A survey on the application of blockchain in cryptographic protocols

With the continuous development of network technology, cryptographic protocols are facing diverse and complex security challenges. Blockchain technology, as a solution incorporating decentralization, traceability, programmability, and immutability, effectively enhances the security, trustworthiness, operational efficiency, and ensures the security and integrity of data storage in traditional cryptographic protocols. Consequently, it has gradually emerged as a focal point of research in cryptographic protocols. This manuscript delves into the ongoing research concerning the application of blockchain technology in cryptographic protocols. First, this manuscript introduces the background of blockchain research in cryptographic protocols and the corresponding basic knowledge. Secondly, we delve into the main concerns of traditional cryptographic protocols, with a particular focus on security and performance. Thirdly, according to the main classification of cryptographic protocols, the latest research results of blockchain in authentication protocols, authentication and key agreement protocols, and e-commerce protocols are presented. Finally, the research directions of blockchain technology in cryptographic protocols are summarized based on the existing research, and the future development trend is also prospected.

Cryptographic protocol is a high interoperability protocol based on cryptographic algorithms, the basic guarantee for network security. In the era of rapid internet advancement, cryptographic protocols have emerged as indispensable tools for various communication activities such as data transmission (Ma et al. 2022; Song et al. 2023; Ullah and Zahilah 2021), instant messaging (Wei et al. 2023), electronic transactions (Shen et al. 2023) and other communication activities. However, with the diversification of security attacks and the development of quantum computing (Yang et al. 2023; Li et al. 2022), the security of cryptographic protocols has gradually become a fundamental issue in information security incidents. In January 2022, the Broward Health public health system in the U. S. made headlines when it revealed a significant data breach that compromised the names, home addresses, emails, and other critical information of more than 1.3 million patients. In March 2023, a cyberattack on Australian personal finance lender Latitude compromised the private data of up to 14 million customers. In July of the same year, U.S. technology company Microsoft was hacked, with malicious attackers exploiting a software vulnerability to access and steal email data from about 25 organizations, including U.S. government agencies. In addition, the performance issues in the application process of cryptographic protocols are also key issues worthy of attention, including computational and communication consumption, scalability, compatibility, and resource consumption. In the realm of existing cryptographic protocols, a frequent predicament arises wherein a choice must be made between compromising protocol runtime or generating an extensive volume of communication data to uphold security. Alternatively, there is the option to diminish specific cryptographic operations to bolster protocol performance, albeit at the cost of security. Therefore, when designing and implementing cryptographic protocols, security and performance need to be weighed to achieve the right balance between the two.

Ever since Satoshi Nakamoto (Bitcoin 2008) initially put forth the concept of “the chain of blocks” in 2008, the blockchain has remained the vital technology underlying Bitcoin and has continued to flourish. Currently, the blockchain has entered the 3.0 era. The application of blockchain has also extended from the initial digital currency to the Internet of Things (Issa et al. 2023; Liu et al. 2023; Feng et al. 2023), public services (Franciscon et al. 2019; Bharadi et al. 2020; Zhang et al. 2020), intelligent manufacturing (Vatankhah Barenji 2022; Gu et al. 2023; Liu et al. 2023; Huang et al. 2023) and many other fields. The wide application of blockchain technology has attracted the attention of academia, industry, and governments. In December 2022, the China Academy of Information and Communications Technology (CAICT) released the “Blockchain White Paper” [19]. The national “14th Five-Year Plan” has recognized blockchain as a burgeoning digital industry and has made significant strategic arrangements to foster its development. Many governments worldwide have also issued relevant policy documents to put digital asset strategy on the administrative agenda. As the core of the Internet of Value, blockchain technology lays the foundation for secure data transmission (Benkhaddra et al. 2023; Yu and Wang 2023) and storage (Ren et al. 2023) by relying on its decentralized distributed ledger storage method. It also brings practical solutions to the problems the current cryptographic protocols face. Therefore, combining blockchain technology and cryptographic protocols has gradually become a hot issue for researchers.

In this manuscript, a concise introduction to blockchain and cryptographic protocols is presented in Sect. "Background knowledge", while Sect. "Challenges of current cryptographic protocols" sheds light on the prevailing security and performance challenges encountered by cryptographic protocols. Section "Blockchain-based cryptographic protocols" describes the specific blockchain technology solutions for different kinds of cryptographic protocols concerning the main problems. Section "Summary and prospect" summarizes the existing problems and considers future directions.

Many new concepts have been proposed with the in-depth study of blockchain and cryptographic protocols. Therefore, to have a comprehensive understanding of blockchain technology and a complete knowledge of cryptographic protocols. In this section, we will first briefly introduce blockchain’s basic concepts and operation principles and then introduce the concepts and classifications of cryptographic protocols.

Overview of blockchain technology

This subsection first describes blockchain’s principles and working mode, then introduces blockchain’s features and advantages, and summarizes blockchain’s application fields.

Principle and working mode

The essence of blockchain is a decentralized database. Distributed ledger technology (Denis et al. 2023), immutable records, and smart contracts (He et al. 2023) constitute the fundamental elements of a blockchain. Through distributed ledger technology, all participants in the network gain entry to the distributed ledger and its immutable transaction records. This ensures that transactions are recorded only once, eliminating the duplication of work commonly found in traditional business networks. Immutable recording refers to the incapability of any participant to modify a transaction once it has been recorded in the shared ledger. If an error is identified in the transaction record, it is imperative to append a corrective transaction. At the same time, both transactions should be accessible for viewing after that. A smart contract is a set of automatically executed rules stored on the blockchain to expedite transactions.

Block structure

Full size image

As shown in Fig. 1, each block in the blockchain consists of a block header and a block body. The block header encapsulates information such as the version number of the block, the hash value of the previous block, the Merkle tree, the nonce value, and the timestamp of the block. On the other hand, the block body stores the relevant transaction information.

Features and advantages

The three key elements that constitute blockchain, namely distributed ledger technology, immutable records, and smart contracts, endow blockchain with the following characteristics and advantages:

1. 1.

   Decentralization Blockchain uses the distributed ledger to eliminate the need for a central authority, allowing participants to interact and collaborate directly, increasing the security and trustworthiness of the system.

2. 2.

   Transparency and traceability As blockchain transactions are publicly stored on every node, anyone can access and verify them, thus increasing the transparency and traceability of transactions.

3. 3.

   Security Blockchain uses encryption algorithms to safeguard data integrity and confidentiality, effectively enhancing the security of transactions and information. Through consensus mechanisms, blockchain ensures the legitimacy and consistency of transactions.

4. 4.

   De-trusting Blockchain establishes a de-trusting mechanism through consensus algorithms, where participants do not need to trust each other. The cost of trust in transactions is diminished solely through the utilization of mathematical algorithms and protocols within the system.

5. 5.

   Efficiency and speed Blockchain utilizes distributed computing and consensus algorithms to achieve fast transaction confirmation and processing, greatly improving the efficiency and speed of transactions.

6. 6.

   Programmability Blockchain can support the execution of smart contracts and realize automated and programmable transaction logic through programming languages, providing a more flexible and intelligent solution for various application scenarios.

7. 7.

   Disintermediation Blockchain eliminates the need for mediators and intermediaries, directly connects transaction participants, reduces transaction costs and time, and provides a more efficient and cost-effective transaction method.

