IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO.

6, MARCH 15, 2022 4371

A Lightweight and Attack-Proof Bidirectional

Blockchain Paradigm for Internet of Things
Chenhao Xu , Youyang Qu , Member, IEEE, Tom H. Luan , Senior Member, IEEE, Peter W. Eklund ,
Yong Xiang , Senior Member, IEEE, and Longxiang Gao , Senior Member, IEEE

Abstract—Diverse technologies, such as machine learning and I. I NTRODUCTION

big data, have been driving the prosperity of the Internet of
NTERNET of Things (IoT) is experiencing a fast booming
Things (IoT) and the ubiquitous proliferation of IoT devices.
Consequently, it is natural that IoT becomes the driving force
to meet the increasing demand for frictionless transactions.
I in recent years, along with which IoT devices are already
ubiquitous, such as mobile devices, car terminals, wearable
To secure transactions in IoT, blockchain is widely deployed devices, etc. Not surprisingly, the proliferation of IoT devices
since it can remove the necessity of a trusted central author- meets the increasing demands of contactless payment via IoT
ity. However, the mainstream blockchain-based IoT payment
platforms, dominated by Proof-of-Work (PoW) and Proof-of- devices, which attracts growing attention from both academia
Stake (PoS) consensus algorithms, face several major security and industry [1], [2]. For example, Samsung has launched
and scalability challenges that result in system failures and its IoT payment platform on smart and wearable devices,
financial loss. Among the three leading attacks in this sce- TVs, fridges, and even more. At the same time, automo-
nario, double-spend attacks and long-range attacks threaten the
tokens of blockchain users, while eclipse attacks target Denial
bile giants such as SAIC Motor have embedded their cars
of Service. To defeat these attacks, a novel bidirectional-linked with a comprehensive mobile payment system. On account of
blockchain (BLB) using chameleon hash functions is proposed, the popularization of IoT devices, machine-to-machine (M2M)
where bidirectional pointers are constructed between blocks. payment as a paradigm is playing an ever-growing important
Furthermore, a new committee members auction (CMA) con- role in the IoT [3].
sensus algorithm is designed to improve the security and attack
resistance of BLB while guaranteeing high scalability. In CMA, In M2M payments, centralized transaction management cen-
distributed blockchain nodes elect committee members through tral has relatively poor performances due to the distributed
a verifiable random function. The smart contract uses Shamir’s nature of the IoT. Collecting all the transaction information
secret-sharing scheme to distribute the trapdoor keys to com- to a central server causes incredibly massive communication
mittee members. To better investigate BLB’s resistance against
overhead, which leads to delayed transactions and low effi-
double-spend attacks, an improved Nakamoto’s attack analysis
is presented. In addition, a modified entropy metric is devised cient operation. Moreover, the centralized operation mode is
to measure eclipse attack resistance across different consen- vulnerable to single-point failure, while various man-in-the-
sus algorithms. Extensive evaluation results show the superior middle attacks are unceasingly launched due to the financial
resistance against attacks and demonstrate high scalability of value of transaction information. Thus, a decentralized and
BLB compared with current leading paradigms based on PoS
and PoW. autonomous payment architecture better meets the needs of the
IoT. Blockchain, as an emerging distributed ledger technology
Index Terms—Bidirectional blockchain, double-spend attack,
(DLT), is decentralized and allows for secure, anonymous, and
eclipse attack, Internet of Things (IoT), long-range attack,
scalability. immutable transactions [4]–[7]. Therefore, it is seen as one of
the most promising solutions for M2M IoT payments.
However, several serious challenges remain to put
blockchain into practice. For example, there are several secu-
rity vulnerabilities and corresponding attacks launched on
existing blockchain-based solutions. Only from July 2019
to February 2020, at least 18 double-spend attacks on four
cryptocurrencies were observed by the Reorg Tracker [8]. A
Manuscript received May 6, 2021; revised July 1, 2021; accepted August
4, 2021. Date of publication August 9, 2021; date of current version double-spend attack, which manifests in blockchain networks
March 7, 2022. (Corresponding author: Longxiang Gao.) using Proof-of-Work (PoW) consensus, is an attack where
Chenhao Xu, Youyang Qu, Yong Xiang, and Longxiang Gao are
with the Deakin Blockchain Innovation Lab, School of Information
malicious users spend the same tokens at least twice [9].
Technology, Deakin University, Geelong, VIC 3220, Australia (e-mail: Consequently, PoW-based blockchain systems are forced
[email protected]; [email protected]; [email protected]; to sacrifice computing power and transaction efficiency to
[email protected]).
Tom H. Luan is with the School of Cyber Engineering, Xidian University,
improve security. An instance is Bitcoin, in which about 10
Xi’an 710126, China (e-mail: [email protected]). min is required to generate a block, and a merchant has to
Peter W. Eklund is with the School of Information Technology, wait for at least six confirmations of a transaction (mean-
Deakin University, Geelong, VIC 3220, Australia (e-mail:
[email protected]). ing that six subsequent blocks of transactions were added to
Digital Object Identifier 10.1109/JIOT.2021.3103275 the blockchain) before the transaction is safely assumed as
2327-4662 
c 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
4372 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 6, MARCH 15, 2022

valid [10]. Therefore, PoW-based blockchain systems fail to 1) A novel BLB and a specially designed CMA consen-
be applied in high-frequency trading scenarios despite vari- sus algorithm are devised using advanced cryptography
ous advantageous features. Similarly, a long-range attack is tools. The effective integration can significantly and
manifest in Proof-of-Stake (PoS)-based blockchain networks comprehensively improve the security of blockchain
targeting double-spending tokens [11]. Moreover, there are while ensuring scalability.
also eclipse attacks [12] that cause Denial of Service (DoS), 2) Theoretical analysis using improved Nakamoto’s
especially for IoT networks [13]. Beyond the aforementioned double-spend attack analysis and modified entropy
vulnerabilities of existing blockchain systems, the scalability metric is conducted. The selected methods quantify
of IoT devices has always been a critical bottleneck [3], [14], the security protection levels of CMA, PoW, and
because a broadcasting consensus algorithm is usually highly PoS consensus algorithms and testify the improved
time consuming. performance of CMA;
To address the above challenges, some existing research has 3) Extensive experiments to evaluate BLB have been con-
been conducted. To prevent double-spend attacks, a double- ducted. The results demonstrate that the security and
spending prevention mechanism for Bitcoin zero-confirmation scalability of the proposed paradigm are superior com-
transactions is proposed [15]. However, it is only applicable pared with existing leading ones, such as PoS and
to Bitcoin or UTXO models. To defend against long-range PoW-based blockchain systems.
attacks, checkpoints are adopted to define the correct chain The remainder of this article is organized as follows. In
periodically in [16]. However, it is vulnerable to DDoS attacks, Section II, related works are presented. Section III describes
especially when creating checkpoints. In terms of eclipse the structure of BLB and the CMA consensus algorithm. In
attacks, an eclipse-attack detection model for Ethereum is Section IV, the security of the proposed model is analyzed.
proposed [12]. Nevertheless, it is only responsible for detect- In Section V, the experiment results prove that the security
ing attack traffic based on the two selected features. To the of the proposed model is higher than PoW and PoS-based
best knowledge, a generalized and lightweight blockchain blockchain models, and the scalability of the proposed model
paradigm that is able to defeat all of the above attacks has is also significantly competitive. Finally, Section VI presents
not yet been fully considered. conclusions and the future work.
Motivated by the related researches, a novel bidirectional-
linked blockchain (BLB) and a tailor-made Committee II. R ELATED W ORKS
Members Auction (CMA) consensus algorithm for a secure
The related works on the defense of blockchain attacks are
and scalable IoT-based payment system are proposed. In the
illustrated in this section. In addition, the cryptography tools
proposed model, a chameleon hash function (CHF) [17] is
utilized by the proposed model are CHFs, VRFs, and secret
introduced for an extra reverse pointer in the blockchain,
sharing. The research relevant to these cryptography tools are
which enables BLB to resist double-spend attacks by adding
also presented in this section.
a pointer from the previous block to the next block. Secret
sharing [18] is used for the distribution of the trap-door key,
which eliminates eclipse attacks in BLB. Finally, a verifiable A. Cryptography Tools
random function (VRF) [19] is utilized for committee mem- The chameleon-hash function is a hash function that
bers election. After the election, elected nodes (i.e., committee involves a trapdoor, the knowledge of which allows one to
members) are responsible for cross-verifying transactions in find arbitrary collisions in the domain of the function [17].
that period (named “term”). Since the committee members The CHF is first applied in blockchain to create a redactable
elected in each term are random, it is difficult for attackers blockchain [20]. In this article, the authors mention that the
to predict or control the next term’s committee members and shares of the trapdoor key could be distributed among several
impossible for specific committee members to dominate the authorities, but no further explanations are elaborated.
consensus process. This helps the blockchain resist long-range The VRFs [19] are pseudorandom functions that provide
attacks. All in all, the joint integration of the novel reverse publicly verifiable proofs for the correctness of the out-
pointer and the CMA consensus algorithm can improve the put. VRFs are introduced by Algorand to select committee
security and scalability of blockchain. In order to demonstrate members [21]. Algorand is a blockchain framework adopt-
this claim, Nakamoto’s analysis of the success rate of double- ing committee-based PoS Byzantine consensus protocol and is
spend attacks [9] is improved by defining the probability of an able to efficiently scale to billions of users. However, the users
attacker finding the next block under the PoS and CMA con- in Algorand are weighted based on the balance of tokens in
sensus algorithms. In addition, entropy in information theory wallets, which means a user with more tokens are more vulner-
is adopted to measure the randomness of nodes participating able to DDoS attacks and cause the performance of blockchain
in transactions’ verification for different consensus algorithms downgraded.
(CMA, PoW, and PoS). Higher entropy means more uncertain The secret-sharing scheme is a method by which a dealer
nodes participating in transaction verification, that is, higher distributes shares to parties such that only authorized subsets
resistance to eclipse attacks. Furthermore, abundant experi- of parties can reconstruct the secret, which is first presented
ments are conducted, and the results testify to the improved by Shamir and Blakley separately in 1979 [18]. In Shamir’s
attack resistance and higher scalability of BLB. scheme, each participant gets a unique part of the secret. When
The main contributions of this article are as follows. the number of participants is larger than a given threshold, the

