Professional Documents
Culture Documents
SmartDID A Novel Privacy-Preserving Identity Based On Blockchain For IoT
SmartDID A Novel Privacy-Preserving Identity Based On Blockchain For IoT
8, 15 APRIL 2023
Abstract—Internet of Things (IoT) applications have pene- problems and create a systematic proof system. We go on to pro-
trated into all aspects of human life. Millions of IoT users and vide the security analysis of SmartDID. Experimental analysis
devices, online services, and applications combine to create a shows that our scheme achieves better performance in terms of
complex and heterogeneous network, which complicates the dig- both credential generation and proof generation when compared
ital identity management. Distributed identity is a promising with CanDID.
paradigm to solve IoT identity problems and allows users to have
soverignty over their private data. However, the existing state-of- Index Terms—Blockchain-based distributed identity, Internet
the-art methods are unsuitable for IoT due to continuing issues of Things (IoT), privacy preservation, systematic proof system,
regarding resource limitations for IoT devices, security and pri- zero-knowledge proofs.
vacy issues, and lack of a systematic proof system. Accordingly, in
this article, we propose SmartDID, a novel blockchain-based dis-
tributed identity aimed at establishing a self-sovereign identity
and providing strong privacy preservation. First, we configure I. I NTRODUCTION
IoT devices as light nodes and design a Sybil-resistant, unlink- NTERNET of Things (IoT) applications have penetrated
able, and supervisable distributed identity that does not rely on
central identity providers. We further develop a dual-credential
I into all aspects of human life, such as intelligent cities,
innovative healthcare, and smart agriculture [1]. However, the
model based on commitment and zero-knowledge proofs to pro-
tect the privacy of sensitive attributes, on-chain identity data, and rapid growth of the new IoT paradigm has presented several
linkage of credentials. Moreover, we combine the basic creden- challenges related to availability, scalability, and security that
tial proofs to prove the knowledge of solutions to more complex constrain the sustainable development of IoT [2]. Sustainable
computing is a potential solution for energy-constrained IoT
Manuscript received 6 December 2021; accepted 7 January 2022. Date devices that involves energy sustainability and security sus-
of publication 21 January 2022; date of current version 7 April 2023.
This work was supported in part by the National Key Research and tainability [3], [4]. The proliferation of millions of IoT users
Development Program of China under Grant 2020YFB1807500; in part by and devices, online services, and applications forms a com-
the National Natural Science Foundation of China under Grant 62102295, plex and heterogeneous network that has complicated digital
Grant 62132013, Grant 62001357, and Grant 62102301; in part by the Key
Research and Development Program of Shaanxi under Grant 2021ZDLGY06- identity management [5], [6]. The proper management of the
03; in part by the Guangdong Basic and Applied Basic Research identities of these IoT devices plays a vital role in achieving
Foundation under Grant 2020A1515110772 and Grant 2020A1515110079; the security and sustainability of the IoT network as a whole. It
in part by the China Postdoctoral Science Foundation under Grant
2021M692501; in part by the Fundamental Research Funds for the Central is therefore of great significance to study identity management
Universities under Grant XJS211513, Grant XJS201502, Grant XJS210105, in the IoT context.
and Grant XJS210107; in part by the Okawa Foundation for Information and Traditional IoT identity management primarily adopts a cen-
Telecommunications; and in part by JSPS KAKENHI under Grant 21H03424.
(Corresponding author: Qingqi Pei.) tralized authentication method, where the identity remains
Jie Yin and Qingqi Pei are with the State Key Laboratory of Integrated in the possession of the identity provider and is not inter-
Service Networks, School of Telecommunications Engineering, and the operable. These centralized identity systems [7]–[9] usually
Engineering Research Center of Trusted Digital Economy, Universities
of Shaanxi Province, Xidian University, Xi’an 710071, China (e-mail: rely on trusted third parties, such as credential authorities
yinjie0003@stu.xidian.edu.cn; qqpei@mail.xidian.edu.cn). (CAs), which are prone to becoming single points of failure.
Yang Xiao is with the State Key Laboratory of Integrated Services Blockchain, as an emerging paradigm, naturally adapts to the
Networks, School of Cyber Engineering, and the Engineering Research
Center of Trusted Digital Economy, Universities of Shaanxi Province, Xidian distributed nature of IoT owing to its decentralized, tamper-
University, Xi’an 710071, China (e-mail: yxiao@xidian.edu.cn). proof, and traceable characteristics [10]–[12]. It provides a
Ying Ju and Lei Liu are with the State Key Laboratory of Integrated Service new solution for the IoT identity security problem and has
Networks, School of Telecommunications Engineering, Xidian University,
Xi’an 710071, China, and also with the Guangzhou Institute of Technology, given rise to a new form of digital identity, namely, distributed
Xidian University, Guangzhou 510555, China (e-mail: juying@xidian.edu.cn; identity [13]–[15]. Blockchain-based distributed identity lever-
leiliu@xidian.edu.cn). ages distributed infrastructure to change the providers’ mode
Ming Xiao is with the Division of Information Science and Engineering,
KTH Royal Institute of Technology, 10044 Stockholm, Sweden (e-mail: of controlling digital identities. Moreover, distributed iden-
mingx@kth.se). tity is in fact a distributed public-key infrastructure (DPKI)
Celimuge Wu is with the Graduate School of Informatics and Engineering, with multiple issuers that allows users to have soverignty over
The University of Electro-Communications, Chofu 182-8585, Japan (e-mail:
clmg@is.uec.ac.jp). their identities and credentials through decentralized identifiers
Digital Object Identifier 10.1109/JIOT.2022.3145089 (DIDs) [13] and verifiable credentials (VCs) [16].
