blockchain algorithm.
As shown in "Blocks created by DPoSB" Section, in blockchain systems, some nodes may intentionally disturb the generation of blocks. In the DPoSB algorithm, malicious behaviours can be recorded by blockchain systems, and these records have impacts on the nodes’ scores during the elections. Because the chance that a node is elected as a witness is smaller when it has more malicious behaviours, our blockchain algorithm can also defend against this attack.
Quantum information-theoretical security
In quantum asymmetric encryption, an encryption has quantum information-theoretical security if the quantum cyphertexts have computational indistinguishability26.
We can claim that two quantum ensembles and are computationally indistinguishable, if for every probabilistic polynomial algorithm , every positive polynomial and sufficiently large positive integer the following inequation can be satisfied 26:
where represents the probability.
In our blockchain algorithm, the cyphertexts are and . Then we define that , and need to prove:
Assume that we have a probabilistic polynomial algorithm , which makes:
It means we have an efficient algorithm to distinguish signature cyphertexts from efficiently, corresponding to solving the problem. However, according to the hardness of the problem as proved in ref.22, the problem cannot be solved in polynomial time. Thus, it can be claimed that our blockchain has quantum information-theoretical security.
Security of the signing process
The malicious attacks which can be used in this process are eavesdropping, forging, repudiation and interception. Then we will explain how our blockchain can have robustness in the signing process to these attacks in the malicious adversary model.
Security of private keys
The security of private keys should be assured in two ways.
First, it has been proven that no quantum algorithm can crack the private keys of signers in polynomial time when there is no private key 22 because one cannot distinguish signature cyphertexts from efficiently, as discussed in "Quantum information-theoretical security" Section.
Second, because private keys are selected from and , the attacker only has a chance of to obtain the private keys (note that the divergence of is far stronger than ). In this case, the success rate of brute attacks is sufficiently small, which means that the success rate of signatures randomly generated by attackers is negligible.
Security against eavesdropping
As mentioned above, we can use the BB8413 protocol to defend against eavesdropping. Because of the particularity of quantum states, eavesdropping can result in the collapses of quantum states and destroy the decoy states. By the second checkout process in BB84, the verifier could determine if there is any eavesdropping through the measurement of decoy states. In addition, eavesdropping by cloning signatures is not possible because of the quantum no-cloning theorem21.
Security against forging
There are two forging attack approaches. The first is forging signatures by using the transaction information of signers, and the second is forging the transaction information of signers.
In the first approach, a signer generates transaction information and public key and then uses the private key to generate signature . An attacker wants to forge a signature with and the signer’s private key, which makes . According to the signature algorithm mentioned above in section "Transaction signing and verification process", because of the uniqueness of the output of the generating algorithm, we have , and thus, the signatures cannot be forged.
In the second approach, a signer generates transaction information and public key . An attacker wants to forge the signer’s transaction information by turning it into to make the signature of pass the verification process. According to the security of the private keys mentioned in section "Security of private keys", attackers have no way to generate a valid signature when they have no signers’ private keys. Therefore, transaction information cannot be forged. In Conclusion, the forging methods mentioned above cannot be performed.
Security against repudiation
Repudiation is that attackers repudiate signatures to make signers fail in the signing process.
According to the signature algorithm mentioned above in section "Transaction signing and verification process", an attacker has no access to verify the signatures when they are not a witness; hence, an attacker cannot repudiate signatures. When an attacker is a witness, Jack can automatically pass through the signature if verification succeeds. In this way, an attacker still cannot repudiate the signatures because Jack is a trusted node and determines whether a signature can pass through the verification process.
Security against interception
Interception is that attackers forge information through intercepting information.
According to the signature algorithm mentioned in section "Transaction signing and verification process", messages, including and the location information of decoy particles, can be intercepted by an attacker.