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
XU et al.: LIGHTWEIGHT AND ATTACK-PROOF BIDIRECTIONAL BLOCKCHAIN PARADIGM FOR INTERNET OF THINGS 4373

TABLE I
original secret can be reconstructed. Shamir’s scheme provides N OTATION TABLE
a secure trapdoor keys management solution for the proposed
model.

B. Attacks and Current Solutions

A double-spend attack is defined as a deliberately fraud-
ulent strategy with users spending the same tokens at least
twice in PoW-based blockchain networks [9]. A lightweight
countermeasure against double-spend attacks is proposed in
2016 [22], which detects double-spend attacks in fast trans-
actions by using a listening period and inserting observers.
Subsequently, a double-spending prevention mechanism is
proposed for Bitcoin zero-confirmation transactions [15] by
inserting observers of the transactions and setting up an appro-
priate penalty to prevent users from launching an attack. But
in general, as a P2P network, the message delivery between
nodes is often not so timely, and the order of messages is not
guaranteed, which makes their observers unreliable. Through
the analysis and experiments, it is proved that to maintain the
performance of the blockchain against the adaptive double-
spend attack, a larger number of confirmation blocks for
validating a transaction are required [23]. Therefore, a longer
transaction confirmation time is required to be waiting by mer-
chants before validating the transaction, and the performance
of the blockchain cannot be guaranteed.
A long-range attack is defined as the minority stakehold-
ers in the PoS-based blockchain produce a valid alternative
history over a long time span and become majority stake-
holders [16]. Checkpoints refer to a block that is considered
immutable and is utilized to limit the range of long-range
attacks [11]. However, the checkpoint mechanism relies on
a centralized server to define a correct chain periodically. An consensus algorithms, including adding logical steps to exist-
improved checkpoint solution is that the placement of the next ing consensus algorithms or introducing hardware assistance.
checkpoint is determined by the node creating the previous But these models lead to a decline in the scalability or gen-
checkpoint [16]. But no further experiments are conducted to erality of the blockchain. In this article, a novel BLB with
measure the security of the node selection algorithm when the the CMA consensus algorithm is proposed, which has higher
attacks came at the time of checkpoint creating. Besides, two performance on the security against attacks and scalability than
PoS protocols preventing attackers from long-range attacks are PoW or PoS-based blockchain models.
proposed [11] based on a specific hardware component, such
as Intel’s SGX or ARM’s Trustzone. III. S YSTEM M ODEL
An eclipse attack involves an attacker isolating a node
in a blockchain network, preventing it from communicating The system model is a combination of BLB and the CMA
with other nodes [24]. Countermeasures are first presented consensus algorithm. All of the notations used are listed in
that make eclipse attacks more difficult [25]. After that, an Table I.
eclipse-attack detection model for Ethereum is proposed [12].
However, the detection model is trained based on the A. Bidirectional-Linked Blockchain
information in the attack packets, and cannot guarantee the Similar to other blockchain models, only appending opera-
effect on other blockchain platforms or other types of attack tion is allowed in the proposed model, which is the foundation
data packets. In [26], two protocols are proposed to detect of the immutable feature of blockchain. However, BLB has
eclipse attacks on Bitcoin clients. The first is an eclipse attack two pointers: 1) a forward pointer, from the next block to the
detection protocol that examines suspicious block timestamps. previous block and 2) a reverse pointer, from the previous
The second is an improved gossip protocol to reduce aver- block to the next. As shown in Fig. 1, Blockn+1 is a newly
age attack detection time. However, the experiments to prove generated block, which is appended to the previous Blockn .
the effectiveness of the detection of eclipse attacks are not The contents of the block include HashPrev, Transactions,
conducted. HashNext, and Randomness. The hash of the previous block
In conclusion, to immunize a blockchain from attack, is stored in HashPrev, which is used for the forward pointer.
previous works mainly focus on improving PoW or PoS Transactions store all the transaction information packaged

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
4374 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 6, MARCH 15, 2022