Blockchain has become an effective solution to the security and performance issues of current cryptographic protocols because of its decentralized, immutable, and programmable nature. However, applying blockchain technology in cryptographic protocols also has some limitations. We summarize in Table 1 the advantages and limitations of common blockchain technologies, including public blockchain, consortium blockchain, private blockchain, and smart contracts applied in different cryptographic protocols.

According to Table 1, smart contracts enhance the efficiency and trust of cryptographic protocols through automated transparency, but they also present certain security and performance challenges. Private and consortium blockchains offer privacy protection and high performance but are hindered by centralization and complex trust models. In contrast, public blockchains improve security and trust through decentralization and transparency but suffer from privacy and performance issues.

Field of application

As shown in Table 2, the 1.0 stage of blockchain represented by Bitcoin mainly realizes the issuance and circulation of decentralized digital cryptocurrencies. In the application scenario of digital currency, blockchain successfully solves the double spending problem (Akbar et al. 2021) and the Byzantine Generals problem (Lamport et al. 1982) by combining digital encryption technology and a distributed consensus algorithm (Hussein et al. 2023) to establish a decentralized trusted system.

The emergence of Ethereum resolved the scalability issue of Bitcoin and advanced blockchain technology to its 2.0 phase. Ethereum builds applications through Turing-complete scripting languages to accommodate more complex and diverse application scenarios, such as smart contracts, non-homogeneous tokens, and decentralized finance. A smart contract is essentially an executable program that automatically enforces the terms of a contract when triggered by preset conditions, realizing the goal of “code is law”. The application of smart contracts signifies that blockchain is not only limited to cryptocurrency but can also run programmable programs to provide an interface to the blockchain application layer.

Unlike Bitcoin and Ethereum, which allow anyone to access, Hyperledger (Al-Sumaidaee et al. 2023) is a permissioned shared ledger running on the consortium blockchain. It has a highly modular and configurable architecture, which supports the innovation and optimization of enterprise applications. Furthermore, these cryptographic protocols can support a wide range of consensus mechanisms, allowing for more efficient customization based on specific use cases and trust models. This capability enables Hyperledger to provide transaction privacy and confidentiality for transactions and smart contracts.

Overview of cryptographic protocol

This subsection first introduces concepts and basic classifications of cryptographic protocols, followed by an overview of the implementation processes and ideas of typical protocols, and finally describes the security properties of cryptographic protocols.

Basic concepts and classifications

Cryptographic protocols (DeMillo et al. 1982) provide a series of steps with the help of cryptographic algorithms for parties with security needs and operate in networks or distributed systems. A complete cryptographic protocol requires at least two participants and is an organized process from beginning to end. In addition, before the protocol can be run, each participant must understand the protocol, know in advance all the steps to be accomplished, and agree to follow them. The definition of each step of the protocol needs to be clear and complete, not misleading and with specific actions for each possible scenario. The main purpose of a cryptographic protocol is not only to detect or prevent deceptive behaviors among protocol participants while completing a certain task but also to avoid sensitive information from being stolen or tampered with by attackers. Therefore, a good cryptographic protocol requires confidentiality, integrity, availability, non-repudiation, and resistance to attack.

In terms of the correlation between cryptographic protocols and specific applications, existing cryptographic protocols can be classified into two categories: fundamental security protocols and application security protocols (Fischlin 2023; Bernstein et al. 2022; Roy et al. 2022). Fundamental security protocols serve as the foundation for designing application security protocols or other security protocols, and are independent of specific applications. On the other hand, application security protocols are constructed by combining fundamental security protocols or cryptographic algorithms with specific applications, making them application-specific. In terms of the objectives that cryptographic protocols aim to achieve, existing cryptographic protocols can be classified into four categories: authentication protocols, key exchange protocols, authentication and key agreement protocols, and e-commerce protocols. As illustrated in Fig. 2, this manuscript primarily categorizes cryptographic protocols based on their intended objectives.

Cryptographic protocol overview

Full size image

1. 1.

   Authentication protocol Authentication is the process by which one entity can prove a claimed property to another entity. Based on these asserted characteristics, authentication protocols can be classified into two categories: message authentication (MA) and identity authentication (IA). The primary objective of MA is to ascertain the legitimacy of the message sender and ensure the integrity of the message itself. IA entails the verification of a user’s claimed identity to ensure its alignment with their actual identity. Common authentication protocols include cryptographic challenge-response protocol, two-factor authentication protocol and password authentication protocol, etc.

2. 2.

   Key exchange protocol Key exchange protocol facilitates the exchange of keys between two or more protocol entities. Depending on whether the shared key is unilaterally generated by one of the protocol entities, key exchange protocols can be classified as either key transfer protocols (KTP) or key agreement protocols (KAP). In KTP, the shared key to be exchanged is generated by one of the protocol entities and transferred to the other entities. In KAP, the shared key to be exchanged is derived by the protocol entities after exchanging one or more shared secret values and inputting them into a predetermined function. Common key exchange protocols include the Diffie-Hellman key exchange protocol, RSA key exchange protocol, Elliptic Curve Diffie-Hellman (ECDH) protocol.

3. 3.

   Authentication and key agreement protocol Authentication and key agreement (AKA) protocol first authenticate the identities of the communicating entities. Once authentication is completed, the subsequent step involves a key agreement process to establish a session key, guaranteeing secure communication. It is also the most commonly used security protocol in network communication. Common AKA protocols include the 5 G AKA protocol and LTE AKA protocol, etc.

4. 4.

   E-commerce protocol E-commerce protocol is designed for conducting electronic commerce activities. In addition to meeting the requirements of confidentiality, integrity, and non-repudiation as in general security protocols, it also emphasizes fairness and anonymity. Widely used electronic commerce protocols include the Secure Socket Layer (SSL) protocol (Bhatt et al. 2006), Secure Electronic Transaction (SET) protocol, Identity-Based Signature (IBS) protocol based on public key infrastructure (Lu et al. 2013), and non-repudiation protocol (Zhou and Gollman 1996).

In conclusion, authentication protocols are utilized to verify the identities of communication participants and ensure the integrity and authenticity of communication. Conversely, key exchange protocols serve the purpose of establishing shared keys between communication participants. Authentication and key agreement protocols amalgamate both authentication and key negotiation functions. Electronic commerce protocols are employed for secure communication and transactions in e-commerce environments, encompassing various aspects such as authentication, data encryption, digital signatures. Henceforth, they may encompass the functionalities of authentication protocols, key exchange protocols, and authentication and key agreement protocols.

Common cryptographic protocols

Next, in order to better understand the applications and importance of cryptographic protocols in the field of information security, this subsection will continue to explore the basic principles of four corresponding classic cryptographic protocols.

1. 1.

   Challenge-response protocol (Kushwaha et al. 2021). The Challenge-Response Protocol, which relies on cryptography, is a prevalent authentication protocol utilized for verifying the identity of communication participants. In this protocol, the sender (usually the service provider) sends a random challenge to the receiver (usually the client). The receiver computes the correct response using a pre-shared key or password and sends it back to the sender for verification. This ensures the legitimacy of the communication participants and defends against threats like man-in-the-middle attacks and password cracking.

2. 2.