2327-4662
c 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
YIN et al.: SmartDID: NOVEL PRIVACY-PRESERVING IDENTITY BASED ON BLOCKCHAIN FOR IoT 6719
Several state-of-the-art methods for distributed iden- In response to the above challenges, we propose a novel
tity [17]–[19] have been developed. Most existing blockchain-based distributed identity, with the aim of estab-
schemes [20], [21] do not consider the resource limita- lishing a self-sovereign identity and providing strong privacy
tions of user devices, and IoT devices usually suffer from preservation based on zero-knowledge proofs. Moreover, we
resource limitations [22]–[24]. Moreover, existing schemes combine the basic credential proofs to prove the knowledge of
are unsuitable for the IoT context because of the following solutions to more complex problems and create a systematic
challenges. proof system. SmartDID comprises the identity system, the
1) Security and Privacy Issues: Most available dual-credential model, and the distributed proof system. Our
schemes [25]–[27] pay little attention to security contributions are as follows.
and privacy issues. Some methods only consider 1) We propose a distributed identity for IoT that balances
anonymous credential systems and do not consider the identity privacy and supervisability and enables Sybil
demand for both plaintext and cryptographic creden- resistance and unlinkability. Inspired by the account
tials. Since the system does contain some plaintext model and the UTXO model, the distributed identity
credentials, an adversary may collect some attributes is composed of a unique master identifier (masterID)
(not always sensitive) from different credentials that and several pseudonymous identifiers (userIDs). We
correspond to a specific identifier and thereby infer the conduct supervision based on commitments and zero-
user’s real-world identity, referred to as linkage attacks. knowledge proofs to verify masterID without opening it.
Three kinds of information need to be protected: a) The uniqueness of the master identity also resists Sybil
sensitive credential attributes; b) on-chain identity attacks. To prevent linkage attacks against identities, we
data; and c) attribute linkage between credentials. construct the userIDs based on the UTXO model.
The combination of commitments and zero-knowledge 2) We propose a privacy-preserving dual-credential model
proofs is a promising solution to the former two. The that protects sensitive attributes, on-chain identity data,
public blockchain of the UTXO model does not have and credential linkage. The model is composed of both
this linkage problem because it can generate a new plaintext credentials and cryptographic credentials. We
identity for each transaction [28]. While the creation design the cryptographic credentials based on commit-
of multiple identities by a single user may solve the ments [34] and zero-knowledge proofs [35] to hide
linking problem, it also introduces the possibility of sensitive attributes and on-chain identity data. To discon-
Sybil attacks [29] in a consortium chain. Moreover, the nect the linkage between different credentials, we apply
uniqueness of identities is crucial in many scenarios, userIDs designed in the distributed identity system.
such as voting systems [30]. It is therefore challenging 3) We combine the basic credential proofs to prove the
to balance Sybil attacks and linkage attacks. In addition, knowledge of solutions to more complex problems and
most of these schemes do not consider the supervision create a systematic distributed proof system, which orga-
of IoT users and devices. Users are required to provide nizes the fragmented credentials according to a certain
their true identities for accountability purposes in logic to facilitate their adaptation to multiconditional
many schemes, such as know-your-customer (KYC), verification.
which appears to conflict with privacy. It is accord- The remainder of this article is organized as follows. Related
ingly challenging to provide both user privacy and work is reviewed in Section II. The system overview is
supervision. described in Section III. Section IV gives the specific design of
2) The Lack of a Systematic Proof System: Most exist- SmartDID. Security analysis is in Section V, and implementa-
ing distributed identity systems [31]–[33] only allow tion and experimental analysis are in Section VI. Finally, the
fragmented credential verification rather than a system- conclusion is given in Section VII.
atic consideration of the logic between credentials. A
certain logical relationship exists between credentials, II. R ELATED W ORK
such as {ID card ∪ driving license ∩ business creden-
SmartDID is related to work on distributed identities,
tials}, and we need a container to express this logic:
anonymous credentials, and distributed proof systems.
that is, a systematic proof system. The lack of system-
atic descriptions of multiple credentials makes it difficult
for the system to return an appropriate result, even if all A. Distributed Identity
individual credentials have been completed. With the rapid development of blockchain, scholars have
Considering the resource limitations of IoT user devices, we started to explore the application of blockchain technol-
provide an organic integration of the IoT and blockchain archi- ogy in personal data management and privacy protection.
tecture and configure IoT devices as blockchain light nodes1 Zyskind et al. [32] employed blockchain to protect the pri-
to reduce their computation, storage, and communication vacy of individuals with respect to personal data, allowing
overhead. users to take full control of their own data. Jacobovitz [20]
proposed Bitnation, an ethereum-based identity registry that
provides passports, driving licenses, and other public facility
1 Light nodes only need to store the block header rather than the full list services in Estonian. Uport [17] is also a self-governed iden-
of transactions. Full nodes are required to synchronize all blockchain data. tity system based on public Ethereum [36]. However, these are
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
6720 IEEE INTERNET OF THINGS JOURNAL, VOL. 10, NO. 8, 15 APRIL 2023
all public blockchain-based projects with low throughput and in Taccess transactions. Taccess enables a dynamic, fine-grained
difficulty in achieving the supervision of malicious users. access control based on protocol transactions. Wang et al. [33]
As for the permission blockchain, Hyperledger Indy [21] designed a blockchain-based distributed storage system with
is a distributed self-sovereign identity framework based on fine-grained access control based on attributes. However, these
Hyperledger Fabric [37] that allows decentralized identity gen- works are designed for single-cloud scenarios and are inap-
eration on the blockchain and identity interoperability across propriate for the cross-system and cross-application in a
applications and ledgers. ShoCard [26] and WeIdentity [27] distributed environment. Furthermore, the heavy overhead pre-
are multicentric distributed identity systems that enable data cluded their applicability to IoT scenarios. In this article,
exchange between users. Nevertheless, these works are unsuit- SmartDID combines the basic credential proofs and cre-
able for IoT, and they pay little attention to the resource ates a systematic distributed proof system for more complex
limitations and security and privacy issues of IoT devices. problems.
According to Swan’s survey [38], the factors limiting
blockchain applications were security, availability, and latency.
