0% found this document useful (0 votes)

50 views17 pages

TP-PBFT: A Scalable PBFT Based On Threshold Proxy Signature For Iot-Blockchain Applications

Uploaded by

Nilkantha Garain

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

50 views17 pages

TP-PBFT: A Scalable PBFT Based On Threshold Proxy Signature For Iot-Blockchain Applications

Uploaded by

Nilkantha Garain

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 17

This article has been accepted for publication in IEEE Internet of Things Journal.

This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2023.3347232

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022

TP-PBFT: A Scalable PBFT Based on Threshold

Proxy Signature for IoT-Blockchain Applications
Fei Tang, Tingxian Xu, Jinlan Peng, Ning Gan

Abstract—Consensus protocol is one of the core technologies [15]–[17], healthcare [18]–[21], etc. The integration of the
of IoT-blockchain applications, which is used to ensure the con- IoT and blockchain has attracted widespread attention and
sistency of data between terminal devices that do not trust each demonstrated significant potential. Zhang et al. [21] applied
other. Practical Byzantine Fault Tolerance (PBFT) is a typical
consensus algorithm. Due to its advantages of low computational the IoT-blockchain technology to the field of healthcare,
power and complexity, PBFT is deemed more suitable for IoT- and proposed a blockchain-based hierarchical data sharing
blockchain applications. PBFT can tolerate 1/3 faulty nodes in a framework (BHDSF) to address the challenges of data privacy,
blockchain network, which can be malicious or unresponsive. integrity, and secure sharing. Kamruzzaman et al. [22] focused
In this work, if a node does not respond to messages from on delineating the impact and potential of blockchain, IoT, and
other nodes, it can be regarded as an offline node. Therefore,
when more than a third of the nodes go offline, the blockchain fog computing on healthcare services in the context of smart
network breaks down. However, in IoT applications, this situation cities. Considering the importance of data security under the
is likely to occur and greatly limits the security and stability of background of data explosion, Tchagna et al. [23] proposed a
IoT-blockchain networks. In order to solve the above problem, blockchain method to guarantee the security of data in the IoT
we propose a novel threshold proxy signature-based PBFT (TP- architecture. With continuous technological advancements and
PBFT) consensus for IoT-blockchain applications. We construct
a new threshold proxy signature scheme that enables the proxy expanding application scenarios, IoT-blockchain applications
signers to sign messages on behalf of the offline nodes. In are expected to play an increasingly important role in the
addition, we design a “two-step clustering” method to construct a future, driving digital transformation and intelligent upgrading
double-layer architecture that improves the scalability of PBFT. across various industries.
Meanwhile, a reputation mechanism is introduced to evaluate the In the IoT scenarios, terminal devices can directly access
quality of the nodes. The experimental results show that our TP-
PBFT consensus protocol can reach consensus when the number source data, which solves the problem that blockchain can only
of offline nodes more than 1/3. guarantee the security of on-chain data but cannot guarantee
its authenticity. The blockchain has characteristics such as
Index Terms—Internet of Things (IoT), blockchain, PBFT
consensus protocol, threshold proxy signature decentralization, anti-tampering, and data traceability, which
effectively address issues related to data access, collaboration,
management, security, and credibility in the IoT. In IoT-
I. I NTRODUCTION blockchain applications, terminal nodes collect data through

W ITH the rapid development of 5G communication

technology, the Internet of Things (IoT) has higher
requirements on data security, privacy, and other aspects [1]–
sensors and participate in the consensus process as nodes in
the blockchain network.
However, IoT-blockchain applications also face some chal-
[3]. As a result, the integration of blockchain technology and lenges in terms of scalability and offline tolerance [24]–
IoT has been proposed, which can be referred to as IoT- [26]. Since the terminal devices work in a relatively open
blockchain technology. space, it can communicate and exchange data without manual
The IoT-blockchain applications are showing an increas- intervention, they are also more vulnerable to attacks when
ingly wide range of applications in various fields [4]. Espe- they participate in the consensus process as blockchain nodes
cially in areas such as the Internet of Vehicles [5]–[7], the [27]–[29]. In this study, we address the challenges of applying
industrial IoT [8]–[10], smart cities [11]–[14], smart homes blockchain technology in the IoT from a consensus perspec-
tive. There are many popular consensus protocols currently,
This work was supported by the National Defense Basic Research Program
(JCKY2020205C013). such as Proof of Work (PoW) and Proof of Stake (PoS)
F. Tang is a professor with the School of Cyber Security and Information which are widely used in public blockchains. However, most
Law and School of Computer Science and Technology, Chongqing Univer- IoT devices are lightweight devices, such as mobile devices
sity of Posts and Telecommunications, Chongqing 400065, China (email:
[email protected]). or sensors, which have limited computing capabilities. This
T. Xu, J. Peng are graduate students at the School of Computer Sci- makes it difficult for them to perform expensive mining work.
ence and Technology, Chongqing University of Posts and Telecommuni- While, Practical Byzantine Fault Tolerance (PBFT) [30] is
cations, Chongqing 400065, China (email: [email protected];
[email protected]). considered more suitable for consensus in IoT-blockchain ap-
N. Gan is a graduate student at the School of Cyber Security and plications due to its advantages of requiring low computational
Information Law, Chongqing University of Posts and Telecommunications, power, low complexity, low execution cost, and low latency
Chongqing 400065, China (email: [email protected]).
Manuscript received XX XX, 2022; revised XX XX, 2022. [1], [31]. PBFT is capable of tolerating Byzantine faults and

Authorized
Copyrightlicensed use limited
(c) 2022 IEEE. to: Personal
Indian Institute
use ofofTechnology (ISM)isDhanbad.
this material Downloaded
permitted. However,onpermission
January 17,2024 at 11:16:44
to use UTC from
this material forIEEE
any Xplore. Restrictionsmust
other purposes apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
be obtained from the IEEE by sending a request to [email protected].
This article has been accepted for publication in IEEE Internet of Things Journal. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2023.3347232

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 2

TABLE I
C OMPARISON OF EXISTING LITERATURE WITH THE PROPOSED SCHEME

Author Description Addressed challenges Year

The article proposed a scalable dynamic multi-agent hierarchical PBFT protocol
(SDMA-PBFT). Compared with the traditional PBFT consensus algorithm, this scalability, efficiency,
Feng et al. [38] 2018
scheme reduces the communication cost and realizes the dynamic entry and exit flexibility
operations of consensus nodes in the blockchain system.
The article described a dynamic PBFT protocol that allowed nodes to join or leave
Xu et al. [39] scalability, flexibility 2018
from the consensus network without stopping the whole system.
The article described an optimal double-layer PBFT model, which reduced the
Li et al. [37] complexity of communication among nodes, enhanced the scalability of consensus scalability, fault tolerance 2020
nodes, and increased the maximum threshold of fault tolerance for nodes.
The article proposed an IoT adaptive dynamic blockchain networking method based
on discrete heartbeat signals. It realized the dynamic adaptation of the IoT blockchain
Hu et al. [26] flexibility 2020
network. Even when more than 1/3 of the IoT devices were offline, the adaptive
dynamic IoT blockchain network maintained stable operation.
The article proposed a high energy efficiency PBFT consensus protocol designed for
energy-constrained IoT-blockchain applications. In this proposed PBFT protocol, they
Xu et al. [31] security, efficiency 2021
designed the energy effective consensus node selection mechanism and used the VRF
to ensure the security of the leader.
The article proposed an efficient and fault-tolerant blockchain consensus transform
(BCT) mechanism for IoT. This scheme includes two consensus algorithms, namely,
Fu et al. [36] efficiency, fault tolerance 2021
Detectable RAFT (DRAFT) and Double-Layer Parallel BFT (DPBFT), aimed at
improving the efficiency and fault tolerance of the data sharing process.
The article introduced a two-layer blockchain-based framework to provide data
Fan et al. [40] integrity in edge computing, and proposed a novel Dynamic Random Byzantine Fault flexibility, efficiency 2021
Tolerance (DR-BFT) consensus algorithm.
We proposed an IoT adaptive dynamic blockchain networking method based on
discrete heartbeat signals. When more than 1/3 of the IoT nodes are offline, the
adaptive dynamic IoT blockchain network can maintain stable running. In addition, scalability, offline
This article -
our scheme has also been optimized in terms of the scalability of consensus nodes, tolerance, flexibility
which can alleviate the single point of failure caused by the previous dual-layer
architecture based on clustering algorithm.

it is able to achieve a correct decision as long as the number adopted in small networks [37], [42]. But this feature conflicts
of faulty nodes is fewer than 1/3 of the all participating with the massive terminal nodes in IoT applications [25]. In
nodes [32]. Faulty nodes may have malicious behavior such recent years, scholars have given some solutions for the scala-
as intentionally sending error messages or abstaining from bility and tolerability of PBFT in IoT-blockchain applications.
voting. In recent years, there have also been many studies on Li et al. [37] and Qushtom et al. [33] used the concept of
PBFT in IoT-blockchain applications [31]–[37]. Most of these hierarchical consensus to expand PBFT, which can reduce the
researches are aiming to improve the efficiency and scalability communication complexity between nodes and improve the
of PBFT. efficiency of consensus. Gan et al. [43], Xu et al. [44] and
Wang et al. [45] all use the K-medoids clustering algorithm
A. Related Works to improve the scalability of PBFT.
From the perspective of energy efficiency, Xu et al. [31]
The concept of consensus protocol has its roots in ad-
designed an efficient PBFT consensus protocol for energy
dressing the Byzantine Generals’ Problem [41], a theoretical
constrained IoT-blockchain applications. Feng et al. [46] pro-
scenario where a group of generals must coordinate their
posed designed a propagation-efficient protocol (NefSBFT),
actions to attack or retreat, but some may be traitors providing
which achieved fast propagation, low message complexity
conflicting information. With the advancement of technology,
and few resource consumption of travel hops and running
various consensus protocols emerge one after another. PBFT
nodes for complete protocol execution. Fu et al. [36] proposed
stands out among these protocols, addressing the Byzantine
an efficient and fault-tolerant blockchain consensus transform
Generals’ Problem by enhancing the efficiency of consensus.
(BCT) mechanism for IoT.
PBFT streamlines communication and reduces the required
Previous researches on PBFT usually assumed that nodes
validations, making it a robust choice for achieving agreement
are online for a long time and the network topology is static, so
in distributed networks. Its optimization contributes signif-
dynamic adjustment of nodes was not take into account. How-
icantly to the reliability and performance of decentralized
ever, with the continuous development of Internet technology,
technologies, showcasing a key advancement in the evolution
it has become a common demand for nodes to dynamically
of consensus protocols.
join or exit the system. Feng et al. [38] proposed a scalable
PBFT has a poor scalability and can only accommodate
and dynamic multi-agent hierarchical PBFT protocol (SDMA-
no more than 100 nodes in applications, thus it is typically