   Diffie-Hellman key exchange protocol (Zhou et al. 2023). The Diffie-Hellman protocol is a key exchange protocol used to exchange keys securely. As is shown in Fig. 3, two communicating entities generate their own public and private keys using publicly known non-secret values and the same algorithm. Afterwards, a mutual exchange of public keys takes place, followed by the computation of an identical shared key using their respective private key and the public key of the other party. This protocol leverages the discrete logarithm problem, allowing both parties to compute the same key independently without transmitting the key during communication.

3. 3.

   5 G AKA protocol (Koutsos 2019). The 5 G AKA (5th Generation Authentication and Key Agreement) protocol is an authentication and key agreement protocol used in 5 G mobile communication networks to ensure secure communication between mobile devices and the network. In this protocol, the mobile device first sends an access request to the base station, then the base station sends an authentication request to the authentication center. The mobile device generates an authentication vector based on the random challenge returned by the authentication centre and the authentication request and sends the authentication vector to the base station. Upon receiving the authentication vector, the base station confirms the authentication, performs key agreement with the mobile device, and generates a session key for secure communication.

4. 4.

   Secure Socket Layer (SSL) protocol. SSL is a widely employed protocol that facilitates the establishment of secure communication connections on the web. In this protocol, the client and server engage in a handshake process to negotiate encryption algorithms, generate session keys, and perform authentication. Subsequently, data encryption and decryption are performed using the session key to guarantee the confidentiality and integrity of the communication. The implementation process of SSL involves steps such as generating and validating digital certificates, key exchange, encryption, and authentication.

Diffie-Hellman key exchange protocol process

Full size image

These protocols have different implementation processes and concepts, but they share the common goal of ensuring communication security and protecting participant identities. By utilizing cryptographic algorithms, key exchange mechanisms, and identity authentication, they provide secure communication and data transmission mechanisms. As shown in Table 3, we summarize the common techniques in the protocol.

The application of cryptographic protocols in financial systems (Friolo et al. 2022), business systems, military systems, and daily life is becoming increasingly common. In practical applications, cryptographic protocols often need to meet various requirements such as confidentiality, integrity, authentication, anonymity, and fairness. Among them, conducting security analysis on cryptographic protocols is a crucial step to ensure their resistance against attacks and meet security requirements. It helps identify potential vulnerabilities, weaknesses, and attack surfaces, enabling corresponding measures to be taken for repair and reinforcement. Additionally, security analysis aids in preventing unauthorized access, data leakage, identity forgery, and other security threats, thereby ensuring the confidentiality, integrity, and availability of communication and data.

On the other hand, performance analysis of cryptographic protocols involves evaluating aspects such as computational and communication consumption, scalability, compatibility, and resource consumption. Performance analysis facilitates optimizing and improving cryptographic protocol design and implementation, enhancing efficiency, throughput, and responsiveness.

The main security attributes of concern and performance analysis of current cryptographic protocols are summarized in Table 4. Thus, this section summarizes the main issues current cryptographic protocols face from security and performance perspectives.

Security analysis

Security analysis is a complex and continuous process that requires comprehensive consideration of threat models and attack types, as well as the adoption of appropriate defense strategies. During the analysis process, various techniques such as model detection, formal verification, and security proofs can be employed to assess the security of the protocol.

Threat model

The threat model defines the capabilities, objectives, and attack methods of attackers, as well as the sources of threats and attack paths within the system. It describes the behavior and capabilities of attackers against cryptographic protocols, specifying the potential attack methods they may employ. The existence of a threat model allows for evaluating the security of cryptographic protocols by analyzing the attack methods and capabilities defined in the threat model. Furthermore, it guides the design and development of cryptographic protocols by considering and addressing potential security issues through an understanding of possible attack methods and attacker capabilities.

As shown in Fig. 4, within the operating environment of the protocol, protocol entities refer to the entities that execute the protocol steps as required. At the same time, attackers do not follow the protocol steps. Therefore, in practical applications, designing a secure protocol is challenging due to the presence of attackers. Among numerous threat models, the Dolev-Yao model (Dolev and Yao 1983) is recognized as one of the better models, as it provides constraints on the capabilities of attackers but does not provide specific rules, making precise implementation challenging. In 2001, Canetti and Krawczyk proposed the CK model (Canetti and Krawczyk 2001) to model attackers. Still, this threat model does not include attacks related to the leakage of temporary keys by both participating parties or the leakage of static keys by participating parties. Therefore, LaMacchia, Lauter, and Mityagin introduced the extended CK (eCK) model (LaMacchia et al. 2007), which encompasses all the security above properties and is considered the strongest threat model currently available.

Summary of threat model

Full size image

Attack types

Attacks on cryptographic protocols typically refer to situations where, under the assumption of perfect encryption and protocol analysis, an attacker gains the trust of a subject in the protocol without being detected, thus disrupting a specific objective of the protocol. Attacks on cryptographic protocols can be classified into two categories: active attacks and passive attacks.

1. 1.

   Active attacks Active attacks involve attackers actively interfering with, modifying, or forging communication content. The goal of active attacks is to obtain keys or manipulate communication data for malicious purposes. Common active attacks include: replay attack, modification attack, denial of service attack, man-in-the-middle attack, impersonation attack.

   • Replay attack (Hazan et al. 2019): An attacker utilizes intercepted portions or all of previously sent messages to replay them during the interaction process, thereby interfering with the normal operation of the protocol.

   • Modification attack: An attacker manipulates messages transmitted during protocol execution, without being detected by the communicating parties.

   • Denial of Service (DoS) attack: An attacker inundates protocol participants with an excessive volume of burdensome messages within a short period, causing them to malfunction or become incapacitated.

   • Man-in-the-middle attack (Hayashi and Vázquez-Castro 2020): An attacker intercepts normal communication data without detection by either communicating party, enabling the attacker to sniff or alter the data and establish valid session keys with both communicating parties, all without their awareness.

   • Impersonation attack: An attacker successfully impersonates a legitimate entity within the system or communication protocol.

2. 2.

   Passive attacks Passive attacks involve attackers solely monitoring and analyzing communication data without interference or modification. The objective of passive attacks is to acquire sensitive information or keys exchanged between the communicating parties without detection. Common passive attacks include eavesdropping attacks and traffic analysis attacks.

   • Eavesdropping attack: Attackers gain unauthorized access to messages transmitted during protocol execution.

   • Traffic analysis attack: Attackers deduce the behavior, relationships, and sensitive information of the communicating parties by analyzing patterns, sizes, and timing of communication traffic.

Performance analysis

The performance analysis of cryptographic protocols aims to evaluate the efficiency and performance characteristics of the protocols to ensure that they can meet the requirements of practical applications. Performance analysis of cryptographic protocols generally focuses on two main aspects: computational consumption and communication consumption. In addition to these, performance analysis also encompasses scalability, resource consumption, and compatibility for a comprehensive analysis and evaluation of cryptographic protocols. It is important to note that these three aspects primarily occur when cryptographic protocols are tested in practical applications. The concept of performance analysis involves quantifying and evaluating the performance of cryptographic protocols through actual testing, simulation, or estimation. It may include an analysis of the following aspects:

1. 1.

   Computational consumption Evaluating the computational complexity of operations such as encryption, decryption, signing, and verification within the protocol, including algorithm execution time.

2. 2.

   Communication consumption Assessing the additional costs introduced during communication processes, including data transmission volume, message size, network latency, etc.

3. 3.

