The blockchain technology achieves security by sacrificing prohibitive storage and computation resources. However, in mobile systems, the mobile devices usually offer weak computation and storage resources. It prohibits the wide application of the blockchain technology. Edge computing appears with strong resources and inherent decentralization, which can provide a natural solution to overcoming the resource-insufficiency problem. However, applying edge computing directly can only relieve some storage and computation pressure. There are some other open problems, such as improving confirmation latency, throughput, and regulation. To this end, we propose an edge-computing-based lightweight blockchain framework (ECLB) for mobile systems. This paper introduces a novel set of ledger structures and designs a transaction consensus protocol to achieve superior performance. Moreover, considering the permissioned blockchain setting, we specifically utilize some cryptographic methods to design a pluggable transaction regulation module. Finally, our security analysis and performance evaluation show that ECLB can retain the security of Bitcoin-like blockchain and better performance of ledger storage cost in mobile devices, block mining computation cost, throughput, transaction confirmation latency, and transaction regulation cost.
Since Satoshi Nakamoto invented Bitcoin in 2008 [
On the one hand, each miner contributes immense computation effort to painstakingly solve a cryptographic problem, i.e., the proof of work (PoW) problem. Only the miner who first succeeds in solving the PoW problem can pack some transactions into a new valid block and append to the longest ledger. Generally, the mining machines, such as ANTMINER S9 Hydro, reach up to 18TH/s [
On the other hand, each miner has to maintain an entire copy of the transaction ledger, i.e., every transaction record from the beginning of time. Storing the entire blockchain ledger requires a remarkable amount of storage capacity. Take Bitcoin as an example; the total size of a local ledger reached more than 380 GB on February 18, 2021 [
Ledger growth information in several different blockchain systems, according to the statistics on February 18, 2021 [
Blockchain | Block interval | Block count | Ledger size (GB) |
---|---|---|---|
Bitcoin [ | 10 m·45 s | 671,200 | 382.04 |
Ethereum [ | 13.3 s | 11,884,711 | 608.20 |
Bitcoin cash [ | 10 m·40 s | 675,436 | 184.14 |
Litecoin [ | 2 m·28 s | 2,003,322 | 40.64 |
In conclusion, most mobile devices are unable to provide such computation and storage capacities to meet the requirements for working as miners. The aforementioned issues must be solved to popularize the blockchain applications in mobile systems.
Edge computing appears with inherent decentralization and strong resources, which can provide a natural solution to overcoming the aforementioned resource-insufficiency situation [
The direct integration of blockchain and edge computing can only relieve some storage and computing pressure at end mobile devices. But first, the end devices do not always work as completely light nodes. They usually are interested in some types of transaction information, maybe related to their jobs, life, or something else. They often want to store some transactions as well. Second, there are some other open problems, such as improving the transaction confirmation latency, throughput, etc. These performance metrics must be optimized when applying the blockchain technology to mobile systems. It is a paradox. The reason is that, on the one hand, the high transaction confirmation latency and low throughput are caused by the computation-intensive consensus protocol itself. On the other hand, the computation-intensive consensus protocol is a key to maintaining the security and stability of blockchain systems.
To sum up, the challenge is how to solve this paradox to achieve both light weight at end mobile devices and superior performance regarding transaction confirmation latency and throughput.
Some related works have been done so far. Cebe et al. [
Advantages and disadvantages of some existing works.
Research | Advantages | Disadvantages |
---|---|---|
[ | Make each end device to maintain a fragmented ledger, to reduce the storage pressure | Does not consider improving the transaction throughput and confirmation latency |
[ | Offload the computation-intensive mining tasks to nearby edge-computing nodes | |
[ | Disburden the data processing tasks and mining tasks from end devices to edge servers | |
[ | Employ a leader group to optimize the transaction throughput and confirmation latency | Does not consider reducing the ledger storage pressure at end devices |
[ | Decouple Bitcoin’s blockchain operation into leader election and transaction serialization to achieve scalability |
The main contributions are summarized as follows: We propose a novel lightweight blockchain framework based on edge computing (ECLB) for mobile systems. It takes edge nodes as miners, to relieve some storage and computation pressure at end mobile devices. As for the mobile devices, we introduce the fragmented ledger structure [ Under the ECLB framework, we reform the block structures into leader block and transaction block. The leader blocks are used to record leader nodes, who succeed in solving the PoW puzzles. The transaction blocks are used to record the transaction history via most edge nodes’ signature assurance. Such a structure optimizes the blockchain metrics, including throughput and transaction confirmation latency. Considering the popular permissioned blockchain settings, we specifically utilize symmetric encryption algorithm and ciphertext-policy attribute-based encryption (CP-ABE) scheme [ We analyze the security to demonstrate that our ECLB achieves fault tolerance, high security level with 16 edge nodes, Sybil attack resistance, double-spending attacks resistance, and chosen-plaintext attack (CPA) resistance. We also conduct performance evaluation, demonstrating that ECLB achieves lower cost of ledger storage and block mining computation, and better throughput, transaction confirmation latency, and regulation efficiency.