A comprehensive study [39] from both technical and applica- III. S YSTEM OVERVIEW
tion perspectives indicates the possibility of associating users’ In this section, we first give the intuition of the idea and
IPs and attributes with their pseudonym identifiers, leading then describe the system model and security model, followed
to security and privacy issues for on-chain transactions. In by the introduction of cryptographic credentials.
this article, SmartDID is trying to disconnect the linkage
between different credentials and build a security and privacy-
preserving distributed identity system that fulfills the basic A. Intuition of the Idea
requirements of self-sovereign identity. When adapting distributed identities to the IoT, we need to
consider constrained IoT devices and reduce their computation
B. Anonymous Credentials overhead. So, we integrate the IoT and blockchain and con-
figure IoT devices as blockchain light nodes. In SmartDID,
In the traditional public-key infrastructure (DPKI),
there are three kinds of information should be protected:
Garman et al. [40] proposed a decentralized anonymous
1) sensitive credential attributes; 2) on-chain identity data;
credential scheme that eliminates the need for a centralized
and 3) attribute linkage between credentials. We consider a
trusted issuer and allows identity assertion while maintaining
dual-credential model with both plaintext and cryptographic
privacy. Sonnino et al. [41] proposed a selective disclosure
credentials to hide the privacy information. Cryptographic cre-
credential scheme based on the multihybrid signature method
dentials are encrypted by a commitment scheme and verified
that enables multithreshold publishing and multidisplay of
by zero-knowledge without disclosing the attribute values. The
credentials. However, they are only individual credential
commitment uplinking strategy also preserves the privacy of
issuance systems and are still far from a self-sovereign
on-chain identity data.
distributed identity system.
However, the above methods cannot hide the attribute link-
With limited exceptions, Isaakidis et al. [18] proposed
age between different plaintext credentials. While creating
UnlimitID, a pseudonym system that makes IdPs untrace-
multiple identities by a single user may solve this problem,
able to users and protects the privacy of credentials based
it also introduces the possibility of Sybil attacks in a consor-
on algebraic MACs. However, it requires users to reveal their
tium chain. To solve this contradiction, we design a distributed
personal values to prove the correctness of the credentials.
identity system with a unique masterID and several pseudony-
Maram et al. [42] constructed an identity and credential system
mous userIDs. We regard masterID as a sensitive attribute,
based on zero-knowledge proofs and secure multiparty com-
secret to the public, and open to the supervisor. SmartDID
putation (MPC), bringing in high computational overhead.
uses a unique masterID to prevent Sybil attacks and employs
Moreover, these schemes consider only cryptographic creden-
multiple userIDs to address the privacy issues of attribute link-
tials, while in reality, there is often a coexistence of plaintext
age. We record the masterID and some KYC information to
and cryptographic credentials, which may bring additional
supervise the user by zero-knowledge. Moreover, we combine
security and privacy concerns. In this article, we are con-
the basic credential proofs to prove the knowledge and create a
cerned about the privacy of both plaintext and cryptographic
systematic distributed proof system to solve general statements
credentials and balance the performance of SmartDID.
and more complex problems.
In summary, SmartDID has designed an identity system,
C. Proof Systems a dual-credential model, and a distributed proof system. The
Camenisch and Stadler [31] designed a proof system for unique masterID is for supervising and preventing Sybil
complex and general statements that proves the knowledge attacks, Sybil attacks, and multiple userIDs are adopted to
of elements of any knowledge specification set. It is, how- address the privacy issues of attribute linkage. The commit-
ever, a centralized proof system. Zyskind et al. [32] proposed ment and zero-knowledge proofs are employed to protect
a blockchain-based privacy-preserving personal data manage- the privacy of sensitive credential attributes, on-chain identity
ment system involving an access module (Taccess ) and a data data, and attribute linkage between cryptographic credentials.
storage module (Tdata ). Data owners can modify authentica- A distributed proof system is designed to describe general and
tion methods by configuring different sets of access policies complex credentials statements effectively.
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
YIN et al.: SmartDID: NOVEL PRIVACY-PRESERVING IDENTITY BASED ON BLOCKCHAIN FOR IoT 6721
TABLE I
N OTATIONS
B. System Model
There are issuers, verifiers, users (also called holders), and
supervisors in our system model. Suppose there are N com-
mittee nodes, denoted as (C1 , . . . , CN ). SmartDID takes a
(t, N)-Shamir threshold scheme [43], which means that the
user needs to select at least t nodes to verify the transaction, entities to extract additional shares of the system; 2) if the
which case is the credential service. We choose a consor- two are unlinkable, there are no more or less related between
tium blockchain, where the committee can act as a credential them than the prior knowledge of the attacker after observa-
issuer, and any IoT applications or devices can act as a ver- tion; and 3) supervisability is the ability of the supervisor to
ifier. We configure issuers, such as committees as full nodes quickly trace the relevant accounts and real-world identities
and deploy constrained IoT devices as light nodes. In addi- and search for relevant information when supervising.
tion, blockchain can collectively monitor the activities of IoT Furthermore, we achieve unforgeability, unlinkability, and
devices and quickly disconnect them from the network once privacy in the credential system.
hijacking is detected, which enhances the security and sustain- 1) Unforgeability: An adversary cannot forge legal creden-
ability of IoT. The issuer signs and issues the credentials, while tials by the existing credentials of honest users.
the verifier publishes the access policy and verifies the cre- 2) Unlinkability: An adversary cannot learn anything about
dential. The supervisor is the authority that verifies the user’s attributes or identifiers, nor can he partner to link a cre-
real-world identity and audits. The user is the credential owner dential to multiple submissions or transactions of a given
who wants to access the application. Each user holds a pair user.
of DIDs (masterID, userIDs), as shown in Fig. 1. The mas- 3) Privacy: An adversary cannot learn user attributes
terID is unique for supervision, while the userID is for daily by following the process for issuing and verifying
applications with many. Each user has a public–private key credentials.
(pk, sk), pk = hsk , where h is a generator of group G.