   Other aspects To select the appropriate cryptographic protocol for specific scenarios and environments, it is necessary to evaluate the protocol’s performance in handling large-scale or high-concurrency communications and consider the impact of an increasing number of participants on the protocol’s performance. Additionally, it is essential to measure the resources consumed by the protocol during processing, such as computational resources, memory usage, and network bandwidth. Finally, it is necessary to assess the applicability and compatibility of the protocol across different platforms, devices, and network environments, including the level of support for various operating systems, network protocols, and device types.

The blockchain provides an effective solution to the existing problems of current cryptographic protocols, relying on its decentralized, tamper-proof, and programmable characteristics. This section elaborates on the specific applications of blockchain in different cryptographic protocols. Since scenarios involving key exchange without authentication are rarely encountered in practical applications, we only summarize and analyze three categories in this manuscript: authentication protocols, authentication and key agreement protocols, and e-commerce protocols, as shown in Table 5.

Blockchain-based authentication protocols

In cryptographic protocols, authentication (Aboba et al. 2004) is the most fundamental security service and the foundation of information security. Authentication protocols are standardized protocols that ensure the integrity, timeliness, and authenticity of messages during communication. Blockchain-based authentication protocols have gained significant attention in recent years, leading to extensive research and study in this field. Cryptographic techniques such as digital signatures, digital certificates, anonymous authentication, and group authentication are commonly used in secure authentication protocols. The primary objective is to tackle the challenges of low authentication efficiency prevalent in current protocols, as well as to address the potential issues of single point of failure and privacy leakage associated with centralized authentication systems. Table 6 summarizes the applications of the above cryptographic techniques in authentication protocols.

Identity authentication

Traditional authentication mechanisms employed for safeguarding communications encompass Public Key Infrastructure (PKI)-based authentication, ID-based authentication, and certificateless authentication. Central authority serves as the foundation for these institutions, and it is important to note that certain instances may involve the implementation of intricate computational processes. The central authority is also called the trusted third-party entity, which provides users with identity registration and generates secret credentials or part of the credentials. After obtaining the credentials, users access the service provider to authenticate each other and obtain the corresponding services. However, the application of trusted entities typically faces the following two problems. Firstly, a trusted entity may become unavailable due to a single point of failure. Secondly, any attacker with authorized access to a trusted entity may alter or leak users’ private information.

To address these concerns, Vivekanandan et al. (2021) proposed a solution that segregates identity management from trusted entities. Additionally, they proposed the utilization of a public blockchain to manage user and service provider information. Using the public blockchain, mobile users can register and access multiple service providers simultaneously without relying on a trusted third party. The public blockchain network ensures the integrity of the data stored within it and protects the system from the impact of single points of failure. However, this scheme can not resist internal attacks and has high communication consumption. Moreover, storing data on a public blockchain presents challenges in guaranteeing comprehensive security, thereby increasing the risk of exposing users’ private information. The work presented in Grosu et al. (2022) centres around the idea of a virtual ID, which involves the utilization of an authorized virtual ID within a standard healthcare scenario. This virtual ID is then uploaded to the blockchain for verification. However, it should be noted that as transactions on the blockchain are publicly accessible, there is a potential risk of user data leakage with this scheme. Based on the literature mentioned above, blockchain technology offers an effective solution to the issue of a single point of failure. However, due to the openness of the public blockchain, it may still need fixing, such as user data leakage and high communication consumption in the identity authentication process.

In fact, there are practical applications for the decentralized identity (DID) approach. For instance, Microsoft’s Identity Overlay Network (ION) project leverages the Bitcoin blockchain to create a DID system that enables users to control their digital identities autonomously. ION is based on the Sidetree protocol, enabling users to control their data by managing the public key infrastructure. The ION network is designed so that no single person or entity controls a user’s identifying information, ensuring a decentralized public key infrastructure. This decentralization means that private and public key pairs are not managed by a central authority, fundamentally providing each user with secure access to identity data. However, the project still faces numerous real-world challenges. Current business models of companies like Facebook rely on profiting from data control. Additionally, users are already accustomed to the username-password model, and transitioning to the public-private key model entails significant user education costs.

Blockchain-based smart contract scheme (Krishnan et al. 2021)

Full size image

The Internet of Things (IoT) has become ubiquitous in industry and life but is also known for its weak security. Authentication is vital as the primary defense against many cyber-attacks (Qureshi et al. 2020), making it even more crucial for IoT applications. Krishnan et al. (2021) designed authentication for IoT provisioning process using smart contracts, which include access control lists, with each implementing access control for a pair of peers. Figure 5 illustrates the proposed scheme’s combination of blockchain technology, SxC security contracts, behavior fingerprinting based on manufacturer instructions, and software-defined networking. This integration forms a comprehensive framework aimed at managing the security of the industrial IoT ecosystem. The initialization process of all smart objects (IoT devices) involves the authentication and validation of each device within the deployment domain by utilizing the corresponding manufacturer’s Manufacturer Usage Description profile. Implementing this approach can effectively ensure the smooth operation and optimal performance of industrial-grade IoT devices within Industry 4.0 networks. Aiming at the problems of system complexity and storage overhead in blockchain-based IoT systems, Al Hwaitat et al. (2023) introduced a groundbreaking approach that encrypts user-end IoT data by combining homomorphic encryption and securely uploading it to the cloud. At the same time, hash calculation and MAC verification were used to reduce processing and communication consumption.

IoT, as a heterogeneous network, involves connecting objects with varying capabilities and resources to share information. The large number and dispersion of devices exacerbate the security and privacy challenges it encounters. Khashan and Khafajah (2023) introduced a hybrid authentication architecture combining centralized and distributed approaches. This scheme connects IoT nodes to distributed edge servers, which serve as centralized authentication points. In contrast, a blockchain network consisting of edge nodes offers distributed authentication to address the scalability challenge in heterogeneous IoT networks. This approach effectively tackles the scalability issue and ensures secure authentication across the network. A public blockchain validated a user’s public key in Lansky et al. (2021). By utilizing a smart contract, the Trusted Authority (TA) enters the authentic public key into the blockchain, which any member of the blockchain subsequently verifies. This enables the TA to update the system’s smart contract and incorporate a new identity. The public key of either the IoT device or server and the ability to revoke the corresponding identity are key components of this scheme. However, this scheme has some traceability.

In the automotive industry, the Internet of Vehicles (IoV) represents a common application of IoT technology. Its implementation has the potential to greatly optimize transportation efficiency, decrease energy consumption, and mitigate traffic accidents. Most existing IoV authentication protocols assume that all vehicles can only authenticate with a TA through Road-side Units (RSUs). RSUs function solely as intermediary nodes facilitating communication between vehicles and the TA. However, due to the high mobility of vehicles, the TA is required to complete authentication for all vehicles requesting interaction within a short timeframe. Therefore, the efficiency of these authentication protocols is vulnerable to the impact of communication and computational resource bottlenecks at the TA. To address this issue, Xu et al. (2021) employed blockchain technology to enable all TAs to collectively manage the ledger storing vehicle-related information, thereby preventing attackers from easily tampering with vehicle-related information in the blockchain. Moreover, the collaborative management of vehicle-related information by multiple TAs also facilitates cross-TA authentication for vehicles. Additionally, they offloaded the computational burden of TAs onto RSUs, thereby enhancing authentication efficiency.