In the signing phase, is first intercepted. Then, to avoid the suspects of the signer, the attacker has to forge a new message,, to pass the verification process, which is a man-in-the-middle attack. According to the analysis mentioned above in section "Security against forging", even if the attacker passes through the decoy particle check process, the forging messages still cannot pass through the verification process because the attacker has no signer’s private key.
In the verification phase, the attacker first intercepts . Then, to avoid the suspicion of the signer, the attacker has to forge a new message to pass through the verification process, which is a man-in-the-middle attack too. In this way, the reason for a forging failure is the same as that for a signing phase failure.
Security issues from actual applications
In actual applications, there are several other security problems for businesses, organizations and operations. According to recent research progresses27−30, some kinds of techniques, such as Process-Data-Infrastructure (PDI) model27, can be incorporated into blockchain systems to figure out these problems and secure blockchain applications.
According to the PDI model27, system security issues can be classified to three levels: process level, data level and infrastructure level. The blockchain security in the process level includes operation standards, smart contracts, implementation security and fraud detection. The data level is composed of consensus algorithms, encryption, authentication, key management and access control while the infrastructure level includes super-node server, terminal devices and network. In the above sections we have discussed the blockchain security issues in the data level, and our blockchain can be combined with the modern blockchain frame (such as the PDI model) to enhance the security of the blockchain system. In blockchain-secured smart manufacturing 28, a specific PDI model can be realized like the following architecture: in the infrastructure level, a blockchain platform (such as Ethereum, Hyperledger, and EOS) is selected to manage terminals and networks. The platform should provide distributed data structure, interaction mechanisms, and computing paradigms. Then in the data level, our blockchain algorithm can be used to generate blocks (by consensus algorithm) and sign the transactions (by quantum digital signature) safely. More complex computations are performed safely with privacy computing (such as secured multi-party computation24, federated learning31 and trusted execution environment32), which makes blockchain compute functions on private data with them unexposed. Then a computer language supported by the blockchain platform is used to write smart contracts in the process level. Programmable manufacturing devices can be deployed in necessary places, and relevant data are collected through internet of things (IoT)33, which are transmitted to blockchain for next processing.
Comparison with other quantum blockchain signature methods
In actual applications of blockchain technology, security is of the most importance; thus, we would use the safest signature algorithm as much as possible. Then, we will demonstrate that the signature algorithm in our blockchain algorithm is safer than other quantum-resistant signature algorithms. We assume that the decoherences of quantum circuits with outside environments can be ignored.
Comparison with a signature algorithm based on nonorthogonal encoding
We introduce the basic ideas of nonorthogonal 20 encoding first. We define four quantum states: , where and are eigenstates of Pauli and and eigenstates of Pauli . The signer prepares a binary string , where is large enough, and selects a trusted authenticator. Then, we define four nonorthogonal sets, , and any two quantum states in each set are not orthogonal to each other. The signer, verifier and authenticator can perform the next procedures to complete this signature algorithm.
Step 1 The signer selects a random quantum state from the four quantum states and distributes the nonorthogonal sets containing this quantum state according to the corresponding bit in the code. For example, if and the signer selects , we distribute the set to the first quantum state; if and the signer selects , we distribute the set to the first quantum state. This process is repeated times; then, the signer sends the quantum states and single bit information to the verifier and the authenticator by quantum channels.
Step 2 The verifier and the authenticator choose an or basis randomly for every quantum state and then take the measurements of these quantum states .
Step 3 The signer sends sets to the verifier and the authenticator by traditional channels.
Step 4 The verifier and the authenticator compare every result of quantum state with their sets. If one measurement result is orthogonal to one quantum state in the set, the conclusive bit can be obtained. For example, if we receive set and the measurement result is , we can know that the signer sends 0; however, if the measurement result is not orthogonal to any quantum state in the set, the code the signer sent is inconclusive.
Step 5 The signer sends a bit string to the verifier and authenticator. After receiving the bit string , the verifier and the authenticator compare it with their conclusive bit string and compute the error rates and , respectively (we take inconclusive bits as right bits). If both and are larger than threshold , the signature fails; otherwise the signature can succeed.