The rest of the paper is organized as follows: Section
We briefly review the blockchain technology and the CP-ABE scheme.
Blockchain was invented by Satoshi Nakamoto in 2008 to serve as the public transaction ledger of the Bitcoin cryptocurrency [
The chain structure of the blockchain.
A blockchain is typically managed by a peer-to-peer (P2P) network collectively following a predefined consensus protocol. Each miner contributes a large amount of computation energy for packing transactions into a new block, i.e., the consensus procedure or mining tasks. As we know, PoW is a frequently and widely used consensus protocol, such as in the Bitcoin systems. PoW requires a complicated computational process for packing transactions. It is a random process where a lot of trials and errors are required on average before a PoW solution is generated. In PoW, all the miners have to use different nonces and calculate the hash value of the constantly changing block header continuously, until the calculated hash value is not greater than a given value. When one node obtains the target, all other nodes must mutually confirm the correctness of the value. Finally, a new block is generated. The flow of new block generation procedures is shown in Figure
The flowchart of new block generation procedures.
The characteristics of the blockchain technology are listed as follows: Decentralization: the blockchain is built on a P2P network, which is naturally decentralized. All participating nodes have the same copy of the blockchain ledger. Immutability: once a block is written to a blockchain, the information cannot be altered. Authenticity: users can trust that transactions will be executed exactly as the protocol comments. Thus, the transaction data in blockchain ledger are all authentic. Pseudonymity: blockchain uses a pseudo-identity mechanism. Each user can generate as many pseudo-identities as he/she likes to increase identity privacy.
Obviously, it should reduce the pressure of both ledger storage and block mining computation to design a thoughtful lightweight blockchain system. Simultaneously, the scalability is also an important factor to measure a blockchain system. Scalability itself includes two important metrics: throughput and transaction confirmation latency.
The CP-ABE scheme was proposed to achieve fine-grained access control [
The CP-ABE scheme consists of four algorithms [ (iii) (iv)
The conception model of our ECLB framework is shown in Figure Cloud data center layer: it is in charge of storing encrypted transaction information specifically for the permissioned blockchain setting. We assume that the cloud data center is honest but curious. That means, it acts in an honest fashion and correctly follows the designated protocol specification. However, it is curious to infer and analyze the stored data to harvest additional information to gain illegal profits. Edge nodes layer: each node on this layer undertakes the mining work as a blockchain miner node, i.e., solving the PoW puzzles and storing an entire copy of the blockchain ledger. Each edge node End devices layer: it consists of some traditional PC or mobile computing end devices, such as laptop, smart phone, etc. They usually provide weak capacities of computing, storage, and networking. Hence each end device only stores a fragmented ledger [ Regulator layer: it consists of some regulators and a trusted authority (TA). This layer is designed specifically for the permissioned blockchain setting. On the one hand, the regulators request to gain the transaction data in cloud to carry out trading regulation. On the other hand, considering the transaction privacy preservation, only the regulators are allowed to get the transaction data. And, they are not allowed to get the data outside of their privileges. Thus, the regulators are assumed to be honest but curious. The TA is in charge of controlling the access privilege, i.e., authorizing the access privilege only to the regulators. The TA is assumed to be trustworthy.
Our ECLB model.
In this section, we will describe our ECLB protocol design in detail, including three parts: transaction ledger storage, transaction packing and confirmation, and transaction regulation. Some major notations used in our ECLB protocol are shown in Table
Some major notations used in our ECLB protocol.
Notations | Description |
---|---|
The | |
The public and private key pair of | |
The number of edge nodes | |
The candidate transaction block generated at time | |
A signing algorithm | |
A signature verification algorithm corresponding to | |
The unspent transaction output (UTXO) set | |
The verification result of the candidate block | |
An access policy tree | |
A public key in the regulator layer | |
A master key of the trusted authority in the regulator layer | |
A symmetric key | |
The ciphertext of | |
A symmetric encryption algorithm | |
A symmetric decryption algorithm | |
The | |
The ciphertext of the transaction record |
In real applications, the edge nodes are located close to the end mobile devices, and have much stronger storage and computation capabilities compared with the end mobile devices. Thus, we take the edge nodes as blockchain miners and the edge devices as light nodes.
Specifically, in our framework, there are two chains: a leader chain and a transaction (Tx) chain. There are two kinds of blockchain ledgers: full ledger and fragmented ledger. The full ledger records the identities of both the leaders and the transaction history, by packing the public keys of the leaders and the transaction records. The fragmented ledger records the block headers of the full ledger and some transaction records attracted to the corresponding end mobile devices. Obviously, the fragmented ledger [
Transaction ledger storage at edge nodes and end devices.