Multi-factor Authentication (MFA) refers to the use of any combination of factors to authenticate an identity, with the goal of creating a multi-layered defense that makes it more difficult for unauthorized users to access the system. In contrast to single-factor authentication, MFA not only requires the user’s existing knowledge but also incorporates security tokens or biometrics to verify multiple independent credentials.

Attkan and Ranga (2022) noted that in peer-to-peer authentication of IoT devices, two-factor authentication relies on login credentials and mobile devices. In contrast, three-factor authentication includes the user’s biometrics as an additional layer, further enhancing the security of the authentication process. Tan et al. (2023) proposed a multi-factor authentication system designed to address user experience and privacy concerns in distributed trust applications. As shown in Fig. 6, this system allows a client to independently authenticate with multiple servers through a separate identity authentication process while concealing the system’s configuration files. Utilizing blockchain is a practical approach to ensure seamless connectivity among IoT devices and maintain network scalability. A secure repository of pre-generated and validated session keys can be established by leveraging blockchain. These keys can be accessed by the gateway or distributed to devices as necessary and released at the session’s conclusion. However, implementing such methods can be expensive and challenging when preventing eavesdropping and passive attacks. In their work, Kebande et al. (2021) introduced a blockchain-based multi-factor authentication model known as MFBC_eDS, specifically designed for vehicular clouds and cloud-enabled IoV. This model employs embedded digital signatures to facilitate authentication within the cloud environment. By integrating MFBC_eDS with the immutable ledger of blockchain transactions, the model establishes a higher level of trust, confidentiality, and integrity.

TLS-in-SMPC’s application to email/SMS authentication (Tan et al. 2023)

Full size image

Message authentication

Message authentication is the process of preventing intentional or unintentional tampering of transmitted and stored messages by encrypting or signing the message or message-related information. As an emerging technology for building trust, blockchain has significant advantages for message authentication efficiency through distributed consensus, immutable records, decentralized authentication, smart contracts, and removal of third-party trust. Still, it also brings some other security issues. For example, the application of authentication schemes in heterogeneous scenarios may no longer be applicable, or the trade-off between privacy concerns of authenticated users and authentication efficiency may need to be considered at a fine-grained level.

In their research, Son et al. (2022) explored the handover process of V2I authentication protocols within the IoV environment. They proposed a framework where RSUs can function as nodes within a consortium blockchain, enabling the exchange of information to facilitate seamless handover authentication. Feng et al. (2019) proposed a privacy-preserving authentication system called BPAS for VANET. This system leverages blockchain technology to ensure authentication while automatically safeguarding the privacy of vehicles. The system can automate and promptly query vehicle public keys by utilizing smart contracts. The RSU or the vehicle then verifies the message’s authenticity based on its public key. Furthermore, the system adopts a consortium blockchain as its decentralized underlying architecture. Any permitted entity can access the information through blockchain transactions. At the same time, the blockchain administrator can verify the new status of all transactions and smart contracts and give the consensus mechanism to upload them to the blockchain. Wang et al. (2023), on the other hand, constructed a lightweight cross-domain authentication framework supporting blockchain and used edge servers to assist intelligent devices in realizing cross-domain authentication. Compared with the existing framework supporting blockchain, this framework reduces the complex organizational structure and effectively reduces the redundant interaction between entities.

Multi-layer blockchain-based IoT authentication relies on the concept of clustering in the IoT grid to enhance its coverage while reducing the load and energy of the grid and improving communication efficiency by utilizing the hyperledger for secure peer-to-peer communication between IoT nodes. The network model architecture of the multi-layer blockchain is shown in Fig. 7. However, such schemes are affected by the blockchain configuration, and the number of users, endorsement nodes, number of channels, and block size all contribute to communication delays. Tan et al. (2022) designed a distributed and lightweight authentication service for industrial Unmanned Aerial Vehicles (UAVs) that integrates blockchain technology, which writes the relevant operations of authentication information into smart contracts and uses multiple end nodes to jointly manage the blockchain to provide authentication services for industrial UAVs. Both industrial UAVs and ground control stations, as users, can access or update the information stored in the blockchain for secure authentication purposes. They can leverage the respective smart contract application programming interfaces (APIs) to perform these actions and ensure the integrity of the authentication process. However, this solution still carries certain security risks due to the lack of detection mechanisms for abnormal users, UAVs, and control stations.

Multi-layer blockchain network model architecture

Full size image

Blockchain-based authentication and key agreement protocols

The use of mutual authentication in cryptographic protocols is widely regarded as a dependable approach to address security vulnerabilities, including security attacks and privacy concerns, that may occur during communication. Authenticated Key Exchange (AKE) protocol enables both parties to securely exchange session keys and establish a secure channel. However, active attackers with significant and realistic capabilities can pose serious threats to AKE protocols. Jager et al. (2021) provided a weak-to-strong secure implicit authentication two-message AKE protocol, which relies on the multi-user security of the underlying NCKE scheme. The NCKE scheme extends non-committing key encapsulation (NCKE) from recipient non-committing encryption to a corrupted multi-user setting and constructs a random Oracle model from any smooth projective hash proof system. Pan et al. (2023) constructed a tightly secure authenticated key exchange protocol in lattices, which is based on a new security notion with a key encapsulation mechanism. Eldefrawy et al. (2023) utilize AKE to enhance the technical state of covert authentication, achieving secrecy and security in enabling steganographic channel authentication in networks with discriminatory entity control. Password-authenticated key exchange (PAKE) enables communication parties to securely establish a shared session key as long as they share a low-entropy secret. This reflects passwords typically being represented in short, human-readable formats and chosen from a set of possible values. Abdalla et al. (2022) proposed two PAKE protocols based on commutative group actions. The first protocol can be executed in a single round, with both parties sending two set elements for each password bit to prevent offline dictionary attacks. In the second protocol, only one set element is required for each password bit, but one party must first commit to its message.

Different from AKE protocol, Authentication and Key Agreement (AKA) (Turkanović et al. 2014; Xue et al. 2013; Zhang and Fang 2005; Arkko and Haverinen 2006) protocol puts more emphasis on the process of key agreement, and performs identity authentication during the process of key agreement. Even if an attacker is listening to the network transmission between the client and the server, the two can still use the key agreement mechanism for negotiation and establish a session key known only to them, which is then used to establish secure communication. Therefore, secure AKA protocol is the basic module for the construction of complex and integrated communication protocols. Table 7 summarizes three types of key agreement according to the different algorithms used by the key agreement mechanism.

In the past few years, a plethora of AKA protocols have emerged, each tailored for different environments. These protocols incorporate cryptographic components such as message authentication codes (Bellare et al. 1998) and secret sharing (Hou et al. 2023), which have become prevalent in the design of AKA protocols. The 5 G Authentication and Key Agreement (5 G-AKA) protocol, standardized by the Third Generation Partnership Project (3GPP), has been found to maintain privacy only in the presence of passive attackers, leaving it susceptible to active attackers launching linkability attacks, DoS attacks, and distributed denial-of-service (DDoS) attacks, compromising user privacy. Wang et al. (2021) proposed a privacy-preserving solution for the 5 G system AKA protocol, leveraging the inherent key encapsulation mechanism of ECIES to establish shared keys and encrypt queries sent to home networks. This solution is designed to withstand linkability attacks from active attackers and is compatible with currently deployed service networks.