It can be demonstrated that this signature algorithm cannot defend against interception. An attacker can perform the next procedures to forge a signer’s signature.
Step 1 The signer generates single bit information , bit string and quantum state and then sends them to the verifier and the authenticator.
Step 2 The attacker intercepts the messages ; generates single bit information , bit string and quantum state ; and then sends to the verifier and the authenticator.
Step 3 The signer sends sets of to the verifier and the authenticator.
Step 4 The attacker incepts messages and sends sets of to the verifier and the authenticator.
Step 5 The verifier and the authenticator perform step 5 in the signature algorithm.
Step 6 Now, the attacker forges a perfect signature of the signer because it is simple to generate and , so the verifier and the authenticator can pass the signature forged by the attacker with overwhelming probability. A forging attack can work in this way.
As mentioned in section "Security against interception", we have demonstrated that the signature algorithm in our blockchain algorithm can resist interception and thus is safer than the algorithm in this section.
Comparison with a signature algorithm based on quantum entanglement
Suppose there are three characters that take part in this algorithm 16: the signer, the verifier and a trusted node blockchain. They perform the next procedures to complete this signature algorithm.
Step 1 The blockchain generates sufficient Bell states: , where represents Bell state . Hence, we have two qubit strings and . In the same way, the blockchain generates Bell states: , so we have two qubit strings and .
Step 2 The blockchain randomly selects a sufficiently long substring from and sends it to the signer as his private key; the blockchain randomly selects a sufficiently long substring from and sends it to the verifier as the signer’s private key; the blockchain randomly selects a sufficiently long substring from and sends it to the verifier as the private key; the blockchain randomly selects a sufficiently long substring from and sends it to the signer as the verifier’s private key.
Step 3 The signer uses the hash function () on an x-length quantum coin to obtain a y-length hash sequence.
Step 4 The signer performs controlled-NOT(CNOT) on the first x qubits of , the first y qubits of , quantum coin and hash sequence :
where . Then, the signer obtains quantum coin and hash sequence and sends and to the verifier.
Step 5 The verifier performs CNOT on the first x qubits of , the first y qubits of , quantum coin and hash sequence :
Then, the verifier obtains quantum coin and hash sequence , computes and judges if it is equal to . If , the signature is accepted; otherwise, the signature is rejected.
It can also be demonstrated that this signature algorithm cannot defend against interception. An attacker can perform the next procedures to forge a signer’s signature.
Step 1 As shown in the signature algorithm mentioned above, the blockchain generates substrings , , , and and sends and to the signer and and to the verifier.
Step 2 The attacker intercepts and through a man-in-the-middle attack, imitates the blockchain to generate substrings , , , and , retains substrings and , and then sends substrings and to the verifier.
Step 3 In this moment, the attacker’s substrings entangle the signer’s and the verifier’s at the same time, so the attacker can forge any transaction messages and the signatures of the signer and the verifier.
Conclusion
We propose a quantum blockchain algorithm that generates blocks by DPoSB and signs the transaction information with a quantum one-way function based on the problem. By the stake vote and punishing the malicious behaviours of DPoSB and asymmetric quantum encryption, the fairness, efficiency and security of the blockchain system can be improved. Security in the semi-honest adversary model and the malicious adversary model can be realized in our blockchain based on quantum information-theoretical security. Furthermore, we demonstrate the security of our blockchain algorithm compared with other quantum blockchain algorithms. Our quantum blockchains provide a safe platform that could decrease the costs of various operations and transaction activities. We should mention that the trusted node used in our blockchain has a larger weight in the network and therefore the necessity of the trusted node may weaken decentralization. Quantum signatures which do not require the trusted node could be developed in future researches to solve this problem. Moreover, quantum blockchains could be based on quantum privacy computing, which would further enhance the security of actual blockchain applications. In the near future, quantum blockchains will play an important role in social and financial areas that have increasing demands for transaction securities.