Authorized licensed use limited to: Indian Institute of Technology (ISM) Dhanbad. Downloaded on January 17,2024 at 11:16:44 UTC from IEEE Xplore. Restrictions apply.
© 2023 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Internet of Things Journal. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/JIOT.2023.3347232

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 3

PBFT). This protocol introduced the concept of agent node, PBFT is generally suitable for static network topologies, which
which facilitates the entry and exit operation of consensus may not be feasible for IoT. IoT is a dynamic network, where
nodes in the blockchain system. Xu et al. [39] described a nodes may frequently join or leave. For PBFT, if a node wants
dynamic PBFT consensus protocol that allows nodes to join or to join or leave, the entire system must be stopped [39]. This
leave the network dynamically without interrupting the system, seems an impractical approach for IoT scenarios.
and defined a mechanism for eliminating malicious nodes to
improve the robustness of the system. Hu et al. [26] proposed C. Our Contributions
an IoT adaptive dynamic blockchain networking method based
In IoT-blockchain applications, in order to solve the problem
on discrete heartbeat signals to detect node status, thereby
of system breakdown caused by over 1/3 offline nodes, we first
preventing system paralysis caused by more than 1/3 of the
propose a consensus protocol (TP-PBFT) which can tolerate
nodes offline during the consensus process. Fan et al. [40]
more than one-third of consensus nodes temporarily offline.
proposed a dynamic random Byzantine fault tolerance (DR-
Meanwhile, we design a threshold proxy signature scheme
BFT) consensus protocol to solve the join and exit problems
to cooperatively issue a proxy signature on behalf of the
of the consensus nodes in IoT-blockchain applications. They
offline signers and propose a “two-step clustering” method to
pointed out that terminal devices are not always online, and the
improve the scalability of the consensus algorithm. Our main
nodes are dynamic in nature with the nodes joining or leaving
contributions are as follows.
the blockchain network frequently so that some devices may
be disconnected from the network. In Table 1, we present the • We propose a hybrid clustering method of “two-step

comparison of existing works with the protocol proposed in clustering” to construct a double-layer architecture of
this article. PBFT, which can improve the scalability of the consen-
In summary, compared with the previous double-layer con- sus algorithm. Compared with the previous double-layer
sensus architecture, the architecture constructed by “two-step consensus architectures, this architecture can alleviate the
clustering” can alleviate single-fault case or cheating case to a single-fault case to a certain extent, and can also play a
certain extent. The protocol which was proposed by Hu et al. role of mutual supervision among the cluster centers of
[26] is a preventive work, and still cannot solve the problems the same cluster.
that more than 1/3 of the total consensus nodes offline during • We design a threshold proxy signature scheme to improve

the consensus process. To solve the offline-tolerant problem, the offline tolerance of PBFT. When more than 1/3 of
we use threshold proxy signature scheme to agent vote for the consensus nodes are offline, the proxy signers can
offline nodes. In addition, traditional PBFT can tolerate failure use the power of proxy signing to vote on behalf of the
of no more than 1/3 of consensus nodes, it does not have the offline nodes. After the offline nodes come back online,
function of detecting and clearing the fault nodes. Thus, we the system will automatically connect these nodes to the
introduce a reputation mechanism to purify the system. The network and let them continue to provide services.
reputation mechanism can exclude Byzantine nodes or inactive • Based on the “two-step clustering” and threshold proxy

nodes from the consensus group by scoring the behavior of signature scheme, we propose a scalable TP-PBFT con-
nodes. sensus protocol, which is suitable for IoT-blockchain
applications where nodes are unstable. We also introduce
a reputation mechanism to the system to evaluate the
B. Our Motivation
quality of nodes. The purpose of this is to gradually purify
Adopting PBFT in IoT-blockchain applications has the the system.
following three critical challenges. • We analyze and demonstrate the effectiveness and scala-
Scalability: The PBFT protocol relies on all-to-all in- bility of TP-PBFT mechanism. We also experimentally
ternode communications which result in the exponentially evaluate the tolerability of the TP-PBFT. The results
increasing message (O(n2 ) communication complexity among show that TP-PBFT can achieve consensus even when
n nodes). Thus, it scales poorly as the number of nodes the number of offline nodes more than 1/3.
increases, this is contrary to IoT networks which are expected In order to illustrate the practicality of the TP-PBFT, we
to involve numerous devices [31]. use the following example. A distributed energy measurement
Tolerability: In the traditional PBFT of blockchain, if and transaction blockchain network consisting of 1000 IoT
more than 1/3 of the consensus nodes go offline, the entire devices. These devices issue, circulate, exchange, and consume
system becomes paralyzed. But this situation is likely to energy tokens within the blockchain network [26]. However,
occur in IoT scenarios due to the failure of nodes and poor due to varying operating states and working hours of IoT de-
network connectivity [1]. This limitation significantly impacts vices controlled by terminals, the network becomes dynamic.
the security and stability of the IoT-blockchain applications Fluctuations arise from differing on/off times, and network
[26], [40]. disconnections may occur due to public network conditions.
Flexibility: Although PBFT has some advantages in terms This dynamic IoT network poses challenges, such as the
of computing power, complexity, and fault tolerance compared BFT consensus algorithm’s vulnerability to producing empty
with other consensus protocols in IoT-blockchain applications, blocks when IoT nodes go offline. If more than 1/3 of IoT
it has a fatal disadvantage of flexibility. Blockchain is designed nodes disconnect, the BFT consensus algorithm fails, causing
with the assumption of a stable network connection [47], while

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 4

shown here is that it does not respond to the requests of other

nodes.
Pre-prepare: The primary assigns a sequence number num
to the request, multicasts a pre-prepare message to all replicas,
and appends the message to its log.
Prepare: After receiving the pre-prepare message sent by
the primary, the backup verifies the message. If the verification
succeeds, the backup enters the prepare phase by multicasting
a prepare message to all other replicas and adds both messages
Fig. 1. PBFT consensus processing [30]. to its log. Otherwise, it does nothing.
Commit: A replica accepts prepare messages and adds
them to its log provided their signatures are correct. If the
a system paralysis and hindering the security and stability of replica receives 2f prepares that can be verified and come
applying blockchain in IoT applications. from different replicas, then it enters the commit phase by
The remainder of this paper is organized as follows. Sec- multicasting a commit messages to other replicas.
tion II introduces some preliminary knowledge, including Replicas accept commit messages and insert them in their
PBFT, clustering, threshold proxy signature and reputation logs, provided they are properly signed. When 2f +1 commits
mechanism. Section III shows the system model and security (including its own) are received, the replica returns a reply
model. Section IV introduces the overall scheme, which is message to the client.
described from four phases: clustering phase, threshold proxy The pre-prepare and prepare phases of the protocol guar-
authorization phase, consensus phase and reputation evaluation antee that non-faulty replicas agree on a total order for
phase. Section V describes the construction process of the the requests within a view. The commit phase ensures that
threshold proxy signature algorithm. Section VI presents the any request that commits locally at a non-faulty replica will
experiments that are conducted to evaluate and analyze our commit at f + 1 or more non-faulty replicas eventually.
proposed approach.
B. Clustering
II. PRELIMINARIES
Clustering is to assign samples with similar characteristics
Before elaborating on our scheme, we introduce some
to the same class, and assign different samples to different
preliminaries in this section, including PBFT, clustering and
classes. The evaluation standard of clustering is similarity,
threshold proxy signature.
which directly affects the result of clustering, so it is very
important to choose the appropriate similarity. In IoT net-
A. PBFT protocol works, the clustering samples are the terminal nodes, and
PBFT is a consensus protocol for distributed systems that the similarity is the physical distance between nodes. The
can tolerate no more than 1/3 of Byzantine faults. In other similarity between nodes decreases with increasing distance.
words, PBFT can guarantee that the states of non-Byzantine In this paper, we use K-Mediods [48] clustering algorithm to
nodes in the system are consistent when the number of Byzan- classify terminal nodes, and select a part of the nodes with the
tine nodes are less than 1/3 of the total number of consensus highest reputation as the cluster center. However, the clustering
nodes. In the PBFT consensus, the nodes are divided into method of K-Mediods determines that it is only suitable for
a primary and other backups (replicas). The PBFT consen- spherical data sets instead of non-spherical data sets. Since
sus protocol mainly consists of two protocols: distributed the area formed by the deployment of terminal nodes in IoT is
consensus and view change. When the primary is working not necessarily regular, this will lead to sub-optimal clustering
normally, PBFT completes the consensus through three steps, results (such as uneven distribution of sample density). In
pre-prepare, prepare and commit. When the primary node fails order to solve this problem, we introduce the concept of
to deal with the data request timely, other backups initiate view “multiple representative points describe a cluster” in the CURE
change protocol to elect a new primary. The flow of PBFT [49] when designing the double-layer consensus architecture.
mainly includes the following four steps.
• The client sends a request message to the primary. C. (t, n) Threshold Proxy Signature
• The primary broadcasts the request message to all repli-
There are two kinds of roles involved in threshold proxy
cas, and replicas execute the three-phase consensus pro- signature scheme: the original signer and proxy signer. The
cess of PBFT. original signer’s signing power is delegated to a group of n
• The replicas returns a reply message to the client after
proxy singers such that proxy signatures can be generated by
the three-phase process is complete. at least t (the threshold value) proxy signers cooperatively.
• When the client receives the same reply message from at
In order to better understand the concept of threshold proxy
least f + 1 nodes, the consensus is correctly completed. signature, we introduce a proxy signature scheme based on
PBFT contains three phases: pre-prepare, prepare and com- SM2, which was proposed by Guo el al. [50]. The scheme
mit. As shown in Fig. 1, replica 3 marked with a cross indicates mainly includes the following steps:
that the node may be faulty or a malicious node. The behavior