For general AKA protocols, PKI-based mutual authentication schemes can ensure establishing and maintaining trust among entities within a communication system. Nevertheless, the issuance of certificates by a single Certificate Authority (CA) can lead to challenges such as high computational and communication overhead due to the large size of the certificates. Furthermore, this centralized approach increases the risk of a single point of failure. Identity-based encryption schemes offer a potential solution to address the challenges associated with certificate management. These schemes eliminate the need for traditional public key certificates by directly using user identities as public keys. This simplifies the certificate management process and reduces the computational and communication overhead associated with certificate-based encryption systems. Baird et al. (2022) modeled time periods or epochs as identities in the identity-based encryption scheme and implemented time-release encryption on the blockchain using smart contracts. However, a drawback of identity-based encryption schemes is the necessity to reveal the true identity of one entity to another during the encryption and decryption process. This requirement can potentially raise privacy concerns and compromise the confidentiality of the communicating parties. Utilizing a ring signature-based scheme presents a potential solution to avoid the need for identity disclosure to the verifier. However, this approach has its drawbacks. Some inherent limitations of ring signature-based schemes include the lack of traceability for malicious users, high computational and communication overhead, and the absence of flexible participation options.

To avoid potential overlap and intersection resulting from classifying protocols based on protocol types, application domains, or key agreement methods, this subsection categorizes key agreement protocols into two types based on the number of participants involved: two-party key agreement and multi-party key agreement.

Two-party authentication and key agreement

In a two-party key agreement protocol, two parties engage in the negotiation of a shared session key over an open channel, where any participant has the ability to influence the final outcome. In contrast, the two-party AKA protocol guarantees the authenticity of the communicating entities based on the above conditions.

In the edge computing-based Smart Grid (SG) system, Wang et al. (2019) proposed a solution where only the edge servers are incorporated into the blockchain network, while the end users, such as smart meters, are not required to participate. This approach ensures the anonymity of user identities. Furthermore, using smart contracts for key management ensures that only the registration authority of the end users can associate the public key with their actual identities. The smart contract that records key materials helps in proving key revocation. As a result, the requirement for a trusted central authority is eliminated, thereby mitigating the risk of a single point of failure. However, in the emerging paradigm of blockchain-powered intelligent edge, traditional key agreement protocols in public key cryptography are often deemed overly complex and resource-intensive for edge and terminal devices. Additionally, these protocols are not resilient against side-channel attacks. Identity-based protocols can be conveniently implemented in blockchain-powered intelligent edge environments and resist side-channel attacks. However, existing protocols often involve time-consuming pairing computations and do not address side-channel attacks against the Key Generation Center (KGC), which is responsible for key generation. Therefore, Zhang and Zhang (2021) two identity-based AKA protocols are proposed to resist side-channel attacks against the KGC and users in blockchain-powered intelligent edge scenarios. These protocols utilize a blockchain ledger to track the processed data.

The integration of edge computing services has led to significant success in the field of mobile blockchain. Owoh and Singh (2019) applied this concept to mobile crowd sensing for secure data transmission between mobile blockchain clients and edge nodes. In this scenario, the edge nodes play a crucial role by performing proof-of-work computations on the sensor data received from the blockchain clients. After the data is successfully verified, the edge nodes proceed to append the verified data to the blockchain. Public key encryption techniques are used to establish keys between blockchain nodes, enabling key agreement between the clients and edge nodes. In order to address the potential privacy leakage issues in crowdsourcing systems during communication, Wazid et al. (2022) proposed a scheme that utilizes blockchain technology to establish secure session keys between remote users and cloud servers, ensuring the security of data transmission, as shown in Fig. 8. However, further optimization and improvement are needed to enhance the communication and computational efficiency of this scheme.

Blockchain secure communication model for crowdsourcing

Full size image

Xie et al. (2023) utilized blockchain technology to offer registration and authentication services for users within a system. By leveraging the blockchain, registration information can be shared among different domains, facilitating cross-domain AKA for users. However, the practicality of blockchain networks built by trusted entities is limited, often requiring a trusted third party for key generation. Therefore, Wei et al. (2023) deployed the proposed AKA scheme on a public blockchain. They utilized smart contracts to establish an access management mechanism for vehicles and significantly reduced on-chain storage costs using probabilistic data structure techniques.

The Certificateless Authenticated Key Agreement (CLAKA) (He et al. 2012) protocol is a significant method that effectively resolves the concerns regarding third-party trust in key agreement. It reduces the burden of certificate management during storage and message exchange. Blockchain’s distributed, shared, and tamper-proof characteristics allow participants to confirm transactions without the need for a certificate authority, making it attractive in CLAKA protocols.

In Wireless Body Area Networks (WBAN), transmitting sensitive data from users to a central server for processing and storage exposes the information to potential security threats posed by malicious attackers. Mwitende et al. (2020) introduced a pairing-based certificateless key escrow scheme. The scheme provided improved security and privacy features within WBAN environments. This scheme involved the establishment of a session key during the initial phase of communication and employed ring signatures for the authentication of blockchain nodes in the subsequent phase. Using ring signatures reduces computational costs and ensures the anonymity of blockchain nodes. Similarly, Mwitende et al. (2020) established a session key between WBAN user personal digital assistants and blockchain nodes to ensure secure communication while providing characteristics such as immutability and verifiability. However, neither of these schemes applies to heterogeneous networks.

Ngo et al. (2021) introduced a new encryption scheme called the Witness-Key-Agreement (WKA) protocol. In this scheme, each party commits to their private information and anonymously publishes their commitment on the public ledger. It allows one party (the verifier) to securely reach agreement on keys with another party (the prover) holding secret witnesses, provided that the latter still possesses the necessary secret witnesses and commitment information for the required relationship. WKA utilizes the public ledger to broadcast messages, enabling one party to send readable messages to others through an anonymous network. This scheme is applicable to private auctions in financial intermediaries, where one party wishes to communicate privately with another party to fulfill committed financial information for a given interest relationship R.

R3-Corda is a distributed ledger based on a consortium blockchain, serving real-world financial activities while meeting the core characteristics of moderate information visibility and high performance. To meet specific application requirements, each node owner in a bank must undergo the Know Your Customer (KYC) process to obtain an identity certificate before joining Corda. After joining the network, they need to publish proof of their legal name, IP address, and public key, among other information, to the network map service. Nodes can then use this network map service for private, peer-to-peer, TLS-encrypted message exchange when transacting with counterparts. In the Corda system, transactions are referred to as flows, encompassing the essential functionalities and typical transaction processes used in daily trading activities. In each transaction, Corda uses a session key to encrypt communication data. These session keys are dynamically generated through an AKA protocol, ensuring each transaction has a unique encryption key. Although R3-Corda has essentially achieved the three main goals of moderate information visibility, high system performance, and connectivity with the real world, there are still some outstanding issues. For example, Corda’s tendency to overemphasize real-world requirements may lead to stagnation in the development process due to entanglement in various complex situations. Additionally, many specific implementation details in Corda are still relatively sensitive and require further improvement.