B. Committee Members Auction

Based on the data structure of BLB, the CMA consensus
algorithm is designed. The process of CMA can be divided
into three steps: 1) the election of committee members; 2) the
proposal of a new block; and 3) the process of reaching con-
sensus and generating the new block. In addition, with the
consideration of the system’s randomness, the preparation and
renewal of seeds are explained in detail.
1) Election of Committee Members: The consensus process
is based on a periodic election that requires all distributed
participants to have synchronized clocks. Each election period
is called a “term”. A seed for each term provides randomness
to the consensus algorithm. Users can acquire their verifiable
Fig. 1. Newly generated block Blockn+1 is appended to the previous block hash vhash and π (π is a VRF proof [27]) by the seed of each
Blockn . The append steps include: 1) forward pointer construct; 2) reverse
pointer construct; and 3) forward pointer repair. After committee members term and their respective private keys. π can be used to verify
agreed, Randomness is generated by the trapdoor key. the authenticity of the corresponding vhash. If vhash falls into
a specific range γ , the owner is treated as a committee member
in this blockchain. The hash of the next block (except for this term. Later, this will be explained in detail.
Randomness) is stored in HashNext, which is used for the In Algorand [21], users are preferenced as validators based
reverse pointer. There is no nonce in the block, instead, on the number of tokens held in their account. However, this
Randomness is a feature that represents the result of the con- method can result in a system vulnerable to eclipse attacks
sensus reached by the distributed participants, since only after when tokens are unevenly distributed, i.e., the user holding
all of the members in the committee agree, the trapdoor key more tokens is more likely of being responsible for generat-
of the CHF is constructed. At that point, a new Randomness ing new blocks and is, therefore, more vulnerable to eclipse
will be calculated, and a pointer from the previous block to attacks. According to the Pareto Principle, not all things are
the next block will be generated. equal [28], the minority of users (about 20%) in CMA proto-
Since there are reverse pointers in the proposed model, the col owns the majority of the stakes (about 80%) and are more
process of appending new blocks to the chain can be divided vulnerable to eclipse attacks. Therefore, CMA treats all users
into three steps: 1) the construct of the forward pointer; 2) the (i.e., participants), irrespective of the number of tokens they
construct of the reverse pointer; 3) and the repair of the for- hold, equally. All users have the same opportunity to cam-
ward pointer. The specific processes of these three steps are paign for committee membership. When a new user wants to
as follows. join a blockchain network, the public key of the new user will
1) Forward Pointer Construct: The proposed model uses be proposed by a recommender (a user that is already in the
the chameleon-hash function to calculate the hash value blockchain network). The new user will become a participant
(denoted as chash) of Blockn , and store chash into member of the blockchain after being approved by committee
HashPrev on Blockn+1 . members.
2) Reverse Pointer Construct: The proposed model cal- Assume that the number of participant members in a
culates the regular hash value (denoted as rhash) of blockchain network is η. The number of committee members
Blockn+1 (except field Randomness), and store rhash is τ (τ ≤ η). A user is selected as the committee member
into HashNext on Blockn . with a probability (τ/η). Each user gets its vhash by comput-
3) Forward Pointer Repair: Subsequently, the value of ing VRF(sk, seed) → m, π , where sk is the private key of
HashPrev on Blockn+1 will be wrong. However, with the user.
the help of the trapdoor key (trapdoor keys are man- The committee members’ range for the vhash is designed as
aged by committee members and will be explained in follow: first, the interval [0, 1) is divided into two consecutive
Section III-B), a Randomness is calculated, making the intervals I0 = [0, 1 − p) and I1 = [1 − p, 1). Then, γ is
entire hash value of Blockn unchanged. After repair, the calculated as
forward pointers and reverse pointers point to the correct
block. hash
γ = (2)
When constructing the forward pointer on Blockn+1 , oper- 2hashlen
ate as follows to find the value for Randomness (which is
notated as rn ): Suppose the original content on Blockn is mn . (hashlen is the bit-length of hash). If γ falls into the interval
After changing the HashNext on Blockn , mn becomes mn . The I1 , then the user holding this hash is elected as a member of
trapdoor key of chash on Blockn is tkn . The original ran- the committee for this term.
dom number filled in Randomness on Blockn is rn . According Committee membership can be verified using its hash value
to [27], rn can be calculated by based on π , pk (the public key of the user), and seed.
Without having ever needing to know sk, the identity of
mn + tkn rn − mn
rn = . (1) the committee member can be protected, and simultaneously
tkn verified.

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
XU et al.: LIGHTWEIGHT AND ATTACK-PROOF BIDIRECTIONAL BLOCKCHAIN PARADIGM FOR INTERNET OF THINGS 4375

Algorithm 1 Trapdoor Key Splitting Algorithm

Input: trapdoor key tk, the number of committee members
τ , committee member number k
Output: divided secrets share
1: // convert tk charset to integers si
2: si = 0
3: define charset as all printable string
4: for char in tk do
5: find the index of char in charset
6: si = si ∗ len(charset) + index
7: end for
8: Generate new prime number p
9: // Generate random polynomial coefficients C[]
10: define coefficients C[] as an array
11: insert si into C[] Fig. 2. Period of consensus is divided into three: 1) election of committee
12: generate τ random integers and append to C[] members; 2) proposing a new block; and 3) reaching consensus. The block
generated by the user who owns the minimal verifiable hash will be accepted.
13: // generate τ random points based on C[]
14: define points[] as an array
15: for x = 1; x < τ + 1; x = x + 1 do
pointing to the previous block (Blockn ), which is based on the
16: y = C[0] Chameleon hash.
17: for i = 1; i < len(C); i = i + 1 do There are also priorities among committee members. To
18: exp = (xi ) mod p avoid conflict over generating blocks, whoever has the lowest
19: term = (C[i] × exp) mod p vhash has the highest block generating priority. When a user
20: y = (y + term) mod p receives a block from a higher priority user, it will auto-
21: end for matically accept the block. Otherwise, it broadcasts its block
22: append (x, y) to points[] through the gossip protocol.
23: end for
3) Reaching Consensus: When the committee reaches
24: define shares[] as an array
agreement, committee members submit their respective parts
25: for point in points do
of the shared trapdoor key with the hash of the new block
26: convert x, y in point into string s Blockn+1 to the smart contract. When enough secrets are col-
27: append string s to shares lected, the smart contract can reconstruct the trapdoor key and
28: end for
repair the Randomness on Blockn . At this point, the reverse
29: return shares[k]
pointer is set to point at Blockn with a new HashNext. Finally,
Blockn+1 is appended to the chain with both the forward and
the reverse pointer.
4) Preparing the Seed: Before the election of new com-
After the committee members are selected, the smart con- mittee members, a seed is set randomly for each term. This
tract will automatically fill in the Randomness on the last action is very important for the system security because with-
block. Since the forward pointers need to be protected from out randomness, committee members can be predicted and the
being tampered by attackers, the trapdoor keys are divided subject of eclipse attack. Since users proposed a vhashn on the
into η parts and distributed to committee members through latest block Blockn , a new seed for the next term is generated
the secure multiparty computation (MPC) protocol [20]. The by hashing the vhashn . This also means that a user will know
MPC protocol is implemented by the smart contract, which is the seed for the next term after receiving a new block.
deployed on each node. Under the control of the MPC proto- For the seed of the first term, the administrator who
col, only the smart contract on committee members engaged is responsible for initializing and deploying the blockchain
in each round runs the trapdoor key splitting algorithm in par- network can randomly specify one at the beginning of the ini-
allel. Each part of the trapdoor key stored on the individual tialization utilizing the distributed random number generation
node cannot function on its own, which ensures the security algorithm [30].
of the trapdoor key. After a new valid block is generated, the
smart contract will gather all of the parts and repair the for- C. Consensus Process
ward pointer automatically. The steps of dividing the trapdoor The process of consensus is shown in Fig. 2. There are two
keys are designed based on the secret-sharing algorithm [29], terms called “Term 1” and “Term 2”. For each term, three-
which is shown in Algorithm 1. time slices further divide them: 1) election of a committee
2) Propose a New Block: After committee members are member; 2) proposing a new block; and 3) reaching consensus.
elected, they propose new blocks based on the transactions Although the three-time slices in the figure are drawn to be
they received through the gossip protocol. As mentioned ear- equal in size, in reality, this may not be the case. The time to
lier, the newly proposed block (Blockn+1 ) contains a HashPrev calculate a verifiable hash is generally very short, and the time

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
4376 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 6, MARCH 15, 2022