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 5

• PrivKeyGen(pp): The original signer A input pp as the Assuming that adversary Adv can attack at most t−1 proxy
public parameter and gets a key pair (dA , PA ) where dA signers, we define the following two types of adversaries:
is the private key and PA is the public key. • Eavesdropping adversary: the adversary can obtain the
• ProxyKeyGen(dA ): A authorizes the signing power to storage information of the proxy signers and eavesdrop
the proxy signers with the private key dA , and then on all broadcast messages.
interacts with the proxy signers to generate the proxy • Halting adversary: the adversary can control the proxy
signing key dB cooperatively. signers to stop sending messages at the beginning of each
• ProxySign(dB , m): The proxy signer uses the proxy round of communication.
signing key dB to sign the message m, and gets a We assume that the computing power of the adversary is under
signature s. of probabilistic polynomial Turing machine model, so it is
• VerifySign(PA ): The verifier can utilize the original
impossible to solve the discrete logarithm problem on the
signer’s public key PA to authenticate the validity of the elliptic curve.
proxy signature. In this work, the threshold proxy signature is applied to
Based on the proxy signature scheme, the original signer the voting process in the PBFT consensus, so its minimum
can authorize the signing power to n proxy signers, and sets threshold value t also needs to meet a condition: t = f + 1,
the threshold value as t, such that the threshold proxy signature where f is the tolerable Byzantine nodes in the system.
can be realized. The (t, n) threshold proxy signature scheme
should satisfy the following six requirements [51]: D. Reputation Mechanism
- Secrecy. The original signer’s private key cannot be
The reputation mechanism can objectively measure the
obtained from any information, such as the shares of
quality of a node through mutual supervision and evaluation
the proxy signing key, proxy signatures and so on.
among participants. The reputation mechanism [52]–[54] can
Particularly, even all proxy signers collude together, they
help us optimize the IoT-blockchain system. The reputation
cannot recover the original signer’s private key.
value of the node is used to measure whether the node is
- Proxy protection. Only the delegated proxy signer can
eligible to participate in the consensus, and the node whose
generate valid partial proxy signatures. Even the original
reputation does not meet the initial value will be cleared out
signer cannot masquerade as a proxy signer to create
of the system. The reputation value val range is (0, 1], and the
partial signatures.
initial val of each node is uniformly set to 0.5. The reputation
- Unforgeability. A valid proxy signature can only be
of a node is judged from four aspects: incomplete rate θ, evil
cooperatively generated by t or more proxy signers. This
rate ξ, activity rate φ and transaction magnitude factor ψ,
means that valid proxy signatures cannot be created by
respectively. Assume that the number of nodes in the system
t − 1 or less proxy signers, or any third parties who are
is n.
not designated as proxy signers.
- Nonrepudiation. Any valid proxy signature must be gen- 1) Incomplete rate: We use the symbol θi to represent
erated by t or more proxy signers. Therefore, proxy the incomplete rate. θi can be expressed as the ratio of
signers cannot deny that they have signed the message. In the number of times that the node i failed to complete
addition, the original signer cannot deny having delegated consensus (ωi ) to the total number of times Ω that node
the power of signing messages to the proxy signers. i participates in consensus, i.e., θi = ωi /Ω ∈ (0, 1], i ∈
- Time constraint. The proxy signing keys can be used only [1, 2, ..., n].
during the delegated period. Once they expire, the proxy 2) Evil rate : The evil rate is represented by ξi , ξi =
signatures generated by using those keys become invalid. νi /Ω ∈ (0, 1]. νi indicates the number of times that
- Known signers. For internal auditing purposes, the system node i sends an error message and reports it successfully.
is able to identify the actual signers of a given threshold Ω represents the total number of times that the node
proxy signature. participated in the consensus. The evil rate mainly
depends on whether a node sends messages honestly.
The security of the (t, n)-threshold proxy signature scheme
When a node sends an error message, other nodes will
includes unforgeability and robustness, which are defined as
report it, and the report can be counted into the system
follows.
until a consensus is reached.
Definition 1. (Unforgeability): Given public parameters,
3) Activity rate: The activity rate is represented by φi .
the adversary Adv can view the interactive execution and
The time period level of node i offline is recorded as
corrupt at most t − 1 proxy signers, in addition, Adv can
δi , the time period level of node i network latency is
also adaptively select messages m1 , ..., mk and query their
recorded as li , the time period level of node i joining
corresponding threshold proxy signatures for k times. The
the network is recorded as Ti . The node activity rate
probability that adversary Adv can successfully forge a thresh-
is: φi = (δi + li )/Ti ∈ (0, 1]. The activity rate mainly
old proxy signature for a new message m is negligible.
measures the activity performance of the node.
Definition 2. (Robustness): The scheme can still operate
4) Transaction magnitude factor: The transaction magni-
successfully even when adversary Adv can corrupt at most
tude factor is used to identify the historical transaction
t − 1 proxy signers.
processing capability of node i. Assuming that the
transaction magnitude processed by node i is denoted as

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 6

Di , and the elements in it are sorted from high to low

as d1 , d2 , ..., dj , and the transaction magnitude factor ψi
can be expressed as
(
j, j = dj ,
ψi =
j − 1, j > dj .
In the whole process of calculating the node reputation
value, the weight of each parameter is different. This work
focuses on the behavior evaluation of malicious nodes. There-
fore, when assigning the weights of the parameters, we give
the maximum weight to the incomplete rate and the evil rate.
Finally, the node’s activity rate and transaction magnitude
factor have the same weight in the reputation value calculation.
Based on the above content, the formula for calculating the
reputation value val of node i is as follows.
vali = 1 − (0.3θi + 0.3ξi + 0.2φi + 0.2ψi )
In order to improve the robustness of the node, a reputation
growth rate is also proposed when evaluating the reputation
value of the node. We define the reputation growth rate as R, Fig. 2. System model of TP-PBFT.
and R ∈ (0, 100%]. The reputation growth rate of a new nod
is initialized to 50%. The new growth rate of a node can be
calculated by the following formula: B. Security Model
" 1/(t−1) # We assume that IoT terminal devices may have two condi-
vali tions that affect the security in consensus process: offline and
R(t) = − 1 ∗ 100%,
vali,t Byzantine faults. Byzantine faults may have some malicious
where vali,t represents its reputation value in the previous behavior such as sending fault messages, refusing to send
t rounds. This formula calculates the average value of the and receive messages, etc. In our experiment, a node that
growth rate since the node joined the system. After getting the did not send a message within the specified time stamp
reputation value and reputation growth rate, we can sort them is also considered an offline node, so that our Byzantine
respectively, and then select the top-ranked nodes to participate failure includes nodes that send fault messages only. In the
in the consensus. IoT-blockchain scenarios, terminal nodes participate in the
consensus as consensus nodes. When the total number of
III. SYSTEM AND SECURITY MODELS consensus nodes is not less than 3f + 1, the traditional
PBFT consensus algorithm can tolerate f Byzantine failures.
A. System Model
However, in the IoT applications , a large number of nodes
In the IoT scenarios, terminal devices collect the informa- going offline will also adversely affect the security of the
tion of their area through sensors and act as nodes of the consensus. An adversary may compromise the security of
blockchain network to share the data. While terminal devices consensus by delaying non-faulty nodes or the communication
are not always online, and the nodes are dynamic in nature between them until they are tagged as faulty and excluded from
with the nodes joining or leaving the blockchain network the replica group. Meanwhile, If the number of offline nodes is
frequently so that some devices may be disconnected from more than 1/3 of total nodes, the normal nodes cannot receive
the network [55]. However, the system has been configured enough messages in the current consensus phase and cannot
accordingly at the beginning. If too many nodes are offline, enter the next consensus phase. When the consensus nodes is
the system security will be affected. Therefore, it is necessary in well condition, the two-layer consensus group of TP-PBFT
to optimize the offline condition of the nodes. Fig.2 shows the adopts PBFT consensus protocol, so the adversary model is
system model of our TP-PBFT mechanism. We use the cluster also consistent with PBFT. During system initialization, the
algorithm to divide the nodes into a double-layers structure. top-layer nodes delegate their signature rights to lower-layer
The lower-layer nodes can use the power of proxy signing to nodes, therefore, the system can continue when the number of
vote on behalf of the top-layer nodes which are offline. At the offline nodes in the top-layer consensus group is more than f .
same time, the number of times a node goes offline also has an
impact on the its reputation value. In our system, both lower- IV. TP-PBFT MECHANISM
layer and top-layer nodes adopt PBFT consensus respectively,
In IoT-blockchain applications, each terminal node i is as-
which can tolerate 1/3 Byzantine faults. When more than 1/3
signed an initial value vali when it registers in the blockchain
of the top-layer consensus nodes are offline, the threshold
network, which can be used to measure the quality of the node.
proxy signature algorithm is triggered. In addition, we use
cryptographic techniques to prevent spoofing and replays and
to detect corrupted messages.

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 7

A. Clustering
In IoT blockchain applications, massive terminal devices
pose challenges to the scalability of PBFT consensus. At Algorithm 1: Generating Proxy Key Algorithm (For
present, there are some improvement schemes for the scal- A)
ability of PBFT, and one of the more common methods is
Input: KB : the random number selected by B;
hierarchical consensus [37]. In some traditional double-layer
Output: (GA , GAB , sA,i ): authorization information;
architecture based on clustering algorithm, top-layer cluster is
1 A receives the GB = KB G sent by proxy group B;
composed of the cluster centers, so when the cluster center
2 if |GB | ≥ t then
goes offline or crashes, the whole cluster where the center is
3 A calculates GA = KA G;
located cannot upload the lower consensus data to the whole
4 GAB = (x1 , y1 ) = KA GB ;
network consensus.
5 rAB = x1 mod q;
In this work, we propose a “two-step clustering” method.
6 end
We use this approach to construct a double-layer architecture
7 if rAB == 0 then
composed of top-layer cluster and lower-layer cluster. The
8 return null;
clusters divided by this method have multiple cluster centers,
9 else
so we refer to multiple cluster centers in the same cluster −1
10 A calculates sA = KA rAB dA mod q;
as representative points. As shown in Fig. 2, a cluster is
11 if sA = 0 then
represented by two representative points (RP). All the rep-
12 return null;
resentative points form the top-layer cluster, and all the nodes
13 else
in the cluster form the lower-layer consensus group. The
14 A calculates sA,i , and sends (GA , GAB , sA,i )
“two-step clustering” can alleviate single-fault cases, and the
to Bi ;
representative points in the same cluster can play the role of
15 end
mutual supervision in the consensus.
16 end
In IoT-blockchain applications, we use “two step clustering”
to divide the terminal devices (nodes) into n1 clusters. The
detailed steps are as follows:
• We select n1 nodes with the highest reputation value to
serve as the cluster center.
• We use K-Mediods algorithm to perform initial cluster-
ing. All nodes (except cluster centers) choose to join
the cluster where the nearest cluster center is located. Algorithm 2: Generating Proxy Key Algorithm (For
The number of nodes in the lower-layer cluster can be B)
expressed as n2 , and n2 in different clusters may have Input: (GA , GAB , sA,i ): authorization information;
different value. Output: dB,i : proxy signing key;
• After the initial cluster is stable. We perform secondary 1 Bi receives (GA , GAB , sA,i ) from A, where
clustering to achieve the effect that λ cluster centers i = 1, 2..., n2 − 1;
describe one cluster. Taking the distance between clus- 2 if (GA , GAB , sA,i ) 6= null then
ter centers as a similar feature, cluster the two closest 3 Bi calculates GAB = (x2 , y2 ) = KB GA ;
clusters, and repeat the aggregation operation until the 4 end
0
representative points in the aggregated clusters are close 5 each Bi calculates rAB = x2 mod q, sA,i GA , and
to λ. sends sA,i GA to proxy signers Bj , j = 1, 2..., n2 − 1
and j 6= i;
B. Generating Proxy Key 6 if |sA,j GA | ≥ t then

After all nodes have completed clustering, the original 7 Bi uses the interpolation formula to get the result
signer A in the top-layer cluster will use the threshold proxy sA GA ;
8 end
authorization algorithm to delegate its signing rights to other 0
nodes in the lower-layer cluster. The nodes in the lower-layer 9 if sA GA = rAB PA then

cluster cluster can be described as B = {B1 , B2 , ..., Bn2 −1 }. 10 Bi accepts the agency;
The detailed process of threshold proxy signature algorithm 11 else

is shown in Section IV. The algorithm for generating the 12 Bi refuses to accept agency;
threshold proxy key is divided into two algorithm models 13 return null;
according to different operators. The original signer A corre- 14 end
0 −1
sponds to Algorithm 1 and the proxy group B corresponds to 15 Bi calculates dB,i = (ki + sA,i )KB mod q as its
Algorithm 2. A and B use a pseudorandom number generator own proxy key.
to generate pseudorandom number KA and KB , respectively.
KB is jointly generated by all proxy group members Bi .