Multi-party authentication and key agreement

In contrast to the two-party key agreement, a multi-party key agreement encompasses three or more participants, aiming to facilitate the establishment of a shared key among all participants to enable secure communication and data transfer. As a result, designing an efficient Group Key Agreement (GKA) protocol (Kim et al. 2004; Guo and Zhang 2010; Zhang et al. 2022) is paramount in guaranteeing the security of multi-party communication. Over the past years, researchers have proposed numerous GKA protocols. However, existing protocols often need help with common issues. For example, before negotiating a group key, group members must authenticate each other, which incurs significant computational and communication consumption. Additionally, these protocols may lack scalability and are prone to single points of failure. The prevailing approach in most of these protocols is to employ a centralized architecture (Chien 2018), where a central key server assumes the responsibility of securely and efficiently distributing the group key to the members. However, the storage of private data in a central key server exposes it to the risk of potential attacks.

Xu et al. (2020) suggested the utilization of a blockchain consisting of multiple key distribution centers to store the public parameters and registration details of all group members. This approach effectively resolves the problem of a single point of failure while ensuring the immutability of stored parameters and information within the blockchain. Moreover, leveraging blockchain technology allows group members to join any group within the system after registering on any server, thereby enhancing convenience. It is worth noting that many existing authentication and group key agreement protocols lack anonymity and untraceability, which are crucial factors in the face of escalating security risks. To address this issue, they introduced a time-sensitive token that each group member applies for during the initial authentication and subsequently checks for its validity during subsequent authentication, reducing computational and transmission costs (Xu et al. 2021). All Private Key Generators (PKG) collectively maintain a distributed ledger based on blockchain technology that stores all device-related information. In the event of a failure of an individual PKG, other PKGs that are functioning properly can take over to perform tokenless authentication and group key generation.

In a static group, the composition of group members remains unchanged until the communication session ends. Hence, in the event of any changes in the group members, it is necessary to execute the entire protocol from the beginning for all participants in the group. However, for effective dynamic group key agreement, dynamic protocols are more suitable.

In their study, Taçyıldız et al. (2020) utilized Hyperledger to offload the communication and verification costs of dynamic group key agreement participants onto the blockchain network, significantly reducing the computational burden for participants in the group key protocol, as modeled in Fig. 9. While blockchain technology effectively addresses the issue of unreachable network nodes in dynamic group key agreements, common challenges remain, such as potential redundancy in key agreement construction and the presence of malicious users within the group.

B-GKAP model (P: Group Participant; NP: Network Participant) (Taçyıldız et al. 2020)

Full size image

Asymmetric Group Key Agreement (AGKA) involves the establishment of an encryption key that can be accessed by any entity within a group. However, each user within the group possesses a distinct decryption key.To elaborate further, in addition to the group users themselves, any external user who possesses the negotiated encryption key has the ability to send encrypted messages to users within the group. The Industrial Internet of Things (IIoT) is characterized by its distributed, open, and heterogeneous network system, making it challenging to ensure synchronized online key agreements among users in IIoT. To tackle this challenge, Li et al. (2022) presented a novel AGKA protocol that leverages both blockchain technology and IIoT attributes. This protocol enables fine-grained access control, ensures the confidentiality of user identity information, maintains the integrity of transaction information through the tamper-proof nature of the blockchain, and employs smart contracts for automated verification.

Vehicular ad-hoc networks (VANETs) have attracted considerable interest due to their ability to improve traffic efficiency and safety. However, the insecure wireless communication channel in VANETs faces various security threats, such as eavesdropping, tampering, and spoofing attacks. In response to these challenges, a multitude of group key agreement protocols have been developed specifically for VANETs. Nevertheless, a significant drawback of many of these protocols is their heavy reliance on a TA for tasks such as identity authentication or group key generation. This reliance on a single entity introduces a potential single point of failure. In Li and Yin (2022), an approach is proposed where RSUs and On-board Units (OBUs) independently engage in group key agreement, mitigating the risk of a single point of failure. In this protocol, the TA is a trusted entity that registers OBUs and forms an alliance blockchain with RSUs for identity authentication. In the scenario where a vehicle joins or departs from the group, the RSU initiates the process of renegotiating a new group key. This protocol effectively eliminates the need for a trusted third party in both the authentication and key agreement processes, thereby thwarting attackers from obtaining additional information about the group key. Furthermore, utilizing blockchain technology allows for the storage of legitimate and revoked short-term public keys of vehicles, enabling further identity authentication and key agreement.

Blockchain-based e-commerce protocols

Authentication protocols and authentication and key agreement protocols focus on ensuring the authentication of communication parties and establishing agreed-upon temporary session keys, thereby providing necessary security guarantees for e-commerce transactions. E-commerce (Treiblmaier and Sillaber 2021) refer to the manner of buying and selling goods on the internet, altering the traditional offline transaction model and overcoming the temporal and spatial constraints inherent in traditional trading practices, thereby becoming an integral part of people’s daily online activities. They encompass various aspects such as authentication, data encryption, and digital signatures, potentially incorporating functionalities of authentication protocols, key exchange protocols, and authentication and key agreement protocols. The security issues of e-commerce have become increasingly sensitive concerns for people, and security is also the primary key factor that e-commerce protocols need to consider. The main security aspects of EC include:

1. 1.

   Availability As a form of trade, e-commerce requires corresponding controls or preventive measures against potential threats such as network failures, operational errors, or application malfunctions to ensure that trade information is available at the intended time and place.

2. 2.

   Confidentiality: Since e-commerce takes place on the open Internet, ensuring the protection of trade secrets is an important concern. It is necessary to prevent unauthorized access and ensure that trade information is not unlawfully intercepted during transmission.

3. 3.

   Integrity Although e-commerce simplifies trade processes, it also brings challenges in maintaining the consistency and integrity of information among trading parties. Discrepancies in trade information may arise due to intentional or unintentional errors during data input or inconsistencies in data transmission, such as data loss, duplication, or sequencing differences. Therefore, integrity in e-commerce is also a significant factor to consider.

4. 4.

   Non-repudiation Trading parties should not be able to deny their actions in the trade. Typically, including reliable and valid identifiers in the transaction information helps address this issue.

5. 5.

   Authenticity During the trade process, trading parties must confirm the identity of the expected counterpart. Ensuring the authenticity of counterparties is a primary concern in facilitating smooth e-commerce transactions.

6. 6.

   Accountability E-commerce requires individuals or organizations participating in trade to be accountable for their actions during electronic transactions.

7. 7.

   Fairness Unlike other protocols, e-commerce particularly emphasizes fairness. If a transaction is successful, both parties should be able to obtain the expected goods or information, while if the transaction fails, neither party should benefit from the trade.

Table 8 summarizes the classic electronic commerce protocols, including commonly used protocols such as Secure Hypertext Transfer Protocol (S-HTTP), internet Keyed Payments (iKP), Secure Socket Layer (SSL), Secure Electronic Transaction protocol (SET), and more. Nonetheless, in traditional X.509 Public Key Infrastructure, the reliance on Certificate Authorities (CAs) for certificate issuance is a common practice. These certificates are subsequently employed in SSL/TLS to authenticate web servers and establish secure channels. Recent security incidents have brought to the forefront the potential risks associated with CAs issuing fraudulent certificates. To address this, Wang et al. (2020) proposed a solution where the CA-signed certificates of SSL/TLS web servers and their revocation status information are published as transactions by the entities (web servers), and community miners attach them to the global certificate blockchain after validating the transactions and mining blocks. The certificate blockchain functions as a publicly appended log, enabling the monitoring of CA certificate signing and revocation operations. Simultaneously, SSL/TLS web servers are granted collaborative control over their certificates, thereby providing a balance to the absolute authority traditionally held by CAs in the PKI model. Chen et al. (2018) introduced a new entity to record certificate operations on the blockchain for public auditing. Enhancements to the PKI model, such as log-based approaches like certificate transparency, mitigate man-in-the-middle attacks that can arise from compromised CAs in TLS. Nevertheless, log-based solutions often lack adequate incentives for logs and monitors, and they may also fail to provide domains with actionable steps to address improper CA behavior. Stephanos and Reischuk (2016) introduced a blockchain-based enhancement to the PKI model that offers automated responses to improper CA behavior. Additionally, it incentivizes individuals who contribute to the detection of such behavior.