For ease of reference, the main notations of this article are
listed in Table I. D. Cryptographic Credentials
1) Commitment Schemes: Sensitive identity information
C. Security Model cannot simply be declared in plaintext, such as an ID card. To
We define the adversarial mode based on the Byzantine hide the privacy of one’s identity attributes, we publish com-
failure model, allowing for t faulty or attacking nodes in the mitments to hide personal values to the claim(s). In particular,
committee, t < N/3. We assume an asynchronous communica- SmartDID utilizes the Pedersen commitments scheme [34].
tion model that permits messages to be undeliverable, delayed, Let G be a cyclic group of order q with two random gen-
or erroneous. erators of g and h. Then, the Pedersen commitment for a
Security Properties: We achieve Sybil resistance, unlinkabil- secret integer value v ∈ {0, 1, . . . , q − 1} can be calculated
ity, and supervisibility in the identity system. 1) a Sybil attack as com := Comm(v, r) = gv hr with the randomness r. The
is defined as the forgery of multiple peer identities by a few Pedersen commitment has perfect hiding with the random
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
6722 IEEE INTERNET OF THINGS JOURNAL, VOL. 10, NO. 8, 15 APRIL 2023
TABLE II
E XAMPLE S TRUCTURE OF C REDENTIAL
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
YIN et al.: SmartDID: NOVEL PRIVACY-PRESERVING IDENTITY BASED ON BLOCKCHAIN FOR IoT 6723
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
6724 IEEE INTERNET OF THINGS JOURNAL, VOL. 10, NO. 8, 15 APRIL 2023
The difference is that userID is public to the network. Algorithm 1 Example of DL Proof
A more detailed process of PBFT can be seen in [44]. Input: secret x, generator g, to prove that y is the discrete
2) Identity Verification: Considering that masterID is logarithm of x with base g
unique, a user only needs to provide the masterID commit- Output: challenge ch, response rp
ment and its corresponding random number to the supervisor. 1: function CREATE _DL_ PROOF (x, g)
Theoretically, different random numbers should be used for 2: y ← gx
different credentials, but recording them all may cause a bur- 3: v ← random ∈ Zq
den to the system, making it hard for the supervisor to open 4: com ← gv // commitment to v
up the commitment. 5: ch ← H(g, y, com)
To solve this problem, inspired by [45], SmartDID requires 6: rp ← v − ch · x(mod q)
the user to provide a public verifiable token during the identity 7: end function
verification process, defined as tk = (pk)r , where masterID is 8: function VERIFY _DL_ PROOF (ch, rp)
encrypted as com := Comm(v, r) = gv hr . As long as the user 9: com
← gr ych
exposes the token, the supervisor can open its commitment 10: flag ← ch = ?
H(g, y, com
)
without storing the random number r. 11: return flag ;
Suppose a supervisor wants to prove that com = gv hr is an 12: end function
open commitment to v (here v is the value of masterID), then
he can calculate s = com/gv = hr and tk = pkr = hsk·r = ssk .
Note that pk = hsk , so the supervisor only needs to prove that
logs tk = logh pk, from which we can see that both logarithms 2) Commitment Claim: In a commitment claim, claimi =
are calculated as sk, and the whole equation is independent of {att, com, U } and com = Comm(val, r) is the commit-
r. Therefore, the supervisor does not need r to generate this ment to val with randomness r.
proof. Finally, the user U generates the proof of the claim with his
private key, expressed as σU = Sign(skU , claim).
Similarly, SmartDID
supports batch verification, denoted as
comk = g vk h rk . Due to the DL problem, the public 3) Creating Credentials: For the credibility and reliability
tokens are only useful for supervisors to verify their commit- of credentials, the blockchain performs consensus before the
ments, malicious users cannot learn any identity information credential proofs are uploaded on the chain. Generally, some
about other users. issuers are institutions and have some knowledge about the
users. For example, the issuer is a school and the user is a
student, or the issuer is a hospital and the user is a patient.
C. Dual-Credential Model For the (t, N) Shamir threshold scheme , three are at least
Our system has plaintext credentials and cryptographic t nodes to prove the claim. Each committee node Cj con-
credentials, corresponding to the plaintext claim and com- sensus and verifies the claim and generates a signature as
mitment claim. Benefitting from the consensus mechanism of σj = Sign(skj , claim), so that it can be convinced that the
blockchain, SmartDID has the following properties. claim is authentic. Finally, the user combines all signatures to
1) The user cannot create attributes that do not exist. obtain σ = {σ1 || · · · ||σN }.
2) The user must own the declared attributes to pass the The issuer then generates a credential as cred =
verification. {pkU , claim, σ }, where σ is the signature proof of the claim.
1) Hidding Attributes: SmartDID supports both plaintext Assuming that (pkI , skI ) and (pkU , skU ) are the key pair of
attributes and commitment attributes. In cryptographic cre- issuer and user, respectively. Finally, the issuer calculates a
dentials, SmartDID uses Pedersen commitments to encrypt proof of σI = Sign{skI , (pkU , σ , dg)}, where dg is a hash or
the attributes in the claims. Assuming that a commitment commitment value of cred.
com := Comm(v, r) = gv hr is opening to an attribute value We can support various cryptographic credentials, such as
v, or a commitment vector com := Comm(v, r) = gv hr is AND credential and OR credential based on [31] and Range
opening to an attribute vector v. Thus, the commitments of credential based on [35], etc. The details are as follows.
attributes are entirely indistinguishable, meaning an adversary DL Proof: If a prover needs to prove that he possesses a
cannot distinguish whether the value is positive, negative, or certain private value, then DL proof can be used, as shown
0. The user can display the value v and random r to a verifier in Algorithm 1. It is necessary to note that the commitment
who knows com if necessary, and the verifier can confirm their function can be changed to any other commitment scheme. We
consistency. can prove the correctness that com
= grp ych = gv−ch∗x gx·ch =
2) Building Claims: Let vector val = {val1 , . . . , valn } be com, so ch
= H(g, y, com
) = ch.
the corresponding values of user attributes vector att = AND Proof: We can further build AND Proofs based
{att1 , . . . , attn } with user U. Suppose a credential contains on the DL proof. If a prover needs to prove that he has
m claims, that is, claim = {claim1 , . . . , claimm }. There are multiple attributes at once, AND Proof can be applied, as
plaintext claims and commitment claims in the system. The shown in Algorithm 2. We can prove the correctness that
com
1 = g1 1 ych = gv11 −ch·x1 g1x1 ·ch = gv11 = com1 and
rp
specifics are as follows. 1
com2 = g2 y2 = gv22 −ch·x2 g2x2 ·ch = gv22 = com2 , so
rp2 ch
1) Plaintext Claim: In a plaintext claim, the values to
attributes are in plaintext, that is claimi = {att,val, U }. ch
= H(g1 , y1 , g2 , y2 , com
1 , com
2 ) = ch.