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 8

1) Select primary: We use P to represent the node number

that serves as the primary in the top-layer consensus
group. The role of primary is taken by the nodes in
turn, where P = V /|n1 |, V is the view number. The
top-layer consensus is to reach a consensus on the data
m which is obtained by the lower-layer consensus where
the primary P is located. When the primary P initiates a
consensus, other representative points in the same cluster
Fig. 3. TP-PBFT consensus process in normal mode. will supervise and verify whether m is valid. After the
top-layer consensus is completed, the primary P will
upload m in blockchain and remove it from the local
C. TP-PBFT Consensus
cache.
After initial registration on the blockchain, the node will get 2) Pre-prepare: The primary assigns a sequence
an initial reputation value (val = 0.5). If vali ≥ 0.5, the node number num for this round of consensus
i is eligible to participate in the consensus. and broadcasts the message hhP RE −
TP-PBFT has two modes: normal mode and special mode, P REP ARE, V, num, d, clu, ts, oiσP , mi to the
where the special mode consists of five phases: pre-prepare, all backups, where V is the view number, d is m’s
prepare, commit, complain, threshold proxy signing. The com- digest, ts is the timestamp of consensus initiation, o
plain phase and threshold proxy signing phase usually occur is the operation that needs to be performed in this
together. When the time slice of this phase expires, nodes that consensus and clu represents the cluster number where
have not collected enough signing messages can invoke the the primary is located. The backup needs to verify
complain phase. Therefore, these two phases may occur after the following points to accept the received pre-prepare
the prepare and commit phases. message:
Lower-layer cluster in both modes performs PBFT con- • The signatures in the pre-prepare message are cor-
sensus protocol, and the number of nodes need to satisfy rect and d is the digest for m.
n2 ≥ 3f2 + 1, where f2 is the number of faulty nodes • It is in view V .
that the lower-layer consensus can tolerate. Nodes in lower- • It has not accepted a pre-prepate message for view
layer cluster collect data around themselves through the sensor. V and sequence number num containing a different
After the lower-layer consensus is completed, each node stores digest.
the digest of data locally. If the representative points act as • The sequence number num in the pre-prepare mes-
the primary during the top-layer consensus, the digest will sage is between a low water mark, h, and a high
be used as the consensus data of the top-layer consensus. water mark, H.
The system combine with reputation mechanism to realize
3) Prepare: If backup i accepts the pre-prepare mes-
automatic update of nodes, so when 1/3 nodes are offline, the
sage, it enters the prepare phase by muticasting a
lower-layer cluster only needs to update the consensus group
hP REP ARE, V, num, d, iiσi , i ∈ [1, 2, ..., n1 ] mas-
nodes. But at least f2 + 1 nodes in the original lower-layer
sage to all other replicas and adds both messages to
cluster must be reserved, otherwise we need re-cluster.
its log. Otherwise, it does nothing.
• Normal mode: Under the condition that the error node
4) Commit: When the replica i receives the prepare mes-
does not exceed 1/3, the number of nodes in the top-layer sage, it will define the predicate prepare message to be
consensus group needs to satisfy n1 ≥ 3f1 + 1, where f1 true or false. To be true, a message needs to satisfy
is the number of faulty nodes that the top-layer consensus that message has inserted in its log: the data m, a pre-
group can tolerate when performing PBFT consensus. prepare for m in view V with sequence number num,
The consensus process in normal mode is shown in Fig. and 2f prepares from different replicas that match the
3. pre-prepare. The replicas verify whether the prepares
• Special mode: When a node in the top-layer consensus
match the pre-prepare by checking that they have the
encounters a timeout in either prepare or commit phase, same view, sequence number, and digest.
it will invoke the complain and threshold proxy signature 5) Complain: In top-layer consensus, if replica i
phases in TP-PBFT. These two phases provide proxy does not receive enough messages within the
services for slow, crash, or offline nodes. valid time, it will broadcast a complain message
Next, we take the case of a node suddenly offline during hCOM P LAIN, V, num, d, clu, IAi , stateiσi and
the commit phase of the consensus process as an example, and restart its timer. IAi is a set of replicas’ ID that have
its corresponding consensus process is shown in Fig. 4. RPa, not sent message to replica i. State records the phase
RPb, RPc, and RPd are members of the top-layer consensus at which the node broadcast the complain message. As
group, while RPc and RPd are two representative points in the show in Fig. 4, replica3 is a fault node and replica1
same cluster. Replica2 is a fault node, and its behavior here suddenly goes offline during the prepare phase.
is not respond to requests from other nodes. The consensus 6) Threshold proxy signing: In top-layer consensus, if
process of TP-PBFT is as follows. the replica i receives a complaint message from at

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 9

Algorithm 3: Threshold Proxy Signature Generation

Algorithm
Input: dB,i : proxy signing key of Bi ;
M : the message that needs to be signed;
Output: s: refactored signatures of proxy signers;
1 M ← ZA ||M e ← H(M ) Bi performs t degree
Joint-RSS [56] and 2t degree Joint-ZSS [56], and the
Fig. 4. The top-layer consensus process in special mode.
share of sharing is βi , αi respectively Bi computes
γi = βi dB,i + αi and broadcasts it Bi records the
least f + 1 replicas, it will check the correctness broadcast γj (1 ≤ j ≤ n2 ), and restores γ = βdB the
and validity of the parameters V , num, d. If the interpolation formula Bi computes ci = γ −1 βi Bi
complaint message is correct, it combines all IAi performs 2t-order Joint-ZSS, and shares share µi Bi
and checks whether there are replicas in the same calculates τi GAB , and sends it to Bj (τi is a secret
cluster as itself. If so, replica i adds them into a share which generated by Bi ) if τj GAB ≥ t then
set pr and broadcasts a message hT HRESHOLD − 2 Bi computes τ GAB = (x3 , y3 ) Bi computes
P ROXY, V, num, d, clu, pr, stateiσ to its own cluster r = (e + x3 ) mod q if
to request proxy signing for pr. In lower-layer clus- r == 0||(rGAB + τ GAB ) == qGAB then
ter, after the node i in the cluster receives threshold- 3 go back to step 3
proxy message from the representative points, it verifies 4 else
whether the message is correct. If this message is valid, 5 continue
the proxy signers in lower-cluster will do proxy signing 6 end
for the offline representative points in pr respectively. 7 Bi computes si = ci (τi + r) + µi − r and
The verification conditions are as follows: broadcasts (r, si ) if |(r, sj )| ≥ 2t then
• Node i verifies that the signature of the threshold- 8 Bi computes s = (d−1 B (τ + r) − r) mod q
proxy message from representative point is correct. 9 end
• Node i has not accepted a threshold-proxy message 10 else

for V, num and state containing a different d. 11 waiting for timer to expire, proxy signing failed;
• Node i has not performed proxy signing for prj with 12 end

current V, num, state and d.

If the verification is passed, node i executes the proxy
signing for prj . The threshold proxy signing algorithm 0.2φi + 0.2ψi to calculate the new vali value of the node i. If
is shown in algorithm 3. The representative point uses the reputation value of the consensus node is lower than 0.5,
the interpolation formula to reconstruct the signature sj the nodes of the consensus group will be re-adjusted. If this
of prj from the received f + 1 signature fragments and happens in top-layer consensus, the cluster of node whose val
broadcasts it to other replicas in top-layer consensus. less than 0.5 will be scattered and re-clustered.
Nodes in the top-layer cluster are representative points If a consensus cannot be reached in lower-layer cluster, the
of the lower-layer cluster, so when a representative node system will collect the feedback data among nodes and invoke
goes offline, the signature signed by the proxy group has the reputation mechanism to update the val of members in the
the same permissions as the original signer’s signature. cluster, and remove the nodes whose val is lower than 0.5
After the replica who broadcasts the complain message from the consensus group. During the remove operation, new
receives no less than 2f −|prepare/commit messages| nodes or nodes with val greater than 0.5 will also be added to
reconstructed signatures from different nodes in IA, the the lower-layer consensus group.
consensus enters to the next consensus phase. When the
offline node reconnects, it can check the operation of the V. THRESHOLD PROXY SIGNATURE SCHEME
proxy group during the offline phase, and if the original This section introduces a new threshold proxy signature
signer has any doubts, it can broadcast a review request scheme based on SM2 (TP-SM2), we construct it based on
to revoke the proxy signature. [50], [56]. The scheme mainly includes four parts: system
initialization, the generation of threshold proxy signature, cor-
D. Reputation Evaluation rectness and verifiability of threshold proxy signing scheme,
security analysis of threshold proxy signing scheme. Mean-
After a round of consensus is completed, the reputation
while, Fig. 5 shows the general process of threshold proxy
mechanism will update the credit value val according to the
signature.
performance of the nodes during the consensus process.
The reputation mechanism evaluates the top-layer consensus
nodes according to four indicators including incomplete rate A. System Initialization
θi , evil rate ξi , activity rate φi and transaction magnitude Assume that the representative point is the original signer
factor ψi , and then uses the formula vali = 0.3θi + 0.3ξi + A, and B = {B1 , B2 , ..., Bn2 −1 } represents the proxy signing

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 10

group composed of the nodes in the cluster where A is located.