to propose a new block and reach consensus is usually longer

depending on the size of the blockchain network, transmission
speed, and network latency.
Assume several users are participating in this blockchain
network, and User A, User B, and User C are elected as com-
mittee members during Terms 1 and 2. During Term 1, they
calculate their verifiable hashes based on their secret keys and
get vhash A, vhash B, and vhash C, respectively. Assume that
vhash C is the minimum among the three hashes. So after
proposing the new blocks, User A and User B verify the legit-
imacy of transactions in the new block comes from User C
and choose to accept it. Then, send back a “pick” message
to User C. The “pick” message includes the vhash of User
A and User B. After collecting hashes from a considerable
number (which will be explained later) of the committee mem- Fig. 3. During step (3) in Term 1, user C is out of service. Neither user A
bers, User C then broadcasts the new block to the blockchain nor user B can send him a “pick” message successfully. However, the offline
user C will not hinder the subsequent Term 2.
network. This new block will be accepted and stored by other
users. During Term 2, User B gets a minimal verifiable hash
(vhash E), so after proposing the new block, User A and User work as normal and finally reach a consensus at step (3) in
C verify the new block and send a “pick” message to User Term 2. The transactions that occurred in step (1) of Term 1
B. Finally, User B broadcasts his new block to the blockchain are not lost since all of them will be repackaged in step (1) of
network. There is an overlap between the calculation of ver- Term 2. A proper setting of the term period for CMA, which is
ifiable hashes and broadcast of the new block, but for users, defined as τ , is also important. If the value of τ is too large (or
these two actions are carried out simultaneously in step (1), too small), it will lead to a decrease in transaction efficiency.
so they are not drawn in detail in Fig. 2 For example, if τ is too large, the system’s response speed to
During step (3) in Fig. 2, there is a verifiable hash collec- “out of service” conditions will decrease. On the other hand,
tion task for every user. The requirement of the proportion if τ is too small, each user needs to calculate more verifiable
of hashes collected by the winner is defined as ζ . Assuming hashes and broadcast them in a higher frequency, which, in
 Term nn is τ , the
that the number of committee members in n turn, brings a higher burden to the blockchain network. Due
number of hashes collected by user u is vhashu , so that to space limitations, this part of the research is left as future
 work.
vhashnu
ζun = . (3) In the case of a poor network environment, a large-scale
τn
auction within a certain time limit may not be supported. In
It is clear that user u cannot prove himself as a winner dur- order to address the above challenges, a hash carry opera-
ing the auction in term n unless ζun > 0.5. Because if and tion is introduced. Assuming user ub holds a verifiable hash
only if receiving the majority of “pick” messages from com- vhashnub during Term n, and ub receives an auction message
mittee members, user u knows the vhash of him in this term mc from user uc , carrying a verifiable hash vhashnuc . As long
is the smallest among all committee members. However, ζ as vhashnuc > vhashnub and ub knows there is a user ua whose
cannot be simply set to 1.0 since there are network delays verifiable hash vhashnua is less than vhashnub , ub must forward
in a P2P network. The specific ζ value setting strategy for mc to ua . Regarding how much additional load “hash carry”
different sizes of blockchain networks needs further experi- will bring to blockchain networks is left for future work to
mentation and research. Due to page limitation, this question investigate.
is left as future work. Additionally, malicious users can disrupt the auction. For
example, uc can repeatedly send auction messages to ua and
D. Exception Handle ub attempting to disrupt the generation of blocks during the
An appropriate setting of η can only solve part of the Term n. However, with the hash carry option, ub will not
network delay problem. Other abnormal conditions will also incorrectly count the auction messages send from uc , and
be encountered when the blockchain network is running. For ua will normally count the number of verifiable hashes that
example, a user could encounter an “out of service” condition are less than vhashnua . So that such attacks will not bring
at any time. any other side effects to blockchain networks, except network
As shown in Fig. 3, assume that user C, who calculated the transmission load. In addition, this kind of attack can be
smallest vhash during Term 1, is out of service in step (3). prevented by limiting the frequency of requests from the
Following that condition, user A and B try to send him a same IP.
“pick” message but get no reply from user C. After the end Moreover, the security foundation of the proposed model
of Term 1, nobody receives a new block. The result is that is asymmetric encryption and verifiable hash. So a new user
user A and user B will calculate their verifiable hashes (vhash must broadcast the public key to the blockchain network before
D and vhash E) for Term 2. In this way, the loss of user C joining. Based on that unique public key, the verifiable hashes
does not affect the other two users at all. They continue to sent from him can be verified by everyone.

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
XU et al.: LIGHTWEIGHT AND ATTACK-PROOF BIDIRECTIONAL BLOCKCHAIN PARADIGM FOR INTERNET OF THINGS 4377

IV. S ECURITY A NALYSIS block. At this time, double-spend attacks may occur and q
Since the security of the Chameleon hash scheme has been can be calculated as
proved, including collision-resistant, message hiding, seman- α−τ n
Cη−τ n
tic security, and key-exposure-free [17], the security of the q= . (7)
Chameleon hash can be guaranteed. While for the distribution Cηα
of the trapdoor key, the correctness and security of the secret-
sharing scheme have also been proved based on Lagrange’s Otherwise, if α < τ n , several committee members are not
interpolation theorem [18]. Therefore, for the rest of this sec- controlled by the attacker (named as honest committee mem-
tion, the security of the proposed model is analyzed from two bers). Honest committee members do not provide their part of
aspects: 1) double-spend attack/long-range attack resistance the trapdoor keys to the smart contract if they disagree with
and 2) eclipse attack resistance. the newly generated block, and double-spend attacks cannot
occur. At this time, q is 0, which in turn leads to D(q, z) = 0.
In Section V, the Monte Carlo method is adopted to verify
A. Double-Spend Attack and Long-Range Attack Resistance the performance of CMA that is resistant to the double-spend
Both double-spend attacks and long-range attacks are attack compared with PoW and PoS.
caused by uncertainty about newly added blocks and the subse-
quent blocks. However, with the novel reverse pointer design,
B. Eclipse Attack Resistance
the subsequent direction of any block can be determined, i.e.,
starting from the genesis block, the entire chain is undis- As mentioned in Section I, eclipse attacks will cause
puted. Long-range attacks are completely ineffective against deny-of-service of the blockchain. DDoS attacks can be clas-
the proposed model. The only possible stage of the proposed sified into two categories [31]: 1) network/transport-level
model getting attacked by double spending is when generating DDoS flooding attacks and 2) application-level DDoS flood-
the reverse pointers. ing attacks. On the network/transport level, it is difficult for an
As Nakamoto analyzed in [9], the double-spend attack could adversary to predict committee members of the next term and
be treated as Gambler’s ruin problem. The probability the launch eclipse attacks. In fact, it is ineffective to launch attacks
attacker could catch up to the honest miners (denoted as D) against participant members other than committee members
can be calculated as since it will not hinder the consensus process. On the appli-
  z−k  cation level, if a transaction request consumes too many
z
λk e−λ q resources, the committee member who submits the request
D(q, z) = 1 − 1− (4)
k! p will stall. However, this does not affect other committee mem-
k=0
bers in proposing their own transactions and continuing to
where z is the number of blocks that the merchant will wait reach consensus. For example, if user ua (whose verifiable
for before handing over physical goods. p is the probability hash vhashua ) stalls due to the calculation of transaction tx,
an honest node finds the next block. q is the probability the the user ub (whose vhashub is greater than vhashua but less
attacker finds the next block. λ is the blocks producing rate than others) will continue to propose his transaction block.
of the attacker during the interval that honest miners produce Eventually, committee members will send auction messages
z blocks, which is calculated by to ub and reach a consensus on the block proposed by ub .
q In information entropy, the average information per emitted
λ=z . (5) symbol is denoted with H(X)
p
Based on (5), to find out the probability that the attacker 
n
H(X) = − P(xi )logb P(xi ) (8)
could overtake the honest miners (which means that the
i=1
double-spend attack happens), z is replaced with z + 1
  z+1−k  where P(xi ) is the probability mass function, and b is the base

z+1 k −λ
λ e q of the logarithm used. In this article, H(X) is used to measure
D(q, z) = 1 − 1− . (6)
k! p the entropy of the blockchain system. Higher entropy means
k=0
better performance in terms of security.
For PoW, q is the proportion of computing resources In order to facilitate a comparison, P(xi ) is defined as the
owned by the attacker. For PoS, q is defined as the probability of user xi participating in the consensus algorithm.
proportion of stakes owned by the attacker. In CMA, q In the CMA consensus algorithm, P(xi ) is the probability that
is defined as the probability that all committee members user i is selected as a member of the committee in each term.
are controlled by the attacker for each Term. To iden- The calculation of the entropy of CMA refers to (8).
tify this probability, the number of committee nodes in For PoW, miners act as consensus maintainers. In each term
a Term is defined as τ n , and the number of nodes con- of transactions, the fastest miner will verify the transactions,
trolled by the attacker is defined as α. When α ≥ generate a new block, and broadcast it to everyone. Therefore,
τ n , all of the committee members in this Term may P is defined as the proportion of this miner to all miners in
be controlled by the attacker, and there is a probabil- the blockchain network. Assume the number of miners is Nm ,
ity that the attacker controls the generation of this term’s and the entropy in this article is measured in bits so that the