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
YIN et al.: SmartDID: NOVEL PRIVACY-PRESERVING IDENTITY BASED ON BLOCKCHAIN FOR IoT 6725
rp rp2 ch
9: 1 , com2 ← g2 y2
10: flag ← ch = ?
H(g1 , y1 , g2 , y2 , com
1 , com
2 )
11: return flag ; Fig. 4. Construction of the access tree.
12: end function
rp rp2 ch2
1 , com2 = g2 y2
1
11:
12: flag ← ch = ?
H(g1 , y1 , g2 , y2 , com
1 , com
2 ) && ch1 + D. Distributed Systemic Proof System
ch2 =?
H(g1 , y1 , g2 , y2 , com
1 , com
2 ) The current PKI is an infrastructure built with public-key
13: return flag ; technology [46]. We combine the basic credential proofs and
14: end function construct a logical access structure, a tree-based distributed
systemic proof system that embeds credentials in leaf nodes.
It is an extension of PKI and implements attribute-based fine-
grained access control.
Credential of OR Proof: If the prover needs to prove that In the tree structure, each nonleaf node is described by
he satisfies the attribute sets of OR operation, OR Proof can its child nodes, whose values can be the AND-gate, OR-
be used to construct the proof, which will be signed and gate structure, i.e., op = {∪, ∩}. We can further add attribute
uploaded to the chain, as shown in Algorithm 3. We can weights and threshold algorithms. The verification value of
prove the correctness that com
1 = g1 1 ych
rp v1 a
1 = g1 y1 = com1 ,
1
a nonleaf node is a Boolean value after the operation on its
com
2 = g2 2 ych = gv22 −ch2 ·x2 gx22 ·ch2 = gv22 = com2 , so
rp 2
2 child nodes. The AND gate implies that the user needs to sat-
ch = H(g1 , y1 , g2 , y2 , com
1 , com
2 ) = ch, and ch1 + ch2 =
isfy both the left and right child node conditions, while the
a + (ch − a) = ch. OR gate needs to satisfy only one of the left and right child
4) Uplinking Strategy: SmartDID designs credential nodes.
uplinking strategies that support different security require- 1) Construction of Access Tree: Let the set of credential
ments for hash and commitment uplinking to echo the relationships be E = ((cred0 ∩cred1 )∪(cred2 ∩cred3 ) )∩cred4 .
plaintext claim and commitment claim. Let {cred0 , cred1 , cred2 , cred3 , cred4 } with weight values of
Hash Strategy for Plaintext Credentials: Suppose there is a W = {0.4, 0.3, 0.3, 0.3, 0.9}, respectively. Then, the tree is
weak privacy requirement for the user attributes on the chain, constructed as Fig. 4. It is worth noting that we sort the
the system defaults to using a hash strategy for uplinking. weight values of the credentials and sort the credentials with
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
6726 IEEE INTERNET OF THINGS JOURNAL, VOL. 10, NO. 8, 15 APRIL 2023
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
YIN et al.: SmartDID: NOVEL PRIVACY-PRESERVING IDENTITY BASED ON BLOCKCHAIN FOR IoT 6727
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
6728 IEEE INTERNET OF THINGS JOURNAL, VOL. 10, NO. 8, 15 APRIL 2023
TABLE III
C OMPARISON OF E FFICIENCY AND G ENERALITY OF Z ERO -K NOWLEDGE P ROOFS A RITHMETIC C IRCUITS
an adversary can learn the output commitment through the Bulletproofs provide more efficient Range proofs that can
verifier. In this process, the adversary can only learn claims’ be integrated with transactions (each credential application and
commitment value, and the proof includes the signature by verification can be regarded as a transaction), but the number
the Issuer and the digest of the claim. However, it can only grows only logarithmically, and the bulk multiplier is much
verify the correctness of the signature and the correctness of faster than the old version of the proof through full integration.
the commitment. Since the commitment is hidden based on the Bulletproofs have a smaller byte count. Bulletproofs proto-
DL problem and the verification process is zero-knowledge, col can double the range size, while the proof size increases
nothing more is revealed. by 64 bytes because the volume grows only logarithmically.
Bulletproofs are faster and the protocol is more general, which
VI. I MPLEMENTATION AND P ERFORMANCE supports a very efficient form of bulk verification that can be
used in zero-knowledge prove arbitrary determinations.
In this section, we will design experiments and evaluate the
SmartDID constructs a tree-based systemic distributed proof
performance of the proposed scheme.
system to achieve attribute-level access control given a par-
ticular data set. All types of credentials are nested in the leaf
A. Implementation nodes, and other nodes are credential operators such as {∪, ∩}.
We implement the prototype of our identity management
scheme based on Bulletproofs [35], general statements proof
systems [31], and Fisco Bcos blockchain [47], where con- B. Performance
strained IoT devices and users are deployed as light nodes. End users of SmartDID are applied on desktop with
The main components of SmartDID are the distributed identity Intel@Core(TM) i5-4590 CPU @ 3.30-GHz 3.30-GHz, RAM
system, the dual-credential model, and the nested distributed 8.00 GB with the Windows operating system. The system
proof system. deployment environment of SmartDID is a laptop equipped
We take Pedersen commitment and Bulletproofs of nor- with Intel@Core i5 2.30 GHz, RAM 8.00-GB 2133 MHz
mal zero-knowledge and Range proof, with extra AND proof (SSD) with the macOS Mojave operating system. The system
and OR proof, to construct cryptographic credentials. We take development language is Java 1.8. Also, we deploy Fisco
Barreto-Naehrig 256 (BN256) as the default elliptic curve in Bcos as the blockchain platform on this machine. We set
Bulletproofs and use SHA-256 as the default hash function, up a local network on these two machines to ensure their
the same as Bitcoin. communication. The network bandwidth is 28.5/11.21 Mbps
SmartDID supports Pedersen commitment, DL proofs, (download/upload), and the average communication delay is
Range proofs credential based on Bulletproofs, AND proof, about 10 ms.