They set the same public parameters in advance, including
∗
p, q, E, G and the hash function H : {0, 1} → Zp∗ .
p is a large prime number, E is an elliptic curve defined
over a finite field Fp , G = (xG , yG ) is the base point
of order q on E. x||y represents the concatenation of a
string or bit string x and y. (dA , PA ) are a private-public
key pair of A, where PA = dA G. The IDA is used as
the distinguishable identity of the original signer A, and its
length is entlenA bits, and EN T LA is 2 bytes converted
from the integer entlenA . ZA contains the original signer’s
distinguishable identity, part of the elliptic curve system pa-
Fig. 5. The process of threshold proxy signature. In this figure, the number
rameters, and the original signer A’s public key hash value. of agent group nodes is 3, and the threshold value is 2.
ZA = H256 (EN T LA ||IDA ||a||b||xG ||yG ||xA ||yA ). M rep-
resents the message to be signed. M = ZA ||M , e = H M .
−1
A3: A calculates the formula sA = KA rAB dA mod q, if
B. The Generation of Threshold Proxy Signature sA = 0, return to step A1, otherwise the calculated sA as the
delegate key of the original signer to the proxy signer.
The generation of threshold proxy signature consists of
A4: A chooses a polynomial fA (x) with degree t − 1, and
four steps: proxy authorization, authorization verification and
computes fA (IDi ) = sA,i mod q,
threshold proxy key generation, (t, n) threshold proxy share
generation and signature verification. The detailed descriptions fA (x) = sA + a1 x + a2 x2 + ... + at−1 xt−1 mod q.
of those steps are as follows.
A5: A sends (GA , GAB , sA,i ) to Bi as proxy authorization
1) Proxy Authorization: In the authorization process, A
information.
needs to exchange information with B, and A generates
2) Authorization Verification and Threshold Proxy Key Gen-
authorization information according to the interaction infor-
eration: After receiving the authorization message, the mem-
mation. The specific process is as follows (B is the operation
bers of the proxy group will conduct joint verification to
of the proxy group member Bi , i ∈ [1, 2, ..., n2 − 1], the
confirm that the authorization information is indeed from the
corresponding steps from B1 to B17. A is the operation of the
original signer A. The specific process is as follows:
original signer A, the corresponding steps from A1 to A5, and
B3: Bi calculates another point on the elliptic curve GAB =
C is the operation of the signature verifier, the validator can
(x2 , y2 ) = KB GA .
be any node in the top-layer cluster,the corresponding steps 0
B4: Bi calculates the formulas rAB = x2 mod q and
from C1 to C4):
sA,i GA , and then sends the sA,i GA to Bj . After receiving
B1: Bi uses a pseudorandom number generator to generate
sA,i GA from at least t different Bi , Bj calculates the sA GA
a random number ki , and then selects a polynomial with
using the interpolation formula, if and only if sA GA =
degree t − 1, 0
rAB PA , the proxy group accepts the delegation.
fi (x) = ki + ai,1 x + ai,2 x2 + ... + ai,t−1 xt−1 mod q B5: Once Bi accepts the delegation, it will calculate dB,i =
0 −1
(ki + sA,i )KB mod q as its own proxy key, then the proxy
i = 1, 2, ..., n2 − 1 and ai,l ∈ Zp∗ (l = 1, 2, ..., t − 1) are −1
key of proxy group B is dB = (1 + sA KB ) mod q.
random numbers. Bi calculates fi (IDj ) and sends it to the
3) (t, n) Threshold Proxy Share Generation: Proxy group
corresponding Bj . After a while, Bi interpolates the fi (IDi )
B perform the following steps.
constructed by itself and the fj (IDi ) sent by other Bj to
0 B6: Set M = ZA ||M .
obtain ki . Finally, proxy signers can use any t secret shares
B7: Bi calculates e = H(M ).
to jointly generate a public random number KB ,
B8: The members of the proxy group execute t degree
2 −1
nX Joint-RSS and 2t degree Joint-ZSS, and the share of sharing
0
KB = ki , KB ∈ [1, q − 1]. is βi , αi respectively.
i=1 B9: Bi computes γi = βi dB,i + αi and broadcasts.
B2: Bi computes the point GB = KB G on the elliptic B10: Bi records the broadcast γj (1 ≤ j ≤ n2 ), and restores
curve and sends GB to the original signer A. γ = βdB the interpolation formula.
After A receives the same GB sent by at least t members B11: Bi computes ci = γ −1 βi , which is the share of d−1B .
of the proxy group, the following operation steps will be B12: Bi performs 2t degree Joint-ZSS, and shares fragment
performed. µi .
A1: A uses a random number generator to generate a B13: Bi generates secret fragment τi of random numbers
random number KA , where KA ∈ [1, q−1], and then calculates through distributed secret sharing, and calculates τi GAB ,
the point GA = KA G on the elliptic curve. meanwhile sends it to Bj .
A2: A calculates another point on the elliptic curve GAB = B14: After Bi receives at least t messages of τj GAB , it
(x1 , y1 ) = KA GB , and after obtaining x1 , A calculates rAB = uses the interpolation formula to obtain the result: τ GAB =
x1 mod q, if rAB = 0, return to step A1. (x3 , y3 ).

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 11

B15: Bi calcultes the result of r. If r = 0 or rGAB + Multiplying both sides of the equation by GAB , we have
τ GAB = qGAB , then go back to step B13, 0
τ GAB = (η(dB − 1) + s )GAB
r = (e + x3 ) mod q. −1
= (ηsA KB + s )GAB
0

0
B16: Bi calculates the signature si and broadcasts it, −1 −1
= (ηKA rAB dA KB + s )GAB
0
si = (ci (τi + r) + µi − r) mod q. = ηrAB dA G + s GAB
0
B17: Bi receives at least 2t participants Bj to broadcast its = ηrAB PA + s GAB .
signature (r, sj ), and obtains the signature result (r, s) through The above theorems proves that the scheme satisfies the ver-
the interpolation formula, ifiable property of proxy signature, and the verifier can directly
s = (d−1
B (τ + r) − r) mod q. use the public key of the original signer for verification.

4) Signature Verification: In order to verify whether the

0 0 D. Security Analysis of Threshold Proxy Signing Scheme
received digital signature (GAB , r , s ) is correct, the verifier
C should perform the following verification steps: This section discusses several possible attacks on the secu-
0
C1: C checks whether the formula r ∈ [1, q − 1] holds, if rity of the proposed scheme. The breakthrough of these attacks
not, the verification fails. mainly comes from two ways: 1) the unidirectionality of the
0
C2: C checks whether the formula s ∈ [1, q − 1] holds, if hash function, and 2) the difficulty of ECDLP.
not, the verification fails. Attack scenario 1: The original signer forged a valid
0 0
C3: Set M 0 = M ||ZA , M represents the message to be proxy signature.
0 0 0
verified, C calculates e = H(M 0 ) and η = (r + s ) mod q, From the formula s = (d−1 B (τ + r) − r) mod q, we can
if η = 0, the verification fails. know thatif the original signer A wants to successfully forge
C4: C calculates the points on the elliptic curve X = a valid proxy signature, it must meet one of the following two
0 0 0 0
(x3 , y3 ) = s GAB + ηrAB PA and R = (e + x3 ) mod q, conditions.
if and only if R = r, C accepts the signature, otherwise the • The original signer needs to know the value of the random
signature cannot pass the verification. number KB generated by the proxy team during the
−1
proxy authorization phase to obtain dB = 1 + sA KB
C. Correctness and Verifiability of Threshold Proxy Signing mod q. However, the random number KB itself is not
Scheme public, and even if GAB = KB GA is known, the value
of KB is difficult to determine.
After the threshold proxy signature scheme is constructed,
• Both τ and dB are generated by the proxy group through
The correctness and verifiability of The scheme is as follows.
distributed secret sharing. Therefore it is impossible to
1) Correctness of Threshold Proxy Delegated Authorization
obtain the correct proxy signature by selecting τ and dB
Verification:
with random numbers.
Theorem1: If the delegation certificate (GA , GAB , sA,i ) is
0 The analysis here shows that the original signer cannot forge
valid, then sA GA = rAB PA is established.
0 the proxy signature, that is, it satisfies the property of strong
Proof : First, we need to verify that rAB = rAB . From
unforgeability.
(x2 , y2 ) = KB GA = KB KA G = KA GB = (x1 , y1 ), we
0 Attack scenario 2: Malicious proxy signer i forges the
can get rAB = x2 mod q = x1 mod q = rAB . And due to 0 0
authorization certificate (GA , GAB , sA,i ) after receiving the
0
−1 −1 authorization certificate (GA , GAB , sA,i ) sent by A.
sA = KA rAB dA mod q = KA rAB dA mod q.
Assuming that the malicious proxy signer imperson-
We multiply both sides of the formula by G, then ates the original signer to create a delegation certificate
0 0
sA KA G = rAB dA G ⇒ sA GA = rAB PA , (GA , GAB , sA,i ), then it must obtain the correct sA to pass
the proxy verification phase. However, since the original signer
sA G was jointly recovered by proxy group B. This can prove does not disclose sA , each proxy signing member i can only
that B’s proxy authorization information (GA , GAB , sA,i ) to know its own part of sA,i . sA needs at least t members to
A can be verified. be reconstructed, so it cannot get the correct sA , and attack
2) Verifiability of Proxy Signatures: scenario 2 does not hold.
Theorem2: The scheme is verifiable, that is, the verifier can Attack scenario 3: The malicious proxy signer i forges
0 0
verify the validity of the proxy’s signature. the delegation certificate (GA , GAB , sA,i ) after receiving the
0 0 0
Proof : From s = (d−1 B (τ + r ) − r ) mod q, we can get delegation certificate (GA , GAB , sA,i ) of the original signer.
0
τ = (dB (s + r ) − r )
0 0
mod q In the threshold proxy signature scheme, the threshold value
0 is set to 2t + 1 = f + 1, so even if f malicious nodes jointly
= (dB η − r ) mod q forge signature fragments, the correct proxy signature cannot
0
= (η(dB − 1) + s ) mod q. be reconstructed. Therefore, attack scenario 3 does not hold.
Attack scenario 4: The attacker pretends to be a proxy
signer member, and interacts with the original signer and