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
4378 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 6, MARCH 15, 2022

TABLE II TABLE III

C OMPARISONS OF S ECURITY P ROPERTIES S IMULATION PARAMETER S ETTINGS

entropy can be calculated as

   
1 1 1
H(X) = −Nm · · log2 = −log2 . (9)
Nm Nm Nm
As for PoS, users with more stake will have a higher
probability to participate in the consensus. So P(xi ) is
defined as the proportion of stakes owned by user i. In
Section V, the parameter setting of experiments and the
entropy calculated for different consensus algorithms are
introduced.
All in all, from security analysis in Section IV-A, it
is obviously that CMA has a lower q than PoW or PoS
and shows that CMA has a higher double spend/long-range
attack resistance. From the analysis in Section IV-B, the
probability of user in CMA participating in the consen-
sus process is higher than PoW or PoS, which shows that attacks, long-range attacks, and eclipse attacks, is considered,
CMA has a higher entropy and a higher eclipse attack which to a degree proves the advantages of the proposed model
resistance. The results of the analysis are summarized in from the security aspect compared to other blockchain mod-
Table II. In Section V, experiments are conducted to verify our els. To some extent, the experiment results also demonstrate
analysis. that the proposed model can resist 51% attacks (which is
defined as the majority of the network’s computing resources
C. Further Discussion are held by the attackers so that they can manipulate the
1) Defense Potential: A Sybil attack is defined as an attack blockchain [40]). The resistance to all other attack types
where an adversary creates numerous fake identities to reduce cannot be analyzed and verified completely in this arti-
throughput, or even gain control of a blockchain network [32]. cle due to space limitation, which could be left as future
Since the CMA consensus algorithm selects committee mem- work.
bers based on the public and private key pairs (identities)
of each participant, a Sybil attack may reduce the security V. P ERFORMANCE E VALUATION
of blockchain [33]. The current solutions to defend against In this section, simulation experiments are conducted to
Sybil attacks can be summarized as follows: trusted certifi- evaluate the security and scalability of the proposed model,
cation, resource testing, recurring costs and fees, and trusted which verifies the aforementioned analysis.
devices [34]. To mitigate the impact of Sybil attacks, some
periodic resource tests (similar to the computing power test
in PoW) are needed. The question then becomes, how to set A. Environment and Parameters Setting
resource test rules to effectively resist Sybil attacks without Our simulation environment is based on the Ubuntu 18.04
affecting the scalability of blockchain? This is a challenging Operating System. Hardware configuration includes an Intel
research topic but one that is beyond the scope of this article. Core i7-8650U 4 Cores processor and 16-GB RAM. In terms
When the abnormal nodes are detected, the way to treat the of software configuration, python 3.6 is used to simulate
abnormal node is similar to the exception handle mentioned PoW, PoS, and CMA consensus algorithm-based blockchain
in Section III. networks. The default parameters setting of the simulation
All in all, if the proposed model is adopted in a consortium experiment is shown in Table III. In the remainder of this sec-
or private environment (where nodes trust each other), Sybil tion, the parameters not mentioned are set according to this
attacks are not relevant. However, in a public blockchain envi- table.
ronment, it is necessary to set up periodic resource tests to In experiments, assume that the latency of blockchain
resist Sybil attacks. networks obey a normal distribution, whose standard deviation
2) Attacks Limitation: There are other attacks against is 100. In order to simulate the worst network environment,
blockchains that present security risks, such as selfish the propagation rate is assumed to be 2, which means that
mining [35], bribery attack [36], and block withholding a message sent by a node will only be accepted by the
attacks [37]–[39]. In this article, only the resistance of other two nodes. Considering the computing power of the
three mainstream attacking methods, including double-spend hardware, the difficulty of PoW is adjusted to 1.5 × 10−5 .

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
XU et al.: LIGHTWEIGHT AND ATTACK-PROOF BIDIRECTIONAL BLOCKCHAIN PARADIGM FOR INTERNET OF THINGS 4379

effectively than PoS MIN. Finally, when the proportion of

nodes under attacker’s control reaches 100%, which is 2000
nodes in the experiment, all three consensus algorithms cannot
handle the situation that all of the nodes launch double-spend
attacks so that the attacker’s probability of success increases
to 100%.
Not only that the well-known 51% attack can also be
resisted by CMA. Fig. 4 shows that after majority of the
nodes (which is 1000 in the experiments) are controlled by
the attacker, only CMA can keep the double-spend attacker’s
probability of success at 0%. That means, even though the
majority of the network’s computing resources are held by
the double-spend attackers, they cannot manipulate the CMA-
based blockchain network as well.
In order to determine the relationship between the scale
Fig. 4. When the number of nodes controlled by the double-spend attacker
increases, the attacker’s probability of success under CMA maintains a very of blockchain and the performance of double-spend attack
low level compared with PoS and PoW. resistance, experiments are conducted. The results are shown
in Fig. 5. For Fig. 5(a), the number of nodes controlled
by the attacker is set to 10% of the number of participants
In addition, assume that all nodes have the same compute (α = 0.1 × η). In this situation, PoS MAX has a higher
power. The standard deviation of the stake distribution across attacker’s probability of success than the others. The rea-
nodes is set to 15 by default. In double-spend attack exper- son for its constant fluctuation is that the distribution of
iments, “PoS MIN” means that α nodes with the smallest stakes in PoS is randomly generated for different sizes of
stakes launch double-spend attacks in the PoS consensus algo- blockchain networks. PoS MAX selects the nodes who own
rithm. On the contrary, “PoS MAX” means α nodes with the the largest stakes, so the randomness of the stakes held by
most stakes launch double-spend attacks in the PoS consen- the selected nodes leads to fluctuations in the attacker’s prob-
sus algorithm. The consensus period of CMA is set to 2 s, ability of success. For Fig. 5(b), as the number of nodes
which means that all incoming transactions within 2 s will be controlled by the attacker increases to 25% of participants,
packaged in a block and broadcast throughout the blockchain most of the stakes are controlled by the attackers so that a
network. more stable attacker’s probability of success is reached com-
pared with Fig. 5(a). What is more, the attacker’s probability
of success in PoW has a slight increase. When α increases
B. Double-Spend Attack Resistance to half of the number of participants in the blockchain
According to the previous analysis, experiments are con- network, as shown in Fig. 5(c), the attacker’s probability
ducted to analyze how the attacker’s double-spend success of success in PoW and PoS MAX reaches and stabilizes
probability (D) changes as the number of nodes controlled at 100%. After a small fluctuation, the attacker’s probabil-
by the attacker α changes. As shown in Fig. 4. The number ity of success in PoS MIN stabilizes at around 5%. The
of nodes in the blockchain network is 2000. After 200 of the slight fluctuation is also caused by the random distribution
nodes are controlled by the attacker (this means, 10% of the of stakes under different blockchain network scales. However,
nodes are controlled), for PoS MAX, the attacker’s probability under any circumstances, the attacker’s probability of suc-
of success increases dramatically. For PoW, when more than cess in CMA is kept at 0%, which proves that CMA is very
500 of the nodes are controlled, the attacker’s probability of effective in defencing double-spend attacks and improving
success is more than 30%, which is unbearable. This means security.
PoW can defend against 25% or fewer nodes being hacked In order to figure out the relationship between the number
under double-spend attacks when the merchant waits for three of committee members and double-spend attack resistance,
blocks to confirm the transaction. As for PoS MIN, after 1000 the experiments are conducted and the results are shown in
nodes (half of the nodes in the blockchain network) with the Fig. 6. As mentioned before, the number of nodes partici-
fewest stakes are controlled by the attacker, the attacker’s prob- pating in the blockchain network is set to 2000 by default.
ability of success has increased to more than 30%. Compared When the number of committee members grows (from 1
with PoS MAX, PoS MIN is more likely to happen in reality to 7), the attacker’s probability of success drops drasti-
because nodes that hold more stakes are less likely to do evil cally. As the number of blocks that merchants will wait
(such as launch double-spend attacks). However, PoS MIN is for before confirming transactions increases (the increase
still vulnerable to double-spend attacks (the attacker’s prob- of z), the attacker’s probability of success also decreases.
ability of success increases to more than 20%) when half of More precisely, when the number of committee members
the nodes are controlled by the attacker, which is 1000 in is greater than 6 (the proportion of committee members
the experiment. In this circumstance, CMA can still guarantee reaches 0.3% or higher), the attacker’s probability of success
that the attacker’s probability of success remains at around 0, is less than 0.1%, no matter how many blocks the merchant
which shows that CMA can resist double-spend attacks more waits.