and OR proof credential based on the proof system. SmartDID 1) Functionality Comparison: We first compare the func-
constructs their respective zero-knowledge proofs based on tionality of SmartDID with WeIdentity, Uport and CanDID
their respective circuits, the operations of which include scenario. As we can see from Table IV, all Uport, WeIdentity,
{+, −, >, <, hash} and so on. CanDID, and SmartDID support features of identity privacy
It can be seen from Table III that three types of knowledge and credential privacy, e.g., selective disclosure. As far as we
proof have their own advantages and disadvantages. Here, n can see, private credentials are not available online in open-
denotes the number of gates, l is the size of the circuit instance, source projects, so we did not compare performance with
indicates the scheme have this feature, while × not having them in the next section. SmartDID constructs a tree-based
this feature. DL stands for DL and KOE stands for knowl- distributed systemic proof system that supports mixed pol-
edge index. Both SNARKs, STARKs, and Bulletproofs are icy proofs and fine-grained attribute access control. SmartDID
privacy protocols for knowledge proofs. Similar to SNARKs supports the unlinkability between credentials, multiple dis-
and STARKs, Bulletproofs can natively support elliptic curves play verification, and the user’s real social identity.
and Pedersen commitments, which naturally support Range 2) Performance Comparison: We compare the
proofs and can compress (aggregate) multiple Range proofs. performance of SmartDID with WeIdentity [27] and
Bulletproofs has the full 128-bit security system under the CanDID [42]. We run SmartDID and WeIdentity in the same
zero-standard DL hypothesis, without the need to initial- environment. Since our computer performance is inferior
ize trusted settings. The comparison in the table shows that to that of CanDID, we select data from their performance
Bulletproofs has a short proof size, fast proof speed, and uni- analysis to compare with the experiments of our scheme,
versality, with the disadvantage of slightly longer verification as shown in Table V. The table shows that CanDID takes
time. 4.27 s to generate a master credential, including precredential
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
YIN et al.: SmartDID: NOVEL PRIVACY-PRESERVING IDENTITY BASED ON BLOCKCHAIN FOR IoT 6729
TABLE IV
F UNCTIONALITY C OMPARISON W ITH OTHER S CHEMES
TABLE V
P ERFORMANCE C OMPARISON Fig. 7(c) shows the block generation time and transaction
commit time of SmartDID in blockchain with the different
number of consensus nodes. The transaction in the SmartDID
system refers to the issuance and uplink of credentials. With
the increase of consensus nodes, the block generation time
shows a small oscillation with a slightly increasing trend. It
is the communication overhead between nodes and the PBFT
consensus algorithm. Regarding communication, each node is
interconnected with other nodes for transaction broadcast and
conversion time. SmartDID performs best in credential synchronization of blocks. Regarding the latter, PBFT avoids
generation and proof generation since we do not need a nodes competing for arithmetic power to confirm transactions
precredential conversion time. The proof time of Bulletproofs on the test network utilizing elections. Testing a blockchain
is worse than that of zk-Snarks, so the original proof time with more consensus nodes leads to a higher communication
for a credential is slightly worse than that of CanDID. load and increases the time cost of processing transactions.
Nevertheless, it is still within a reasonable range, and we The message complexity of PBFT is O(N 2 ), where N denotes
have further designed a tree-based proof system to improve the number of nodes. If there are more than 100 nodes in the
the proof efficiency. system, it may lead to bottlenecks in network transmission
3) Performance of SmartDID: The main steps of efficiency and latency, thus limiting reliability. To compensate,
SmartDID is system setup, credential creation, creden- the Fisco Bcos blockchain in SmartDID can support many
tial verification, and algorithm definition is = (Setup, different consensus mechanisms such as RAFT to satisfy the
CreateDID, CreateClaim, CreateCredential, VerCredential). system’s demands.
Since the Setup phase is one-off, we will focus on the As the node number increases, the block committing time to
performance analysis of CreateDID, CreateClaim, various backend storage is limited to a small oscillation within a spe-
types of credential creation, and their correlative verification cific range, regardless of the number of nodes. Since the block
in CPU time and storage. In the CreateDID algorithm, the size and channel size are stable and fixed, time-consuming
average creation time of SmartDID is about 0.4s, running 50 operations such as node consensus are no longer required for
times. committing blocks to the backend storage.
CreateClaim Algorithm: There are plaintext claims and Fig. 7(d) depicts the storage space in SmartDID for the iden-
commitment claims in the claim protocol. A plaintext claim tifier DID, DID document, Plaintext credential, Commitment
can be denoted as claim = {att,val, U} and a commitment credential, Range credential, AND credential, and OR creden-
claim can be denoted as claim = {att, com, U}. With 15 tial in the normal state with 15 attributes, respectively. The
attributes running 50 times, the average time to create a plain- identifier and DID documents format is standardized and a fixed
text claim and a commitment claim is about 2 and 4 ms, value. The storage space of each credential object is linear,
respectively, which is hardly growing with the number of with the bit size of the attribute information to be proven.
attributes. VerCredential Algorithm: The main steps of each creden-
CreateCredential Algorithm: The steps of credential cre- tial verification of leaf node are checking: 1) the validity of
ation are claim creation, credential creation, proof genera- identifiers; 2) the validity of signature signed by the issuer;
tion, and uploading proofs to the chain. We first give the and 3) reconstructing the digest of the credential (hash or
performance of credential construction in Fig. 7(a), including commit) and comparing with the proof on the blockchain.
Plaintext credential, Commitment credential, AND credential, We give the performance of all kinds of credential verifica-
and OR credential. We separate the Range credential because tion in Fig. 7(b) and (e) describes the credential construction
it has the highest creation time overhead. Fig. 7(b) describes and verification time of the Range proof. The time consump-
the construction and verification time of the Range credential. tion of credential verification tends to increase as the number
The construction time increases linearly with the attributes, of attributes increases, but overall it is within the available
where Plaintext credential is most efficient, AND, OR is rather range of the system. As we can predict, plaintext creden-
complicated, and Range credential is the most time consuming. tial verification is the fastest because it does not participate
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
6730 IEEE INTERNET OF THINGS JOURNAL, VOL. 10, NO. 8, 15 APRIL 2023
Fig. 7. Performance of SmartDID. (a) Time per type of credential. (b) Time for Range credential. (c) Block generation time of SmartDID. (d) Credentials
size of SmartDID. (e) Average verification time per-type of credential. (f) Time for credentials verification in tree-based proof system.