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 12

other proxy signers during the proxy authorization process to (2) τˆ1 , τˆ2 , ..., τˆt are generated by Joint-RSS, so α̂i∗ =
generate proxy keys for man-in-the-middle attacks. τî GAB (1 ≤ i ≤ t) satisfies the uniform distribution,
The man-in-the-middle attack can be effectively prevented and the rest of α̂i∗ (t + 1 ≤ i ≤ n) is determined by
by means of a digital certificate generated by an authority on α̂i∗ (1 ≤ i ≤ t) and α̂. So α̂i∗ (t + 1 ≤ i ≤ n) has the
the public key of the original signer and the proxy. same probability distribution α̂i∗ (1 ≤ i ≤ t).
(3) As proved above, sî also satisfies the uniform random
E. Security Proof of Threshold Proxy Signature distribution on [1, q − 1], and is consistent with si =
dB,i (τi + r) + µi − r(1 ≤ i ≤ t), sî also satisfies this
We prove the security of the threshold proxy signature
equation.
scheme from two points of unforgeability and robustness.
According to literatures [56] and [57] , if the signature Combined with literature [57], it can be proved that the
scheme is unforgeable and the threshold proxy signing scheme threshold proxy signature scheme TP-SM2 is unforgeable.
is simulatable, then this threshold proxy signing scheme is Next we need to prove the robustness of the TP-SM2
unforgeable. Since the SM2 signature scheme itself is secure scheme.
and unforgeable, we only need to prove that the threshold For an eavesdropping attack with t members, if n ≥ 2t + 1,
proxy signing scheme proposed in this article is imitable. then the (t, n)-threshold proxy signing scheme is robust. For
Proof : The simulation process of the threshold proxy an halting attack with t members, if n ≥ 3t + 1, then (t, n)
signature scheme is shown in the SIM (simulation protocol). threshold signing scheme is robust.
The input parameters include the public key PA , the message Proof : According to the formula si = ci (τi + r) + µi − r,
M , and the signature (r, s). We assume that an adversary D since the polynomials sharing ci and τi are all of order t,
can control the front t participants (members of the proxy the polynomials sharing s are of order 2t, so at least 2t + 1
signing group), and conduct eavesdropping or halting attacks participants are required to restore the signature s through the
on them, and the rest of the participants are honest partici- interpolation formula. Therefore, for an halting attack with t
pants. Therefore, the shares that the adversary can control are members. It is necessary to ensure that n ≥ 3t+1 to complete
0 0 0
(dB,1 , dB,2 , ..., dB,t ). the signing process.
According to the above proofs, we can conclude that the
SIM TP-SM2 scheme is secure, that is, it has unforgeability and
Input: PA : public key of A, robustness. When n ≥ 2t + 1, it can resist the eavesdropping
M : the message that needs to be signed, attack on t members, when n ≥ 3t+1, it can resist the halting
(s, r): signature for M , attack of t members.
0 0 0
(dB,1 , dB,2 , ..., dB,t ): the key shares controlled by the ad-
versary D; VI. E XPERIMENT A NALYSIS
(1) Calculating the formula α̂ = sGAB + (r + s)rAB PA ; In this section, we conduct a comparative experiment on
(2) Honest participants jointly execute Joint-RSS, and the the improved PBFT and the traditional PBFT from the two
share µ̂i (1 ≤ i ≤ n). Since the SIM can hear the aspects of communication times and time consuming of single
shares of D, the SIM can get those values (SIM knows consensus process.
µˆ1 , µˆ2 , ..., µ̂t and µ̂ = 0);
(3) Honest participants jointly execute Joint-RSS, and D A. Threshold Proxy Signing Analysis
shares secrets τˆ1 , τˆ2 , ..., τˆt ;
(4) Set α̂i∗ = τî GAB (1 ≤ i ≤ n), and any set of α̂i∗ (no As shown in Table II, we performed 5 sets of tests on
less than t + 1) can restore α̂∗ . Broadcast α̂i∗ (t + 1 ≤ TP-SM2 and original SM2 signature, respectively. It is found
i ≤ n) to honest participants, then α̂∗ = (x1 , y1 ) that the original signature efficiency is not affected even if
can be recovered by interpolation formula, while r = the concept of threshold proxy is added to SM2 signature.
(H(ZA ||M ) + x1 ) (mod q); Since our experiments are simulated locally, the time of
0
(5) Calculate sî = dB,i (τî + r) + µ̂i − r(1 ≤ i ≤ t), and communication between signers and original signer is not
randomly select sî within the range of t + 1 ≤ i ≤ 2t. factored into the efficiency.
According to sî (t + 1 ≤ i ≤ 2t) and sˆ0 = s, the only
shared polynomial of order t can be determined, so TABLE II
EFFICIENCY OF TP-SM2 AND SM2
the rest of sî (2t + 1 ≤ i ≤ n) can be determined;
(6) Broadcast sî (2t + 1 ≤ i ≤ n) to honest participants; Algorithm Test 1 Test 2 Test 3 Test 4 Test 5 Average time

It can be seen from the SIM protocol that this variable is TP-SM2 0.12s 0.10s 0.11s 0.12s 0.10s 0.110s
SM2 0.11s 0.09s 0.12s 0.10s 0.11s 0.106s
consistent with the variable in TP-SM2. Next, we need to
prove that they have the same probability distribution.
(1) Because the secret sharing scheme of Shamir is
information-theoretic security, all shares have the same B. Communication Cost Analysis
probability distribution. Therefore, the distribution of PBFT is based on information exchange and needs to
µ̂i is consistent with µi , which is a uniform random consume communication resources, so communication over-
distribution on [1, q − 1]. head is a key index related to consensus efficiency. we can

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 13

TABLE III
C OMMUNICATION ANALYSIS OF PBFT AND TP-PBFT

TP-PBFT
PBFT
lower-layer consensus top-layer consensus

Pre-prepare N −1 Nλ − 1 k−1
k
Prepare (N − 1)2 ( Nkλ − 1)2 (k − 1)2
Commit N (N − 1) N λ ( N λ − 1) k(k − 1)
k k
Total 2N (N − 1) 2 Nkλ ( Nkλ − 1) + 2k(k − 1)

compare the communication times required by PBFT and

double-layer PBFT to reach a consensus to verify whether
Fig. 6. Comparison curve of PBFT and TP-PBFT communication times.
the improved consensus reduces the communication cost. The
communication times required by PBFT and double-layer
PBFT consensus processes are listed in Table III. •As the value of k increases, Z increases accordingly. This
Assume that N represents the number of nodes participating is due to the increase in the number of sub-clusters, re-
in the consensus. In the consensus process of PBFT, all nodes sulting in a decrease in the number of nodes in each sub-
need to broadcast in the whole network during the prepare and cluster. Double-PBFT effectively reduces communication
commit phases. In this case, the communication times required times required to reach consensus in a small range.
by each node is N − 1. Let the number of communications • When k increases to the extreme point, Z reaches its
required to complete a round of PBFT consensus be X, and maximum value and then begins to decrease. At this time,
the following equation can be obtained: the value of k is too large and there are too many sub-
X = 2N (N − 1) (1) clusters, communications times required for consensus
increases significantly.
As show in Fig. 3, we performed PBFT consensus within Although the value of k will affect the ratio of communi-
both lower-layer cluster and top-layer cluster, respectively. cation times, its overhead are still far less than PBFT on the
According to communication times required for the PBFT whole.
consensus process is 2N (N − 1), the following conclusions Cheng el al [58] proposed an improved PBFT based on K-
can be drawn: medoids (K-PBFT), which enhance the scalability of PBFT.
• If N nodes are divided into k sub-clusters, and a sub- They pointed out that the total communication cost of K-PBFT
cluster needs λ representative points to describe. Let the can be calculated by formula 2 N N N
k ( k −1)+2k(k−1)+k( k −1).
number of nodes in each sub-cluster equals to (N λ)/k. By comparing it with our propose double-layer consensus in
The communication times of lower-layer consensus is W . normal model, we can see the comparison result from Fig.
Nλ Nλ 7. We set N = 1000, and the values of k are 1, 20, 40, 60,
W =2( − 1) (2) 80, 100 respectively. When k = 1, it means the number of
k k
communication at this time is same with PBFT. In order to
• Following on from above, the total number of top-layer
ensure that the clusters in TP-PBFT are incremental, we set
consensus is k. The communication times of top-layer
the value of λ = 4, thus obtaining the result graph shown in
consensus equals to k(k −1). So the total communication
Fig. 7, the result shows that the communication costs of K-
times of our double-layer PBFT consensus is Y .
PBFT and TP-PBFT are very similar. Meanwhile, the structure
Nλ Nλ of TP-PBFT can alleviate the single-fault case of K-PBFT.
Y =2 ( − 1) + 2k(k − 1) (3)
k k
Z represents the ratio of communication times of the two C. Consensus Latency Analysis
consensus. Through equations (1) and (4), we can conclude
At the beginning of the TP-PBFT experiment, we gener-
that:
N (N − 1) ate1000 nodes, which are divided into 10 lower-layer clusters,
Z = Nλ Nλ (4) and each clusters contains 100 replicas (every lower-layer
k ( k − 1) + k(k − 1)
cluster has 20 representative points). The experiment does not
We set the value of λ as 20, because the number of take into account the processing time of a single node after
representative points greater than 10, the cluster algorithm receiving information, nor factors such as resource utiliza-
always found right clusters [49]. At the same time, since the tion, CPU processing speed, disk read/write speed, network
value of λ is 20, k cannot be less than λ and N cannot be less congestion, etc. Additionally, we assume that all messages
than k, so our k and N both start from 20. The comparison are received and sent in parallel on the single node at the
curve of communication times between PBFT and double- same time. The result we obtain is the time taken for a single
layer PBFT protocols is shown in Fig. 6. We can draw two consensus process from start to finish. To ensure the accuracy
conclusions: of the experiment, we excluded the effect of the network
environment in our experiment, and ran all consensus nodes on

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 14

Fig. 7. Comparison of communication times between K-PBFT and TP-PBFT. Fig. 8. Comparison diagram of consensus delay.

the same host. We use Go to simulate the underlying physical optimize the flexibility and scalability of PBFT, there are
network conditions. The server equippe with an Intel AMD differences. Flexibility refers to the ability of consensus nodes
Ryzen 5 PRO 3500 CPU, running at a frequency of 2.10GHz, to dynamically join or exit the system without affecting the
and runs Ubuntu 20.04.2LTS. Go 1.17.1 was used for the operation of the system itself. The last two proposals have
experiment. The simularion parameters of TP-PBFT consensus implemented flexibility in the consensus process. However,
experiment are as show in Table IV. TP-PBFT not only enables dynamic consensus, but also allows
consensus nodes to join and exit dynamically during the
TABLE IV consensus process. We have carefully introduced DR-PBFT
SIMULATION PARAMETERS and literature [26] in Table I, so we have omitted the details.