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
4380 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 6, MARCH 15, 2022

Fig. 5. With the increase of the number of participants and the nodes controlled by the attacker, the attacker’s probability of success in CMA is maintained
at a very low level compared with PoS and PoW. (a) 10% double-spend attack. (b) 25% double-spend attack. (c) 50% double-spend attack.

Fig. 6. Attacker’s probability of success decreases when the number of com-

Fig. 7. The entropy comparison of CMA, PoW, and PoS. Regardless of
mittee members increases. Increasing the number of blocks that merchants will
the number of participants, compare with PoW and PoS, CMA has a higher
wait for before confirming transactions (z) will also help reduce the attacker’s
entropy, namely, better security.
probability of success.
increases from 4 to 12, which is higher than PoW (increases
from 0.2 to 1.6) and PoS (increases from 1 to 9). For PoS, as
C. Eclipse Attack Resistance the standard deviation of stakes σ 2 decreases, the entropy of
As analyzed before, the entropy for CMA, PoW, and PoS PoS increases. This means, the more even the distribution of
needs to be calculated to compare their ability to resist eclipse stakes, the more random the people participating in the PoS
attacks. To calculate the entropy of CMA, the proportion of consensus, which is consistent with the knowledge in practice.
committee members is set as 50%. This means that half of But in fact, the distribution of the stakes in PoS cannot reach a
the participant members will become committee members in full average. For PoW, the low proportion of miners in bitcoin
each election term. The number of transaction terms in CMA leads to lower entropy than PoS and CMA. To conclude, the
is set to 100. The experiments show that the changes to this results show that CMA has higher entropy than PoW and PoS,
value do not have much impact on the experimental results. and exhibits a better eclipse attack resistance.
To calculate the entropy value of PoW, Bitcoin is treated as
an example. The number of miners and wallet active users D. Scalability
are set to 10 018 [41] and 14 280 000 [42], respectively. The Security is important but so too the scalability requirements.
proportion of miners (these users have the opportunity to par- In this section, simulation experiments are conducted to com-
ticipate in transaction verification) in bitcoin is set to 0.07%. pare the throughput of CMA with PoS and PoW. For the
Finally, in order to calculate the entropy value of PoS, assume following experiments, the total time consumption is defined
that the stakes held by different users comply with a normal as the time consumption of hash calculation, new block gen-
distribution, with a standard deviation of the stakes set from eration, and new block propagation time in the network. In
5.0 to 20.0. particular, for CMA, the hash calculation time includes time
As shown in Fig. 7, the entropy increases as the number of consumption of committee member election, forward pointer
participant members in the blockchain network increases. The construct, reverse pointer construct, and forward pointer
number of participant members in the simulation blockchain repair.
network starts from 20 to 4000, which covers most of the The time consumption of transactions of different consensus
blockchain network scales in practice. The entropy of CMA algorithms under different numbers of blockchain participants

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
XU et al.: LIGHTWEIGHT AND ATTACK-PROOF BIDIRECTIONAL BLOCKCHAIN PARADIGM FOR INTERNET OF THINGS 4381

Fig. 8. When the number of participants in the blockchain network increases Fig. 9. When the frequency of incoming transactions increases from 10 to
from 50 to 2000, the total time consumption of CMA is lower than PoW and 200 tx/s, the total time consumption of CMA is lower than PoW and PoS.
PoS.

is recorded, as shown in Fig. 8. The incoming transaction

speed is set to 50 transactions per second, and the total
incoming transaction number is set to 1500, as mentioned in
Table III. With an increase of participants from 50 to 2000,
the time consumption of PoW increases from 120 to 170 s.
For PoS, time consumption increases from 80 to 130 s. This
is because as more nodes participate in a blockchain network,
it takes more time for the block to be broadcast and con-
firmed by all nodes. For CMA, the total time consumption
is less than PoW and PoS, increasing from 40 to 50 s. The
growth rate of CMA is smaller than that of PoW and PoS
when the number of participants increases. This is because
in the CMA consensus process, it is not necessary for all Fig. 10. With the increase of the incoming transaction number, the total time
nodes, but half of the nodes (committee members), to par- consumption of CMA is always lower than PoW and PoS.
ticipate in the consensus, and generate and confirm the newly
generated block. When the network scale increases, CMA can time frame. The network delay increases as there are more
effectively mitigate the delay of P2P network propagation. In blocks that need to be broadcast while consensus.
the case that fewer than 2000 nodes, CMA costs less time From another perspective, when the frequency of transac-
to process transactions and has a better throughput than PoW tions is set as a constant (50 transactions per second) and only
and PoS. the total incoming transaction number is increased (from 500
In the case of a constant number of participants (2000 to 10 000 transactions), the total time consumption of three
nodes) in the blockchain network, the incoming transaction consensus algorithms increases as well. As shown in Fig. 10,
speed is adjusted (from 10 to 200 transactions per s) and the for CMA, the total time consumption increases linearly with
total time consumption of CMA, PoW, and PoS is recorded. As the increase of incoming transaction duration (from 16 to 330
shown in Fig. 9, when the transaction frequency is ten transac- s). For PoW, this number increases from 50 to 1100 s. For
tions per second, the total time consumption of CMA has no PoS, this number increases from 40 to 840 s. It is obvious
obvious advantages over PoW or PoS. This may be because no that CMA consumes the least time to process transactions and
matter how many transactions arrive in a second, CMA needs has the smallest growth rate, which means that CMA has a
to wait for a period of 2 s before packaging transactions into higher transaction efficiency than PoW or PoS.
a new block. However, PoS and PoW are not subject to this To determine the impact of DDoS attacks on the scalability
restriction. With the increase of incoming transaction speed, of CMA, experiments are conducted. The results are shown
the advantage of using CMA to performance increases. As the in Fig. 11. The number of participants (targets) attacked by
incoming transaction speed is increased to 200 transactions per DDoS is adjusted from 0 to 960 (The total number of partici-
second, the total time consumption of PoW and PoS reaches pants in the blockchain network is 2000 by default.). From the
560 and 410 s, respectively. However, the time consumption of figure, it is clear that regardless of how many nodes are DDoS
CMA is maintained at about 50 s. This is due to the fact that attacked, CMA maintains the total transaction time consump-
in the high transaction frequency case, a block size limit (5 tion at around 50 s. This means that when less than equal
KB) will cause more blocks to be generated within a certain half of the nodes are controlled by the DDoS attacker, the

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
4382 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 6, MARCH 15, 2022

PoS. Future work is in progress to consider the probabil-

ity of cross-chain based on BLB with PoW or PoS-based
blockchains to help improve their scalability or security, and
a reasonable resource test rule to mitigate the impact of Sybil
attacks.