Roles | Node types | Ledger types | Ledger contents |
---|---|---|---|
Miner nodes | Edge nodes | Full ledger | The public keys of the leaders and the whole transaction records |
Light nodes | End mobile devices | Fragmented ledger | The block headers and some transactions of interest |
As their name imply, the
Section
Inspired by [
In our ECLB, there are two chains growing in parallel: a leader chain and a transaction (Tx) chain, as shown in Figure
Two-chain structure of ECLB.
In our ECLB, first each edge node tries to solve a PoW problem to mine a leader block for competing for being a leader. The leader block packs its own public keys and the corresponding reward coinbase. Once an edge node wins, denoted as
Now we present the aforementioned transaction packing and confirmation process, as follows: To compete for being a leader, each edge node works on mining a leader block by solving a PoW problem. Once an edge node succeeds in solving the PoW and gets a valid leader block, it immediately broadcasts the leader block to all the other edge nodes. Assume that The leader, i.e., the winning edge node Once receiving a candidate Tx block All the edge nodes collect the signed block from each other edge node. If an edge node obtains the signed block Repeating steps (2)–(4) until another leader block is generated. That is, during the steps (2)–(4), in parallel, all the edge nodes work on solving a PoW problem and mining a new leader block to compete for being a leader.
Input: Output: Select a set of valid transactions from Set Construct a Merkle hash tree Increase Compute a signature Set Set return
Input: Output: Initialize Obtain the leader’s signature Obtain the Verify the signature if Set return end if Get the transaction set from for Check validity of if Set return end if end for return
The transaction packing and confirmation processes are shown in Figure
The flowchart of the transaction packing and confirmation protocol.
In public/permissionless blockchain systems, any transaction information is available to any entity in the network, which provides much convenience to the regulator department. However, in the permissioned blockchain, only the blockchain member nodes are allowed to obtain the transaction information. Hence, an interface of reading the Tx ledger needs to be set for outside regulator department. To this end, we will design a transaction regulation protocol specifically for the permissioned blockchain setting.
Considering the requirements of both privacy preservation and secure regulation, we will employ the CP-ABE scheme to realize secure sharing of the transaction records with legal regulators. However, the CP-ABE scheme is notoriously inefficient in encryption and decryption. To solve this problem, we will utilize the key encapsulation mechanism to improve the efficiency [ The central controller of the permissioned blockchain generates a symmetric key A regulator requests a secret attribute key where The regulator downloads the key ciphertext If his or her attribute set Once a new Tx block where The regulator downloads the transaction ciphertext
Note that the aforementioned steps (1) and (3) are, respectively, one-time computation during the symmetric key’s life cycle. It can be set very long until
In conclusion, we design an efficient transaction regulation module specifically for the permissioned blockchain setting, by combining the CP-ABE scheme with the key encapsulation mechanism. This transaction regulation module preserves the transaction privacy preservation and simultaneously supports efficient regulation required by the practical government department.
In this section, we will provide some security analysis, including fault tolerance, the least number of edge nodes to reach a high security level, Sybil attack, double-spending attack, and chosen-plaintext attack (CPA).
The security of fault tolerance is analyzed by proving the following theorem.
The edge nodes guarantee fault tolerance, if the number of Byzantine edge nodes
Assume all the edge nodes are divided into three disjoint sets, i.e.,
If the Byzantine edge nodes in
By simplifying equations (
Therefore, all the edge nodes are able to guarantee fault tolerance if the number of Byzantine members
We assume that each edge node is either honest or Byzantine, and the mining is a fair game. Let
Considering that in the Bitcoin, the recommended 6-block-confirmation is calculated under
Security under different byzantine probabilities.
Sybil attacks [
By using PoW to compete for being a leader, the leader chain has a natural ability to resist Sybil attacks. Recall that once an edge node becomes a leader, it is the only one to be allowed to broadcast blocks. In order to become a leader, it must solve a PoW problem, which is extremely computationally intensive. PoW raises the cost of creating a new leader identity. Thus, it mitigates Sybil attacks, wherein security property is guaranteed by the leader chain.
In the leader chain, any edge node checks the collective signatures of a Tx block, in which a supermajority (i.e.
We first give Definition
Our ECLB protocol is CPA secure if the transaction regulation protocol is CPA secure.
Our ECLB protocol is CPA secure.