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
YIN et al.: SmartDID: NOVEL PRIVACY-PRESERVING IDENTITY BASED ON BLOCKCHAIN FOR IoT 6731
[4] O. L. López, H. Alves, R. D. Souza, S. Montejo-Sánchez, [27] “Weidentity: Digital Identity for Data Sharing on Open
E. M. G. Fernández, and M. Latva-Aho, “Massive wireless energy trans- Consortium Chain.” Mar. 29, 2022. [Online]. Available:
fer: Enabling sustainable IoT toward 6G era,” IEEE Internet Things J., https://fintech.webank.com/en/weidentity/
vol. 8, no. 11, pp. 8816–8835, Jun. 2021. [28] S. Nakamoto. “Bitcoin: A Peer-to-Peer Electronic Cash System.” 2009.
[5] B. B. Gupta and M. Quamara, “An overview of Internet of Things (IoT): [Online]. Available: http://www.bitcoin.org/bitcoin.pdf
Architectural aspects, challenges, and protocols,” Concurrency Comput. [29] A. Mohaisen and J. Kim, “The sybil attacks and defenses: A survey,”
Pract. Exp., vol. 32, no. 21, p. e4946, 2020. 2013, arXiv:1312.6349.
[6] X. Zhu and Y. Badr, “Identity management systems for the Internet of [30] J.-H. Hsiao, R. Tso, C.-M. Chen, and M.-E. Wu, “Decentralized E-voting
Things: A survey towards blockchain solutions,” Sensors, vol. 18, no. 12, systems based on the blockchain technology,” in Advances in Computer
p. 4215, 2018. Science and Ubiquitous Computing, J. J. Park, V. Loia, G. Yi, and
[7] C. H. Cap and N. Maibaum, “Digital identity and its implication Y. Sung, Eds. Singapore: Springer, 2017, pp. 305–309.
for electronic government,” in Towards the E-Society: E-Commerce, [31] J. Camenisch and M. Stadler, “Proof systems for general statements
E-Business, and E-Government, B. Schmid, K. Stanoevska-Slabeva, and about discrete logarithms,” Dept. Comput. Sci., ETH Zurich, Zürich,
V. Tschammer, Eds. Boston, MA, USA: Springer, 2001, pp. 803–816. Switzerland, Rep. TR 260, 1997.
[8] M. H. Kulkarni, A. Yadav, D. Shah, P. Bhandari, and S. Mahapatra, [32] G. Zyskind, O. Nathan, and A. S. Pentland, “Decentralizing privacy:
“Unique ID management,” Int. J. Comput. Technol. Appl., vol. 3, no. 2, Using blockchain to protect personal data,” in Proc. IEEE Security
pp. 520–524, 2012. Privacy Workshops, San Jose, CA, USA, 2015, pp. 180–184.
[9] S. Sarkar, “The unique identity (UID) project, biometrics and re- [33] S. Wang, Y. Zhang, and Y. Zhang, “A blockchain-based framework for
imagining governance in India,” Oxford Develop. Stud., vol. 42, no. 4, data sharing with fine-grained access control in decentralized storage
pp. 516–533, 2014. systems,” IEEE Access, vol. 6, pp. 38437–38450, 2018.
[10] M. S. Ali, M. Vecchio, M. Pincheira, K. Dolui, F. Antonelli, and [34] T. P. Torben, “Non-interactive and information-theoretic secure verifiable
M. H. Rehmani, “Applications of blockchains in the Internet of Things: secret sharing,” in Proc. Int. Cryptol. Conf., 1991, pp. 129–140.
A comprehensive survey,” IEEE Commun. Surveys Tuts., vol. 21, no. 2, [35] B. Bünz, J. Bootle, D. Boneh, A. Poelstra, P. Wuille, and G. Maxwell,
pp. 1676–1717, 2nd Quart., 2019. “Bulletproofs: Short proofs for confidential transactions and more,” in
[11] Y. Wu, H.-N. Dai, and H. Wang, “Convergence of blockchain and edge Proc. IEEE Symp. Security Privacy (SP), 2018, pp. 315–334.
computing for secure and scalable IIoT critical infrastructures in industry [36] G. Wood, “Ethereum: A secure decentralised generalised transaction
4.0,” IEEE Internet Things J., vol. 8, no. 4, pp. 2300–2317, Feb. 2021. ledger,” Ethereum Project, Zug, Switzerland, Yellow Paper, vol. 151,
[12] Y. Wu, H. N. Dai, H. Wang, and K.-K. R. Choo, “Blockchain-based pri- 2014, pp. 1–32.
vacy preservation for 5G-enabled drone communications,” IEEE Netw., [37] E. Androulaki et al., “Hyperledger fabric: A distributed operating system
vol. 35, no. 1, pp. 50–56, Jan./Feb. 2021. for permissioned blockchains,” in Proc. 13th EuroSys Conf., 2018,
[13] “Decentralized Identifiers (DIDs) v1.0: Core Architecture, Data pp. 1–15.
Model, and Representations.” Aug. 2021. [Online]. Available: [38] M. Swan, Blockchain: Blueprint for a New Economy. Sebastopol, CA,
https://www.w3.org/TR/did-core/ USA: O’Reilly Media, Inc., 2015.
[14] “Digital Identity Alliance.” ID2020. 2020. [Online]. Available: [39] Z. Zheng, S. Xie, H.-N. Dai, X. Chen, and H. Wang, “Blockchain chal-
https://id2020.org/ lenges and opportunities: A survey,” Int. J. Web Grid Serv., vol. 14,
[15] “Decentralized Identity Foundation. DIF Website.” 2020. [Online]. no. 4, pp. 352–375, 2018.
Available: https://identity.foundation/ [40] C. Garman, M. Green, and I. Miers, “Decentralized anonymous creden-
[16] “Verifiable Credentials Data Model Implementation Report 1.0.” tials,” in Proc. NDSS, 2014, pp. 622–636.