R EFERENCES
[1] Y. Qu, S. R. Pokhrel, S. Garg, L. Gao, and Y. Xiang, “A blockchained
federated learning framework for cognitive computing in industry 4.0
networks,” IEEE Trans. Ind. Informat., vol. 17, no. 4, pp. 2964–2973,
Apr. 2021.
[2] Y. Qu et al., “Decentralized privacy using blockchain-enabled feder-
ated learning in fog computing,” IEEE Internet Things J., vol. 7, no. 6,
pp. 5171–5183, Jun. 2020.
[3] F. Chen, Z. Xiao, L. Cui, Q. Lin, J. Li, and S. Yu, “Blockchain for
Fig. 11. With the increase of the number of nodes that under the DDoS
Internet of Things applications: A review and open issues,” J. Netw.
attack, the total time consumption of CMA is almost unaffected and lower
Comput. Appl., vol. 172, Dec. 2020, Art. no. 102839.
than PoW and PoS.
[4] B. L. Nguyen et al., “Privacy preserving blockchain technique to achieve
secure and reliable sharing of IoT data,” Comput. Mater. Continua,
vol. 65, no. 1, pp. 87–107, 2020.
efficiency of CMA is barely affected. For PoW, the total trans- [5] C. Li, G. Xu, Y. Chen, H. Ahmad, and J. Li, “A new anti-quantum proxy
action time consumption increases from 150 to 190 s. For PoS, blind signature for blockchain-enabled Internet of Things,” Comput.
Mater. Continua, vol. 61, no. 2, pp. 711–726, 2019.
the total time consumption increases slightly from 120 to 130. [6] B. Bordel, R. Alcarria, D. Martin, and A. Sanchez-Picot, “Trust provi-
The cause of the fluctuations is the randomness of stakes held sion in the Internet of Things using transversal blockchain networks,”
by the nodes under DDoS attacks. From this point of view, Intell. Autom. Soft Comput., vol. 25, no. 1, pp. 155–170, 2019.
[7] L. Gao, T. H. Luan, B. Gu, Y. Qu, and Y. Xiang, “Blockchain
the transaction time consumption of PoS is more dependent on based decentralized privacy preserving in edge computing,” in Privacy-
the stakes held by the DDoS attacked nodes, rather than the Preserving in Edge Computing. Singapore: Springer, 2021, pp. 83–109.
number of nodes attacked by the DDoS. In general, compared [8] D. J. Moroz, D. J. Aronoff, N. Narula, and D. C. Parkes, “Double-
with CMA, PoW and PoS are both affected by DDoS attacks spend counterattacks: Threat of retaliation in proof-of-work systems,”
2020. [Online]. Available: arXiv:2002.10736.
to varying degrees, resulting in an increase in total time con- [9] S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. Accessed:
sumption. In addition, under the same level of DDoS attacks, 2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf
CMA has a smaller transaction time consumption compared [10] D. Liao, H. Li, W. Wang, X. Wang, M. Zhang, and X. Chen, “Achieving
IoT data security based blockchain,” Peer Peer Netw. Appl., to be
with PoW and PoS. published.
All in all, experiments were conducted from different [11] W. Li, S. Andreina, J.-M. Bohli, and G. Karame, “Securing
aspects. The results show that the proposed BLB can resist proof-of-stake blockchain protocols,” in Data Privacy Management,
Cryptocurrencies and Blockchain Technology. Cham, Switzerland:
attacks better than PoW and PoS (especially for double-spend Springer, 2017, pp. 297–315.
attack/long-range attack and eclipse attack). Not only that the [12] G. Xu et al., “Am I eclipsed? A smart detector of eclipse attacks for
time cost of CMA to process transactions is always the least ethereum,” Comput. Security, vol. 88, Jan. 2020, Art. no. 101604.
compared with PoW and PoS, which means that CMA has a [13] X. Tang, Q. Zheng, J. Cheng, V. S. Sheng, R. Cao, and M. Chen, “A
DDoS attack situation assessment method via optimized cloud model
higher throughput than PoW and PoS in multiple situations, based on influence function,” Comput. Mater. Continua, vol. 60, no. 3,
even under eclipse attacks. pp. 1263–1281, 2019.
[14] Y. Liu, Y. Qu, C. Xu, Z. Hao, and B. Gu, “Blockchain-enabled asyn-
chronous federated learning in edge computing,” Sensors, vol. 21, no. 10,
VI. S UMMARY AND F UTURE W ORKS p. 3335, 2021.
[15] C. Pérez-Solà, S. Delgado-Segura, G. Navarro-Arribas, and
In this article, a lightweight and attack-proof BLB with J. Herrera-Joancomartí, “Double-spending prevention for bitcoin
a custom-built CMA consensus algorithm is proposed for zero-confirmation transactions,” Int. J. Inf. Security, vol. 18, no. 4,
IoT payment systems. To eliminate double-spend attacks, pp. 451–463, 2019.
[16] I. A. I. AlMallohi, A. S. M. Alotaibi, R. Alghafees, F. Azam, and
long-range attacks, and eclipse attacks while ensuring scal- Z. S. Khan, “Multivariable based checkpoints to mitigate the long range
ability, bidirectional links between blocks in the blockchain attack in proof-of-stake based blockchains,” in Proc. 3rd Int. Conf. High
are constructed based on the Chameleon-hash function, whose Perform. Compilation Comput. Commun., 2019, pp. 118–122.
trapdoor keys are split through distributed smart contracts [17] M. Khalili, M. Dakhilalian, and W. Susilo, “Efficient chameleon hash
functions in the enhanced collision resistant model,” Inf. Sci., vol. 510,
and hold by committee members. The scalability and secu- pp. 155–164, Feb. 2020.
rity of the committee members are ensured by the VRF. What [18] A. Beimel, “Secret-sharing schemes: A survey,” in Proc. Int. Conf.
is more, the exceptions during consensus are also identified Coding Cryptol., 2011, pp. 11–46.
[19] N. Bitansky, “Verifiable random functions from non-interactive witness-
and handled. Improved Nakamoto’s double-spend attack anal- indistinguishable proofs,” J. Cryptol., to be published.
ysis and early efforts to introduce the concept of entropy in [20] G. Ateniese, B. Magri, D. Venturi, and E. Andrade, “Redactable
information theory as a measurement of the eclipse attack blockchain–or–rewriting history in bitcoin and friends,” in Proc. IEEE
resistance are carried out correspondingly. Finally, experiments Eur. Symp. Security Privacy (EuroS&P), 2017, pp. 111–126.
[21] Y. Gilad, R. Hemo, S. Micali, G. Vlachos, and N. Zeldovich, “Algorand:
are conducted to testify that the security and scalability of Scaling byzantine agreements for cryptocurrencies,” in Proc. 26th Symp.
the proposed paradigm are better than those based PoW and Oper. Syst. Principles, 2017, pp. 51–68.

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
XU et al.: LIGHTWEIGHT AND ATTACK-PROOF BIDIRECTIONAL BLOCKCHAIN PARADIGM FOR INTERNET OF THINGS 4383