We reduce the CPA security proof of our ECLB protocol to that of the transaction regulation protocol. As we know, there are some efficient and symmetric encryption algorithms that are secure against CPA, such as AES and DES. Hence, whether the transaction regulation protocol is secure against CPA depends on the indistinguishability of the symmetric key’s ciphertext against CPA. The indistinguishability of the symmetric key
We extend the Bitcoin Simulator [
We set the size per transaction at around 256 bytes, and the size per block at 1 MB. Thus, one block contains around 4000 transactions. In Bitcoin, each full node, i.e., miner, stores the entire transaction ledger, while each light node stores only the block headers. In ECLB, each edge node stores the entire leader ledger and transaction ledger, while each end mobile device stores the fragmented ledger, i.e., only all the block headers and some transaction of interest. Note that the leader ledger is very small compared with the transaction ledger, since only one leader block is mined after around every 1500 transaction blocks. Hence, we speculate that the ledger storage cost at an edge node in ECLB is almost as high as that at a full node in Bitcoin. The ledger storage cost at the end mobile device in ECLB will be slightly higher than that at the light node in Bitcoin but much lower than that at the full node and the edge node.
Figure
Ledger storage size with different number of transactions to pack.
In Bitcoin, each miner needs to solve a PoW problem for mining a new block. While in our ECLB, only the leader block is mined through solving a PoW problem. All the Tx blocks are created by only the corresponding signatures, which is much lighter than solving a PoW problem. Most importantly, the leader block mining and the Tx block creation procedures are executed in parallel. Thus, our ECLB holds lightweight and efficient block mining process. Figure
Block mining time with different number of transactions.
We set block frequency to 1 per 10 minutes for Bitcoin and the leader block frequency as the same. Obviously, the throughput of our ECLB is shown by only the Tx chain. We test the throughputs with different block sizes. Figure
Tx throughput with different block sizes.
Since the transaction commitment is submitted through the Tx chain, we only consider the transaction block commitment among the edge nodes for the transaction consensus latency. To see the scalability of ECLB’s consensus process in terms of the number of edge nodes, we set the transaction block size to 1 MB, which is the maximum block size in current Bitcoin. In Bitcoin, the consensus latency is the time for at least 50% nodes to receive a block. Groupchain [
Transaction consensus latency with different number of edge nodes.
We evaluate the regulation efficiency from the aspects of online transaction encryption and decryption, i.e., Steps (4) and (5) in Section
Transaction regulation efficiency with different leaf numbers of an access policy tree.
In this section, we introduce some related works in the area of lightweight blockchain and access control.
Since the advent of blockchain technology, much effort has been devoted to designing lightweight blockchain systems for decentralized Internet of Things [
There are also many other works on lightweight blockchain [
The comparison of lightweight properties in some lightweight blockchain systems.
Works | Lightweight ledger storage | Lightweight block mining |
---|---|---|
[ | ✓ | ✗ |
[ | ✗ | ✓ |
[ | ✓ | ✗ |
[ | ✓ | ✗ |
[ | ✓ | ✗ |
[ | ✓ | ✗ |
[ | ✗ | ✓ |
[ | ✗ | ✓ |
[ | ✓ | ✗ |
Our ECLB | ✓ | ✓ |
In this section, we will discuss some related works where the access control mechanisms were designed to achieve both privacy preservation and flexible data sharing.
Identity-based encryption enables fine-grained data access control [
Ding et al. [
Considering the real-time requirement for transaction regulation, we combine the CP-ABE with the key encapsulation mechanism, to design an efficient transaction regulation protocol.
The fork problems are not discussed above. There are two parallel chains in our ECLB, i.e., the leader chain and the Tx chain. Hence, there are two kinds of forks. Now, we will talk about the corresponding solutions, respectively. The leader chain fork: it is the first important problem to solve, since it is the leader who guarantees the security of Tx blocks. Here, we will employ the corresponding solution in [ Then, the final winner leader block is The Tx chain fork: assume that
In this paper, we propose an edge-computing-based lightweight blockchain (ECLB) framework for mobile systems. In the ECLB framework, the edge nodes play a minor role. As a consequence, the storage and computation pressure at end mobile devices are greatly relieved. The fragmented ledger is employed as the storage format at end mobile devices. In this way, the end mobile devices not only can obtain information of interest but also do not need to store an entire copy of the ledger. Moreover, we design a two-chain structure of a leader chain and a transaction chain. These two chains grow in parallel. It greatly improves the throughput and confirmation latency. In addition, considering the regulation requirements under the permissioned blockchain setting, we specifically design a pluggable, secure, and efficient transaction regulation protocol. Finally, we give some formal security analysis and performance evaluation. It is demonstrated that our ECLB framework is secure and feasible.
All the experimental data used to support the findings of this study are included within the article.
The authors declare that there are no conflicts of interest.
This work was supported by the National Key R&D Program of China (grant no. 2020YFB1005500), the National Natural Science Foundation of China (grant numbers 62002139, U1736216, and 61902157), the Natural Science Foundation of Jiangsu Province (grant numbers BK20200886 and BK20200888), and the Project funded by China Postdoctoral Science Foundation (grant numbers 2019M651738 and 2019M661753).