Acknowledgements
Work was supported by the Fundamental Research Funds for the Central Universities (Grant No. 14380146), National Natural Science Foundation of China (Grant No. 12074177, No.61521001, No.12074179 and No.11890704), the Key R&D Program of Guangdong Province (Grant No.2018B030326001) and the NKRDP of China (Grant No.2016YFA0301802).
Author contributions
L.D. and W.W wrote the main manuscript text. All authors reviewed the manuscript.
Data availability
The authors declare that the data that support the plots within this paper and other findings of this study are available from the corresponding author upon reasonable request.
Competing interests
The authors declare no competing interests.
Footnotes
Publisher's note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
References
- 1.Nakamoto, S. A peer-to-peer electronic cash system. Decentralized Bus. Rev. 21260 (2008).
- 2.King, S., Nadal, S. Ppcoin: Peer-to-peer crypto-currency with proof-of-stake. self-published paper. 19 (2012).
- 3.Larimer D. Delegated proof-of-stake (dpos) Bitshare Whitepaper. 2014;81:85. [Google Scholar]
- 4.Tan, C., Xiong, L. DPoSB: Delegated Proof of Stake with node's behavior and Borda Count. ITOEC. 1429–1434 (2020).
- 5.Lamport L. The Byzantine generals problem. JACM. 1983;30:668–676. doi: 10.1145/2402.322398. [DOI] [Google Scholar]
- 6.Rivest RL, Shamir A, Adleman L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM. 1978;21:120–126. doi: 10.1145/359340.359342. [DOI] [Google Scholar]
- 7.Miller, V. S. Use of elliptic curves in cryptography. Conf. Theor. Appl. Cryptogr. Techn.417–426 (1985).
- 8.Shor, P. W. Algorithms for quantum computation: discrete logarithms and factoring. IEEE Proc. Annu. Symp. Found. Comput. Sci. 124–134 (1994).
- 9.Arute F, Arya K, Babbush R, et al. Quantum supremacy using a programmable superconducting processor. Nature. 2019;574:505–510. doi: 10.1038/s41586-019-1666-5. [DOI] [PubMed] [Google Scholar]
- 10.Pogorelov I, Feldker T, Marciniak CD, et al. Compact Ion-trap quantum computing demonstrator. PRX Quantum. 2021;2:020343. doi: 10.1103/PRXQuantum.2.020343. [DOI] [Google Scholar]
- 11.Zhong HS, Wang H, Deng YH, et al. Quantum computational advantage using photons. Science. 2020;370:1460–1463. doi: 10.1126/science.abe8770. [DOI] [PubMed] [Google Scholar]
- 12.Arrazola JM, Bergholm V, Brádler K, et al. Quantum circuits with many photons on a programmable nanophotonic chip. Nature. 2021;591:54–60. doi: 10.1038/s41586-021-03202-1. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 13.Bennett, C. H., Brassard, G. Quantum cryptography: Public key distribution and coin tossing. Preprint at https://arxiv.org/abs/2003.06557 (2020).
- 14.Kiktenko EO, Pozhar NO, Anufriev MN, et al. Quantum-secured blockchain. Quantum Sci. Technol. 2018;3:035004. doi: 10.1088/2058-9565/aabc6b. [DOI] [Google Scholar]
- 15.Rajan D, Visser M. Quantum blockchain using entanglement in time. Quantum Rep. 2019;1:3–11. doi: 10.3390/quantum1010002. [DOI] [Google Scholar]
- 16.Gao YL, Chen XB, Xu G, et al. A novel quantum blockchain scheme base on quantum entanglement and DPoS. Quantum Inf. Process. 2020;19:1–15. doi: 10.1007/s11128-019-2494-0. [DOI] [Google Scholar]
- 17.Xin X, Yang Q, Li F. Quantum public-key signature scheme based on asymmetric quantum encryption with trapdoor information. Quantum Inf. Process. 2020;19:1–15. doi: 10.1007/s11128-019-2494-0. [DOI] [Google Scholar]
- 18.Chuang, I., Gottesman, D. Quantum digital signatures. Preprint at https://arxiv.org/abs/quant-ph/0105032 (2001).