[22] A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, Youyang Qu (Member, IEEE) received the B.S.
and S. Capkun, “On the security and performance of proof of work degree in mechanical automation and the M.S.
blockchains,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, degree in software engineering from Beijing Institute
2016, pp. 3–16. of Technology, Beijing, China, in 2012 and 2015,
[23] G. Ramezan and C. S. Leung, “An analysis of proof-of-work based respectively, and the Ph.D. degree from the School
blockchains under an adaptive double-spend attack,” IEEE Trans. Ind. of Information Technology, Deakin University,
Informat., vol. 16, no. 11, pp. 7035–7045, Nov. 2020. Geelong, VIC, Australia, in 2019.
[24] N. Anita and M. Vijayalakshmi, “Blockchain security attack: A brief He is currently a Research Fellow of Deakin
survey,” in Proc. IEEE 10th Int. Conf. Comput. Commun. Netw. Technol. Blockchain Innovation Lab. His research interests
(ICCCNT), 2019, pp. 1–6. focus on dealing with security and customizable pri-
[25] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on vacy issues in social networks, machine learning,
bitcoin’s peer-to-peer network,” in Proc. 24th USENIX Security Symp. IoT, and big data.
(USENIX Security), 2015, pp. 129–144. Dr. Qu is active in communication society. He is also the Publicity Chair of
[26] B. Alangot, D. Reijsbergen, S. Venugopalan, and P. Szalachowski, SPDE2020. He has served for a TPC Member for IEEE flagship conferences,
“Decentralized lightweight detection of eclipse attacks on bitcoin including IEEE ICC and IEEE Globecom.
clients,” 2020. [Online]. Available: arXiv:2007.02287.
[27] S. Goldberg, L. Reyzin, D. Papadopoulos, J. Vcelák, “Verifiable random
functions (VRFs),” Fremont, CA, USA, draft-irtf-cfrg-vrf-05, 2019.
[28] R. Dunford, Q. Su, and E. Tamang, The Pareto Principle, Plymouth,
U.K.: Publishamerica, 2014.
[29] M. H. Dehkordi and S. Mashhadi, “An efficient threshold verifi-
able multi-secret sharing,” Comput. Stand. Interfaces, vol. 30, no. 3,
pp. 187–190, 2008.
[30] T. Nguyen-Van et al., “Scalable distributed random number generation
based on homomorphic encryption,” in Proc. IEEE Int. Conf. Blockchain
Tom H. Luan (Senior Member, IEEE) received the
(Blockchain), 2019, pp. 572–579.
B.Eng. degree from Jiao Tong University, Xi’an,
[31] Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined networking
China, in 2004, the M.Phil. degree from The
(SDN) and distributed denial of service (DDoS) attacks in cloud com-
Hong Kong University of Science and Technology,
puting environments: A survey, some research issues, and challenges,”
Hong Kong, in 2007, and the Ph.D. degree from the
IEEE Commun. Surveys Tuts., vol. 18, no. 1, pp. 602–622, 1st Quart.,
University of Waterloo, Waterloo, ON, Canada, in
2015.
2012.
[32] P. Otte, M. de Vos, and J. Pouwelse, “TrustChain: A sybil-resistant scal-
He is currently a Professor with the School of
able blockchain,” Future Gener. Comput. Syst., vol. 107, pp. 770–780,
Cyber Engineering, Xidian University, Xi’an. He has
Jun. 2020.
authored/coauthored more than 40 journal papers
[33] C. Huang et al., “RepChain: A reputation-based secure, fast, and high
and 30 technical papers in conference proceedings,
incentive blockchain system via sharding,” IEEE Internet Things J.,
and he has received one U.S. patent. His research mainly focuses on content
vol. 8, no. 6, pp. 4291–4304, Mar. 2020.
distribution and media streaming in vehicular ad hoc networks and peer-
[34] B. N. Levine, C. Shields, and N. B. Margolin, A Survey of Solutions
to-peer networking, and the protocol design and performance evaluation of
to the Sybil Attack, Univ. Massachusetts Amherst, Amherst, MA, USA,
wireless cloud computing and edge computing.
2006.
[35] R. Yang, X. Chang, J. Mišić, and V. B. Mišić, “Assessing blockchain
selfish mining in an imperfect network: Honest and selfish miner views,”
Comput. Security, vol. 97, Oct. 2020, Art. no. 101956.
[36] H. Sun, N. Ruan, and C. Su, “How to model the bribery attack: A
practical quantification method in blockchain,” in Proc. Eur. Symp. Res.
Comput. Security, 2020, pp. 569–589.
[37] A. Kaci and A. Rachedi, “Toward a machine learning and soft-
ware defined network approaches to manage miners’ reputation in
blockchain,” J. Netw. Syst. Manag., vol. 28, no. 3, pp. 478–501, 2020.
[38] A. Kaci and A. Rachedi, “PoolCoin: Toward a distributed trust model Peter W. Eklund received the Honours degree
for miners’ reputation management in blockchain,” in Proc. IEEE 17th (First Class) in mathematics from the University of
Annu. Consum. Commun. Netw. Conf. (CCNC), 2020, pp. 1–6. Wollongong, Wollongong NSW, Australia, in 1985,
[39] C. Tang, L. Wu, G. Wen, and Z. Zheng, “Incentivizing honest mining the M.Phil. degree from Brighton University,
in blockchain networks: A reputation approach,” IEEE Trans. Circuits Brighton, U.K., in 1988, and the Ph.D. degree
Syst. II, Exp. Briefs, vol. 67, no. 1, pp. 117–121, Jan. 2020. in artificial intelligence from Linköping University,
[40] J. Yu, D. Kozhaya, J. Decouchant, and P. Esteves-Verissimo, “RepuCoin: Linköping, Sweden, in 1992.
Your reputation is your power,” IEEE Trans. Comput., vol. 68, no. 8, He is a Professor of AI and Machine Learning
pp. 1225–1237, Aug. 2019. with the School of Information Technology, Deakin
[41] A. Yeow. (2018). Bitnodes. [Online]. Available: University, Geelong, VIC, Australia. For many
https://bitnodes.earn.com years, he was supported by defence intelligence
[42] A. Lielacher, “How many people use bitcoin in 2019,” Bitcoin Market sources both in Australia and the USA. His current work is on the scalability
J., vol. 643, p. 32, May 2019. of blockchain technology, and its applications to future logistics. This followed
from his work on “embedding knowledge in Web documents,” pioneering and
influential semantic Web research. Since then he has been developing an inter-
national profile in applied artificial intelligence. Following a large grant from
CSIRO’s ICT Centre in 2010, he diversified into pervasive computing and
intelligent transport systems, including applications of cyber–physical systems
Chenhao Xu received the B.S. degree in software in supply chain logistics.
engineering from Beijing Institute of Technology, Prof. Eklund won the Inaugural Australian Smart Infrastructure Research
Beijing, China, in 2018. He is currently pursuing Award from the Federal Department of Infrastructure, Transport, Regional
the Ph.D. degree with the School of Information Development and Local Government in 2010. He has been a Co-Founder of
Technology, Deakin University, Geelong, VIC, three tech start-ups and he is current on the advisory board of GenuTex, a
Australia. company that offers a unique hybrid blockchain solution to authenticate the
His research interests include blockchain, feder- supply-chain of pharmaceuticals and a Copenhagen-based fintech company
ated learning, and IoT. called ZTLment, who enable cross-border trade between small- and medium-
sized enterprises via programmable money. He is an elected fellow of The
Australian Computer Society.

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.
4384 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 6, MARCH 15, 2022

Yong Xiang (Senior Member, IEEE) received Longxiang Gao (Senior Member, IEEE) received
the B.E. and M.E. degrees from the University the Ph.D. degree in computer science from Deakin
of Electronic Science and Technology of China, University, Geelong, VIC, Australia, in 2014.
Chengdu, China, in 1983 and 1989, respectively, and He is currently a Senior Lecturer with the School
the Ph.D. degree from the University of Melbourne, of Information Technology, Deakin University.
Parkville, VIC, Australia, in 2003. Before joining Deakin University, he was a
He is a Professor with the School of Information Postdoctoral Research Fellow of IBM Research and
Technology, Deakin University, Geelong, VIC, Development Australia. He has over 70 publica-
Australia, where he is also an Associate Head of tions, including patents, monographs, book chap-
School (Research) and the Director of the Artificial ters, and journal and conference papers. Some
Intelligence and Data Analytics Research Cluster. He of his publications have been published in the
has obtained a number of research grants (including several ARC Discovery top venues, such as IEEE T RANSACTIONS ON M OBILE C OMPUTING,
and Linkage grants from the Australian Research Council) and published IEEE I NTERNET OF T HINGS, IEEE T RANSACTIONS ON D EPENDABLE
numerous research papers in high-quality international journals and confer- AND S ECURE C OMPUTING , and IEEE T RANSACTIONS ON V EHICULAR
ences. He is the Co-Inventor of two U.S. patents and some of his research T ECHNOLOGY. His research interests include data processing, mobile social
results have been commercialized. networks, fog computing, and network security.
Prof. Xiang is the editor/guest editor of several international journals. He Dr. Gao received the 2012 Chinese Government Award for Outstanding
has been invited to give keynote speeches and chair committees in a number of Students Abroad (Ranked No. 1 in Victoria and Tasmania consular districts).
international conferences, review papers for many international journals and He is active in IEEE Communication Society. He has served for the TPC
conferences, serve on conference program committees, and chair technical co-chair, a publicity co-chair, a organization chair, and the TPC member for
sessions in conferences. many international conferences.

Authorized licensed use limited to: JNT University Kakinada. Downloaded on May 09,2022 at 16:25:41 UTC from IEEE Xplore. Restrictions apply.