Parameter Values TABLE V

COMPARE WITH OTHER SCHEMES
Number of nodes 1000
Number of clusters 10
Scheme Flexibility Tolerability Scalability Single fault
Number of representative nodes per cluster 20
Number of lower-layer nodes 100 PBFT [30] × × × -
Number of top-layer nodes 200 K-PBFT [58] × × X ×
Fault tolerance of lower-layer nodes 33 SDMA-PBFT [38] X × X ×
Fault tolerance of top-layer nodes 66 DR-BFT [40] X × X X
View change timeout 700ms Dynamic PBFT [39] X × X -
Pre-prepare message timeout 100ms The literature [26] X × × -
Prepare message timeout 100ms Our scheme X X X X
Commit message timeout 100ms
We conducted 10 independent comparative experiments
In order to evaluate the scalability, efficiency and offline (ignoring the polling process of the lower-cluster consensus) to
tolerability of our scheme, we conducted a set of comparison compare and evaluate the consensus overhead of the three con-
experiments, in which the control group was PBFT and K- sensus algorithms (including PBFT, K-PBFT and TP-PBFT.
PBFT. K-PBFT is a double-layer PBFT consensus algorithm K-PBFT is a two-layer consensus constructed based on K-
constructed based on K-Mediods. From Table V, we can Mediods). The experimental results are shown in Fig. 8. After
clearly see some differences between our scheme andother replacing the Message Authentication Code (MAC) in the
advanced solutions. tolerability refers to the tolerance of the voting process with the threshold proxy signature algorithm,
system for temporary offline nodes, which distinguishes from the consensus delay of TP-PBFT is larger than that of K-PBFT,
the Byzantine faults. Compared with PBFT, our scheme has but it is still within a tolerable range.
a tolerance for offline nodes in the IoT-blockchain appli- In the TP-PBFT consensus experiment, to verify whether
cations, and also uses a double-layer structure to optimize consensus can be successfully completed when the number of
the scalability of the consensus. Compared with the K-PBFT offline nodes exceeds 1/3 of the total number of consensus
scheme, we have considered the temporary offline status of node. We used K-PBFT which has the same structure with
nodes, and we have also considered the single-fault case of our scheme as a control experiment. In this experiment, we
double-layer structure. We compare our proposal with SDMA- assume that the nodes do not have Byzantine faults. The
PBFT and Dynamic PBFT [39]. Although all three proposals experimental results are shown in Fig. 9, where the abscissa

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 15

[7] X. Wang, P. Zeng, N. Patterson, F. Jiang, and R. Doss, “An improved

authentication scheme for internet of vehicles based on blockchain
technology,” IEEE access, vol. 7, pp. 45 061–45 072, 2019.
[8] M. Liu, F. R. Yu, Y. Teng, V. C. Leung, and M. Song, “Performance
optimization for blockchain-enabled industrial internet of things (iiot)
systems: A deep reinforcement learning approach,” IEEE Transactions
on Industrial Informatics, vol. 15, no. 6, pp. 3559–3570, 2019.
[9] S. Zhao, S. Li, and Y. Yao, “Blockchain enabled industrial internet
of things technology,” IEEE Transactions on Computational Social
Systems, vol. 6, no. 6, pp. 1442–1453, 2019.
[10] K.-K. R. Choo, Z. Yan, and W. Meng, “Blockchain in industrial iot
applications: Security and privacy advances, challenges, and opportuni-
ties,” IEEE Transactions on Industrial Informatics, vol. 16, no. 6, pp.
4119–4121, 2020.
[11] C. Li, H. Yang, B. Bao, Z. Sun, S. Dong, and J. Zhang, “A secure device
access based on blockchain for iot in smart city,” in 2021 International
Wireless Communications and Mobile Computing (IWCMC), 2021, pp.
1172–1174.
[12] M. J. Islam, A. Rahman, S. Kabir, M. R. Karim, U. K. Acharjee, M. K.
Nasir, S. S. Band, M. Sookhak, and S. Wu, “Blockchain-sdn-based
energy-aware and distributed secure architecture for iot in smart cities,”
IEEE Internet of Things Journal, vol. 9, no. 5, pp. 3850–3864, 2022.
[13] T. RajaRajeswari, P. Chinnasamy, K. Pushparani, N. Thulasichitra,
N. Rani, and T. Sivaprakasam, “Iot based smart gardening for smart
Fig. 9. Comparison diagram of offline tolerability. cities using blockchain technology,” in 2022 International Conference
on Computer Communication and Informatics (ICCCI), 2022, pp. 1–3.
[14] P. Kumar, R. Kumar, G. Srivastava, G. P. Gupta, R. Tripathi, T. R.
Gadekallu, and N. N. Xiong, “Ppsf: A privacy-preserving and secure
represents the number of offline nodes, and the total number framework using blockchain-based machine-learning for iot-driven smart
of top-layer nodes is 200. When the number of offline nodes cities,” IEEE Transactions on Network Science and Engineering, vol. 8,
no. 3, pp. 2326–2341, 2021.
approaches 1/3 (that is 60), we find that K-PBFT has been [15] M. A. Rahman, K. Abualsaud, S. Barnes, M. Rashid, and S. M.
unable to complete consensus within the specified time. But Abdullah, “A natural user interface and blockchain-based in-home smart
our scheme can successfully complete the consensus which health monitoring system,” in 2020 IEEE International Conference on
Informatics, IoT, and Enabling Technologies (ICIoT), 2020, pp. 262–
verified that our scheme can continue to ensure the completion 266.
of consensus when more than 1/3 nodes are offline. [16] R. F. Ali, A. Muneer, P. Dominic, and S. M. Taib, “Hyperledger fabric
framework with 5g network for blockchain-based security of iot smart
home applications,” in 2021 International Conference on Decision Aid
VII. C ONCLUSION Sciences and Application (DASA), 2021, pp. 1109–1114.
In this work, a scalable threshold proxy signature-based [17] H. F. Al-Turkistani and N. K. AlSa’awi, “Poster: Combination of
blockchains to secure smart home internet of things,” in 2020 First
PBFT (TP-PBFT) is proposed for the scalability and toler- International Conference of Smart Systems and Emerging Technologies
ability of consensus protocol in IoT-blockchain applications. (SMARTTECH), 2020, pp. 261–262.
Our contributions include the design of a hybrid clustering [18] G. Gunanidhi and R. Krishnaveni, “Improved security blockchain for
iot based healthcare monitoring system,” in 2022 Second International
method “two-step clustering” and a novel TP-PBFT consensus Conference on Artificial Intelligence and Smart Energy (ICAIS), 2022,
protocol, they can improve the scalability and offline tolerance pp. 1244–1247.
during terminal nodes consensus. We also introduced a reputa- [19] J. Ren, J. Li, H. Liu, and T. Qin, “Task offloading strategy with
emergency handling and blockchain security in sdn-empowered and fog-
tion mechanism in the system to evaluate the quality of nodes assisted healthcare iot,” Tsinghua Science and Technology, vol. 27, no. 4,
and gradually purify the network. pp. 760–776, 2022.
[20] A. Yogeshwar and S. Kamalakkannan, “Healthcare domain in iot with
blockchain based security- a researcher’s perspectives,” in 2021 5th
R EFERENCES International Conference on Intelligent Computing and Control Systems
(ICICCS), 2021, pp. 1–9.
[1] A. Al Sadawi, M. S. Hassan, and M. Ndiaye, “A survey on the
[21] J. Zhang, Y. Yang, X. Liu, and J. Ma, “An efficient blockchain-
integration of blockchain with iot to enhance performance and eliminate
based hierarchical data sharing for healthcare internet of things,” IEEE
challenges,” IEEE Access, vol. 9, pp. 54 478–54 497, 2021.
Transactions on Industrial Informatics, 2022.
[2] S. Saxena, B. Bhushan, and M. A. Ahad, “Blockchain based solutions to
[22] M. Kamruzzaman, B. Yan, M. N. I. Sarker, O. Alruwaili, M. Wu, and
secure iot: Background, integration trends and a way forward,” Journal
I. Alrashdi, “Blockchain and fog computing in iot-driven healthcare
of Network and Computer Applications, vol. 181, p. 103050, 2021.
services for smart cities,” Journal of Healthcare Engineering, vol. 2022,
[3] M. U. Hassan, M. H. Rehmani, and J. Chen, “Privacy preservation in
2022.
blockchain based iot systems: Integration issues, prospects, challenges,
[23] A. Tchagna Kouanou, C. Tchito Tchapga, M. Sone Ekonde, V. Monthe,
and future research directions,” Future Generation Computer Systems,
B. A. Mezatio, J. Manga, G. R. Simo, and Y. Muhozam, “Securing data
vol. 97, pp. 512–529, 2019.
in an internet of things network using blockchain technology: smart
[4] M. S. Ali, M. Vecchio, M. Pincheira, K. Dolui, F. Antonelli, and
home case,” SN Computer Science, vol. 3, no. 2, p. 167, 2022.
M. H. Rehmani, “Applications of blockchains in the internet of things:
[24] M. A. Ferrag, M. Derdour, M. Mukherjee, A. Derhab, L. Maglaras, and
A comprehensive survey,” IEEE Communications Surveys Tutorials,
H. Janicke, “Blockchain technologies for the internet of things: Research
vol. 21, no. 2, pp. 1676–1717, 2019.
issues and challenges,” IEEE Internet of Things Journal, vol. 6, no. 2,
[5] T. Jiang, H. Fang, and H. Wang, “Blockchain-based internet of vehi-
pp. 2188–2204, 2019.
cles: Distributed network architecture and performance analysis,” IEEE
[25] S. Dhar, A. Khare, and R. Singh, “Advanced security model for
Internet of Things Journal, vol. 6, no. 3, pp. 4640–4649, 2018.
multimedia data sharing in internet of things,” Transactions on Emerging
[6] G. Xu, H. Bai, J. Xing, T. Luo, N. N. Xiong, X. Cheng, S. Liu, and
Telecommunications Technologies, p. e4621, 2022.
X. Zheng, “Sg-pbft: A secure and highly efficient distributed blockchain
[26] X. Hu, Y. Zheng, Y. Su, and R. Guo, “Iot adaptive dynamic blockchain
pbft consensus algorithm for intelligent internet of vehicles,” Journal of
networking method based on discrete heartbeat signals,” Sensors, vol. 20,
Parallel and Distributed Computing, vol. 164, pp. 1–11, 2022.
no. 22, p. 6503, 2020.