- 19.Chen FL, Liu WF, Chen SG, et al. Public-key quantum digital signature scheme with one-time pad private-key. Quantum Inf. Process. 2018;17:10. doi: 10.1007/s11128-017-1778-5. [DOI] [Google Scholar]
- 20.Lu YS, Cao XY, Weng CX, et al. Efficient quantum digital signatures without symmetrization step. Opt. Express. 2021;29:10162–10171. doi: 10.1364/OE.420667. [DOI] [PubMed] [Google Scholar]
- 21.Nielsen MA, Chuang IL. Quantum computation and quantum information. Phys. Today. 2001;54:60. [Google Scholar]
- 22.Kawachi A, Koshi BT, Nishimura H, et al. Computational indistinguishability between quantum states and its cryptographic application. J. Cryptol. 2012;25:528–555. doi: 10.1007/s00145-011-9103-4. [DOI] [Google Scholar]
- 23.Yan L, Sun Y, Chang Y, Zhang S, Wan G, Sheng Z. Semi-quantum protocol for deterministic secure quantum communication using Bell states. Quantum Inf. Process. 2018;17:315. doi: 10.1007/s11128-018-2086-4. [DOI] [Google Scholar]
- 24.Goldreich O. Secure multi-party computation. Manus. Prelim. Vers. 1998;78:110. [Google Scholar]
- 25.Grover LK. Quantum mechanics helps in searching for a needle in a haystack. Phys. Rev. Lett. 1997;79:325. doi: 10.1103/PhysRevLett.79.325. [DOI] [Google Scholar]
- 26.Pan, J., Yang, L. Quantum public-key encryption with information theoretic security. Preprint at https://arxiv.org/abs/1006.0354 (2010).
- 27.Leng J, Zhou M, Zhao JL, Huang Y, Bian Y. Blockchain security: A survey of techniques and research directions. IEEE Trans. Serv. Comput. 2020 doi: 10.1109/TSC.2020.3038641. [DOI] [Google Scholar]
- 28.Leng J, Ye S, Zhou M, et al. Blockchain-secured smart manufacturing in industry 4.0: A survey. IEEE Trans. Syst. Man Cybern. Syst. 2020;51:237–252. doi: 10.1109/TSMC.2020.3040789. [DOI] [Google Scholar]
- 29.Berdik D, Otoum S, Schmidt N, et al. A survey on blockchain for information systems management and security. Inf. Process. Manage. 2021;58:102397. doi: 10.1016/j.ipm.2020.102397. [DOI] [Google Scholar]
- 30.Muralidhara, S., Usha, B. A. Review of Blockchain Security and Privacy. 2021 5th IEEE ICCMC 526–533 (2021).
- 31.Kim H, Park J, Bennis M, et al. Blockchained on-device federated learning. IEEE Commu. Lett. 2019;24:1279–1283. doi: 10.1109/LCOMM.2019.2921755. [DOI] [Google Scholar]
- 32.Ayoade, G., Karande, V. & Khan, L. et al. Decentralized IoT data management using blockchain and trusted execution environment. IEEE IRI 15–22 (2018).
- 33.Hassan MU, Mubashir HR, Chen J. Privacy preservation in blockchain based IoT systems: Integration issues, prospects, challenges, and future research directions. Future Gener. Comput. Syst. 2019;97:512–529. doi: 10.1016/j.future.2019.02.060. [DOI] [Google Scholar]
Associated Data
This section collects any data citations, data availability statements, or supplementary materials included in this article.
Data Availability Statement
The authors declare that the data that support the plots within this paper and other findings of this study are available from the corresponding author upon reasonable request.