The convergence of e-commerce with the IoT has given rise to a new business model that revolves around autonomous transaction management directly conducted on IoT devices. Nonetheless, existing IoT-based e-commerce systems are typically composed of numerous fragmented and lightweight IoT devices, requiring an autonomous, responsible, and lightweight Machine-to-Machine (M2M) framework. Liu et al. (2018) proposed a design for a three-layer sharded blockchain network, which resulted in improved transaction efficiency and system scalability. To detect illegal and criminal transactions and facilitate crime tracing, they employ a decentralized searchable encryption scheme. The e-commerce platform integrates a reputation system that enables customers to provide ratings and feedback on suppliers following transactions. Existing reputation systems often rely on centralized servers, making them susceptible to arbitrary tampering. Additionally, cross-platform reputation access is not provided.

The system model of Repchain (Li et al. 2021)

Full size image

Privacy leakage is a concern when reputation ratings are linked to sensitive user information, such as identity. Li et al. (2021) introduced RepChain, a privacy-preserving reputation system designed for e-commerce platforms, as depicted in Fig. 10. This system is built on blockchain technology and enables collaboration and reputation sharing among all e-commerce platforms by collectively constructing a consortium blockchain. The reputation process is modeled as a finite state machine, allowing for efficient management and utilization of user reputation data. In order to protect customer identity and mitigate multiple rating attacks, the system utilizes single-display anonymous credentials constructed using a two-step blind signature approach. This methodology effectively preserves customer anonymity while safeguarding against fraudulent rating activities. The system also employs zero-knowledge proofs to verify the correctness of ratings and defend against anomalous rating attacks. This technique allows for the validation of ratings without revealing any sensitive information, thereby ensuring the integrity of the rating process. Zhou et al. (2021) proposed a method in which user reputation scores are stored on the blockchain. Smart contracts are then utilized for reputation assessment, ensuring the immutability of reputation scores within the system.

OpenBazaar is a decentralized e-commerce platform based on Bitcoin and Ethereum blockchains. It enables users to engage in peer-to-peer transactions for goods and services without relying on any intermediaries or third-party payment systems. It supports cryptocurrency payments only (including BTC, BCH, LTC, and ZEC), which reduces transaction costs and enhances user privacy protection. OpenBazaar utilizes Bitcoin’s scripting language to create smart contracts for decentralized transaction processing. These contracts automatically execute conditions, such as releasing goods information upon payment confirmation, ensuring fairness and security in transactions. The decentralized nature of OpenBazaar does offer some features not present in traditional shopping methods, such as zero transaction fees, self-regulation, and transparency. However, due to the existing convenience of online shopping platforms, it is currently challenging to sell products on OpenBazaar. Additionally, despite the introduction of moderators, it is still difficult to convince users to trust its security.

The research on the application of blockchain in cryptographic protocols has made significant progress. By combining blockchain technology with cryptography, more secure, decentralized, and trusted solutions for cryptographic protocols can be provided. Existing studies have shown that blockchain can be applied in areas such as identity authentication protocols, authentication and key agreement protocols, and e-commerce protocols, offering improved security, privacy protection, and verifiability.

However, there are still challenges and unresolved issues in the application of blockchain in cryptographic protocols. These challenges include security and privacy protection, performance and scalability, trust and decentralization, compatibility, and interoperability, among others. Addressing these challenges requires further research and innovation to propose viable solutions.

In future research, it would be beneficial to focus on the following aspects:

1. 1.

   Security and privacy protection Further research on improving the security and privacy protection of blockchain in cryptographic protocols. Exploring new encryption algorithms, anonymous identity verification schemes, and privacy protection techniques can provide stronger security and privacy.

2. 2.

   Performance and scalability Investigating ways to enhance the performance and scalability of blockchain in cryptographic protocols. Exploring new consensus algorithms, storage structures, and network communication protocols can improve throughput, reduce latency, and address issues related to large-scale deployment and high loads.

3. 3.

   Trust and decentralization Exploring how to fully leverage the trust and decentralization features of blockchain in cryptographic protocols and address potential trust issues. Investigating decentralized identity verification, trust models, and consensus mechanisms can enhance the trustworthiness and decentralization of cryptographic protocols.

4. 4.

   Compatibility and interoperability Exploring how to achieve interoperability between different blockchains to facilitate the application of cryptographic protocols. Researching standards and protocols for cross-chain interoperability can enable seamless collaboration and data exchange between other blockchains.

To address the challenges mentioned above, consider the following solutions:

1. 1.

   Leveraging a layered design By combining blockchain technology with traditional cryptographic protocols and adopting a layered design approach, different security and privacy protection mechanisms can be applied to other layers, striking a balance between security and performance.

2. 2.

   Optimizing algorithm and protocol design Optimize the design and implementation of encryption algorithms, authentication protocols, and key management mechanisms to reduce computational and communication overhead and improve performance. This can involve using more efficient algorithms, reducing communication data size, and optimizing protocol flow, among other techniques.

3. 3.

   Integration of hardware acceleration and optimized implementations Utilize hardware acceleration and dedicated devices to provide more efficient encryption and decryption operations. Optimize implementations to reduce computational and communication overhead, thereby improving performance and efficiency.

4. 4.

   Comprehensive performance testing and evaluation Conduct thorough performance testing and evaluation to understand the protocol’s performance under different conditions and find a balance between security and performance. This ensures that the protocol meets security requirements while maintaining good performance in real-world applications.

Through ongoing research and innovation, we can further enhance the application of blockchain in cryptographic protocols, addressing issues related to security, performance, and privacy protection, thereby advancing the development and practical application of cryptographic protocols.

Not applicable.

We would like to thank the anonymous reviewers and editors for detailed commentsand useful feedback.

This work was supported by the National Natural Science Foundation of China (No. U23A20305, 62172435, 61872449) and the Zhongyuan Science and Technology Innovation Leading Talent Project, China (No. 214200510019), the Science Foundation for the Excellent Youth Scholars of Henan Province (No. 222300420099), Natural Science Foundation of Henan (No. 242300421414).

Authors and Affiliations

1. Information Engineering University, Zhengzhou, 450001, China

   Xiangyang Luo, Xingxing Chen & Qingfeng Cheng

2. Key Laboratory of Cyberspace Situation Awareness of Henan Province, Zhengzhou, 450001, China

   Xiangyang Luo & Xingxing Chen

3. Xidian University, Xian, 710000, China

   Xiaofeng Chen

Contributions

All authors have seen the manuscript and approved to submit to your journal.

Corresponding author

Correspondence to Xingxing Chen.

Competing interests

The authors declare that there is no confict of interest regarding the publication of this paper.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Reprints and permissions