Oct. 2021. [Online]. Available: https://www.w3.org/TR/vc-data-model- [41] A. Sonnino, M. Al-Bassam, S. Bano, S. Meiklejohn, and G. Danezis,
implementation-report/ “Coconut: Threshold issuance selective disclosure credentials with appli-
[17] C. Lundkvist, R. Heck, J. Torstensson, Z. Mitton, and M. Sena, “Uport: cations to distributed ledgers,” 2018, arXiv:1802.07344.
A platform for self-sovereign identity,” Brooklyn, NY, USA, uPort, [42] D. Maram et al., “CanDID: Can-do decentralized identity with legacy
White Paper, 2018. [Online]. Available: https://whitepaper.uport.me/ compatibility, sybil-resistance, and accountability,” IACR Cryptol. ePrint
uPort_whitepaper_DRAFT20170221.pdf Arch., Lyon, France, Rep. 934/2020, 2020.
[18] M. Isaakidis, H. Halpin, and G. Danezis, “UnlimitID: Privacy-preserving [43] A. Shamir, “How to share a secret,” Commun. ACM, vol. 22, no. 11,
federated identity management using algebraic MACs,” in Proc. ACM pp. 612–613, 1979.
Workshop Privacy Electron. Soc., 2016, pp. 139–142. [44] M. Castro and B. Liskov, “Practical Byzantine fault tolerance,” in Proc.
[19] S. Azouvi, M. Al-Bassam, and S. Meiklejohn, “Who am I? 3rd Symp. Oper. Syst. Des. Implement., vol. 99, 1999, pp. 173–186.
Secure identity registration on distributed ledgers,” in Data Privacy [45] N. Narula, W. Vasquez, and M. Virza, “zkledger: Privacy-preserving
Management, Cryptocurrencies and Blockchain Technology, J. Garcia- auditing for distributed ledgers,” in Proc. 15th USENIX Conf. Netw.
Alfaro, G. Navarro-Arribas, H. Hartenstein, and J. Herrera-Joancomartí, Syst. Des. Implement., 2018, pp. 65–80.
Eds. Cham, Switzerland: Springer Int., 2017, pp. 373–389. [46] J. Weise, Public Key Infrastructure Overview, Sun BluePrints, Palo Alto,
[20] O. Jacobovitz, “Blockchain for identity management,” Lynne William CA, USA, Aug. 2001, pp. 1–27.
Frankel Center Comput. Sci. Dept. Comput. Sci., Ben-Gurion Univ., [47] Z. Li, C. Li, H. Li, X. Bai, and X. Shi, “FISCO BCOS technology
Beer Sheva, Israel, Rep. #16-02, 2016. application in practice,” Inf. Commun. Technol. Policy, vol. 46, no. 1,
[21] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and pp. 52–60, 2020.
W. T. Polk. “Hyperledger Indy: Distributed Ledger Purpose-
Built for Decentralized Identity.” 2020. [Online]. Available:
https://www.hyperledger.org/use/hyperledger-indy
[22] D. Zhai, H. Li, X. Tang, R. Zhang, Z. Ding, and F. R. Yu, “Height
optimization and resource allocation for NOMA enhanced UAV-aided
relay networks,” IEEE Trans. Commun., vol. 69, no. 2, pp. 962–975,
Feb. 2021.
[23] D. Zhai, Q. Shi, R. Zhang, X. Tang, and H. Cao, “Coverage
maximization for heterogeneous aerial networks,” IEEE Wireless
Commun. Lett., vol. 11, no. 1, pp. 91–95, Jan. 2022.
[24] L. Liu et al., “Blockchain-enabled secure data sharing scheme in Jie Yin (Student Member, IEEE) received the B.S.
mobile-edge computing: An asynchronous advantage actor–critic learn- and M.S. degrees from the School of communica-
ing approach,” IEEE Internet Things J., vol. 8, no. 4, pp. 2342–2353, tion engineering, Xidian University, Xi’an, China,
Feb. 2021. in 2016 and 2019, respectively, where she is cur-
[25] P. Windley and D. Reed, “Sovrin: A protocol and token for self- rently pursuing the Ph.D. degree in communication
sovereign identity and decentralized trust,” Sovrin Found., Provo, UT, and information system.
USA, Rep. 1.0, Jan. 2018. From 2019 to 2020, she worked with Huawei
[26] “ShoCard with ShoCoin tokens whitepaper: Identity management ver- Technologies Company Ltd., Shenzhen, China. Her
ified using the blockchain,” Cupertino, CA, USA, ShoCard, White current research interests include blockchain, dis-
Paper, 2017. [Online]. Available: https://static.coinpaprika.com/storage/ tributed identity, security and privacy, decentralized
cdn/whitepapers/448345.pdf trust management, and Internet of Things.
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.
6732 IEEE INTERNET OF THINGS JOURNAL, VOL. 10, NO. 8, 15 APRIL 2023
Yang Xiao (Member, IEEE) received the B.S. and Lei Liu (Member, IEEE) received the B.Eng. degree
Ph.D. degrees in communication engineering from in communication engineering from Zhengzhou
Xidian University, Xi’an, China, in 2013 and 2020, University, Zhengzhou, China, in 2010, and the
respectively. M.Sc. and Ph.D. degrees in communication engi-
From 2017 to 2019, he was supported by the neering from Xidian University, Xi’an, China, in
China Scholarship Council to be a visiting Ph.D. 2013 and 2019, respectively.
student with the University of New South Wales, From 2013 to 2015, he worked with Technology
Sydney, NSW, Australia. He is currently a Lecturer Company. From 2018 to 2019, he was supported by
with the State Key Laboratory of Integrated Services the China Scholarship Council to be a visiting Ph.D.
Networks, School of Cyber Engineering, Xidian student with the University of Oslo, Oslo, Norway.
University. His research interests include social He is currently a Lecturer with the Department
networks, joint recommendations, graph neural network, trust evaluation, and of Electrical Engineering and Computer Science, Xidian University. His
blockchain. research interests include vehicular ad-hoc networks, intelligent transportation,
mobile-edge computing, and Internet of Things.
Authorized licensed use limited to: UNIVERSITY PUTRA MALAYSIA. Downloaded on May 17,2023 at 07:43:54 UTC from IEEE Xplore. Restrictions apply.