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 16

[27] M. Saad, J. Spaulding, L. Njilla, C. Kamhoua, S. Shetty, D. Nyang, and [49] S. Guha, R. Rastogi, and K. Shim, “Cure: An efficient clustering
D. Mohaisen, “Exploring the attack surface of blockchain: A compre- algorithm for large databases,” ACM Sigmod record, vol. 27, no. 2, pp.
hensive survey,” IEEE Communications Surveys Tutorials, vol. 22, no. 3, 73–84, 1998.
pp. 1977–2008, 2020. [50] Q. Guo, D. Zhang, L. chang, X. Liu, and J. Song, “Design and
[28] M. Xu, C. Liu, Y. Zou, F. Zhao, J. Yu, and X. Cheng, “wchain: A implementation of proxy-protected proxy signature based on sm2,”
fast fault-tolerant blockchain protocol for multihop wireless networks,” Journal of Network and Information Security, vol. 3, no. 9, p. 47, 2017.
IEEE Transactions on Wireless Communications, vol. 20, no. 10, pp. [51] M. S. Hwang, E. Jui-Lin Lu, and I. C. Lin, “A practical (t, n)
6915–6926, 2021. threshold proxy signature scheme based on the rsa cryptosystem,” IEEE
[29] E. A. Shammar, A. T. Zahary, and A. A. Al-Shargabi, “A survey of iot Transactions on Knowledge and Data Engineering, vol. 15, no. 6, pp.
and blockchain integration: Security perspective,” IEEE Access, vol. 9, p.1552–1560, 2003.
pp. 156 114–156 150, 2021. [52] X. Yuan, F. Luo, M. Z. Haider, Z. Chen, and Y. Li, “Efficient byzantine
[30] M. Castro, B. Liskov et al., “Practical byzantine fault tolerance,” in consensus mechanism based on reputation in iot blockchain,” Wireless
OsDI, vol. 99, no. 1999, 1999, pp. 173–186. Communications and Mobile Computing, vol. 2021, 2021.
[31] X. Xu, G. Sun, and H. Yu, “An efficient blockchain pbft consensus [53] J. Zhang, Y. Cheng, X. Deng, B. Wang, J. Xie, Y. Yang, and M. Zhang,
protocol in energy constrained iot applications,” in 2021 International “A reputation-based mechanism for transaction processing in blockchain
Conference on UK-China Emerging Technologies (UCET), 2021, pp. systems,” IEEE Transactions on Computers, pp. 1–1, 2021.
152–157. [54] M. Wang, G. Wang, Y. Zhang, and Z. Li, “A high-reliability multi-
[32] H. Qushtom, J. Mišić, and V. B. Mišić, “Multiple leader pbft based faceted reputation evaluation mechanism for online services,” IEEE
blockchain architecture for iot domains: Invited paper,” in 2021 Transactions on Services Computing, vol. 12, no. 6, pp. 836–850, 2019.
IEEE Canadian Conference on Electrical and Computer Engineering [55] M. Mukherjee, R. Matam, L. Shu, L. Maglaras, M. A. Ferrag, N. Choud-
(CCECE), 2021, pp. 1–6. hury, and V. Kumar, “Security and privacy in fog computing: Chal-
[33] H. Qushtom, J. Mišić, X. Chang, and V. B. Mišić, “A scalable two-tier lenges,” IEEE Access, vol. 5, pp. 19 293–19 304, 2017.
pbft consensus for blockchain-based iot data recording,” in ICC 2021 - [56] M. Shang, Y. Ma, J. Lin, and J. Jing, “A threshold scheme for sm2 el-
IEEE International Conference on Communications, 2021, pp. 1–6. liptic curve cryptographic algorithm,” Journal of Cryptologic Research,
[34] L. Lao, X. Dai, B. Xiao, and S. Guo, “G-pbft: A location-based and vol. 1, no. 2, pp. 155–166, 2014.
scalable consensus protocol for iot-blockchain applications,” in 2020 [57] S. Goldwasser, S. Micali, and R. L. Rivest, “A digital signature scheme
IEEE International Parallel and Distributed Processing Symposium secure against adaptive chosen-message attacks,” SIAM Journal on
(IPDPS), 2020, pp. 664–673. Computing, vol. 17, no. 2, pp. 281–308, 1988.
[35] V. B. Mišić, J. Mišić, and X. Chang, “Coping with smartly malicious [58] L. Chenzh, “Improved pbft consensus mechanism based on k-medoids,”
leaders: Pbft with arbitration for blockchain-based iot applications,” in ComputerScience, vol. 46, no. 12, p. 101G107, 2019.
2021 IEEE Global Communications Conference (GLOBECOM), 2021,
pp. 1–6.
[36] J. Fu, L. Zhang, L. Wang, and F. Li, “Bct: An efficient and fault tolerance
blockchain consensus transform mechanism for iot,” IEEE Internet of
Things Journal, pp. 1–1, 2021.
[37] W. Li, C. Feng, L. Zhang, H. Xu, B. Cao, and M. A. Imran, “A
scalable multi-layer pbft consensus for blockchain,” IEEE Transactions
on Parallel and Distributed Systems, vol. 32, no. 5, pp. 1146–1160,
2020.
[38] L. Feng, H. Zhang, Y. Chen, and L. Lou, “Scalable dynamic multi-agent
practical byzantine fault-tolerant consensus in permissioned blockchain,” Fei Tang received his Ph.D from the Institute
Applied Sciences, vol. 8, no. 10, p. 1919, 2018. of Information Enginneering of Chinese Academy
[39] X. Hao, L. Yu, L. Zhiqiang, L. Zhen, and G. Dawu, “Dynamic practical of Sciences in 2015. He is currently an associate
byzantine fault tolerance,” in 2018 IEEE conference on communications professor of the Chongqing University of Posts
and network security (CNS). IEEE, 2018, pp. 1–8. and Telecommunications. His research interests are
[40] Y. Fan, H. Wu, and H.-Y. Paik, “Dr-bft: A consensus algorithm for blockchain, public key cryptography and privacy
blockchain-based multi-layer data integrity framework in dynamic edge preserving computation.
computing system,” Future Generation Computer Systems, vol. 124, pp.
33–48, 2021.
[41] L. Lamport, R. Shostak, and M. Pease, “The byzantine generals prob-
lem,” in Concurrency: the Works of Leslie Lamport, 2019, pp. 203–226.
[42] H. Sukhwani, J. M. Martinez, X. Chang, K. S. Trivedi, and A. Rindos,
“Performance modeling of pbft consensus process for permissioned
blockchain network (hyperledger fabric),” in 2017 IEEE 36th Symposium
on Reliable Distributed Systems (SRDS), 2017.
[43] B. Gan, Q. Wu, X. Li, and Y. Zhou, “Classification of blockchain
consensus mechanisms based on pbft algorithm,” in 2021 International
Conference on Computer Engineering and Application (ICCEA). IEEE,
2021, pp. 26–29.
[44] X. Xu, J. Gu, H. Yan, W. Liu, L. Qi, and X. Zhou, “Reputation-aware
supplier assessment for blockchain-enabled supply chain in industry
4.0,” IEEE Transactions on Industrial Informatics, 2022. Tingxian Xu is purchasing the master degree in
[45] J. WANG and Q. LI, “Improved practical byzantine fault tolerance electronic information with School of Computer
consensus algorithm based on raft algorithm,” Journal of Computer Science and Technology, Chongqing University of
Applications, vol. 43, no. 1, p. 122, 2023. Posts and Telecommunications, Chongqing, China.
[46] X. Feng, J. Ma, Y. Miao, X. Liu, and K.-K. R. Choo, “Social her research interests include blockchain, cryptogra-
characteristic-based propagation-efficient pbft protocol to broadcast in phy and consensus algorithms.
unstructured overlay networks,” IEEE Transactions on Dependable and
Secure Computing, vol. 19, no. 6, pp. 3621–3639, 2021.
[47] F. Knirsch, A. Unterweger, and D. Engel, “Implementing a blockchain
from scratch: why, how, and what we learned,” EURASIP Journal on
Information Security, vol. 2019, pp. 1–14, 2019.
[48] V. Pattabiraman, R. Parvathi, R. Nedunchezian, and S. Palaniammal, “A
novel spatial clustering with obstacles and facilitators constraint based
on edge detection and k-medoids,” in 2009 International conference on
computer technology and development, vol. 1. IEEE, 2009, pp. 402–
406.

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 17

Jinlan Peng is purchasing the master degree in

electronic information with School of Computer
Science and Technology, Chongqing University of
Posts and Telecommunications, Chongqing, China.
Her current research interests include blockchain,
cryptography and consensus algorithms for Consor-
tium Blockchain.

Ning Gan is purchasing the master degree in cy-

berspace security with School of Cyber Security
and Information Law, Chongqing University of Posts
and Telecommunications, Chongqing, China. Her
current research interests include blockchain, public
key cryptography.

MCQ On Management Information System Ans PDF
90% (10)
MCQ On Management Information System Ans PDF
20 pages
Mathematics Questions and Answers Wassce 2017
No ratings yet
Mathematics Questions and Answers Wassce 2017
23 pages
S2000 Ddec Iv 170708
100% (4)
S2000 Ddec Iv 170708
95 pages
Arithmetic Progression Worksheet
100% (2)
Arithmetic Progression Worksheet
5 pages
BlockChain For IoT Security and Manageme
100% (1)
BlockChain For IoT Security and Manageme
9 pages
Digital Video Guidebook
100% (2)
Digital Video Guidebook
18 pages
TS DRA 2022 en Create Drawings
No ratings yet
TS DRA 2022 en Create Drawings
1,070 pages
Hybrid-Iot: Hybrid Blockchain Architecture For Internet of Things - Pow Sub-Blockchains
No ratings yet
Hybrid-Iot: Hybrid Blockchain Architecture For Internet of Things - Pow Sub-Blockchains
10 pages
Honeywell Ceiling Speaker 2015
No ratings yet
Honeywell Ceiling Speaker 2015
2 pages
Applications of Blockchains in The Internet of Things: A Comprehensive Survey
No ratings yet
Applications of Blockchains in The Internet of Things: A Comprehensive Survey
42 pages
Literature Review
0% (1)
Literature Review
4 pages
Windows 7 Developer Guide v1.5
No ratings yet
Windows 7 Developer Guide v1.5
46 pages
Electronics 12 03618 v4
No ratings yet
Electronics 12 03618 v4
25 pages
Power World Simulator
No ratings yet
Power World Simulator
10 pages
Formation of Bus Admittance and Impedance Matrices and Solution of Networks Date: Expt No: Aim
No ratings yet
Formation of Bus Admittance and Impedance Matrices and Solution of Networks Date: Expt No: Aim
6 pages
Blockchain For Internet of Things A Surv PDF
No ratings yet
Blockchain For Internet of Things A Surv PDF
19 pages
1 s2.0 S2096720921000014 Main
No ratings yet
1 s2.0 S2096720921000014 Main
49 pages
Internet of Things IoT Security With Blockchain Technology A State-Of-The-Art Review - Read
No ratings yet
Internet of Things IoT Security With Blockchain Technology A State-Of-The-Art Review - Read
17 pages
CF-AX3mk2 Win8.1 64bit English DriverInstallationGuide
No ratings yet
CF-AX3mk2 Win8.1 64bit English DriverInstallationGuide
3 pages
Interfacing of Flame Sensor With Arduino
No ratings yet
Interfacing of Flame Sensor With Arduino
14 pages
Sensors 23 00788 v2
No ratings yet
Sensors 23 00788 v2
43 pages
Blockchain of Things (Bcot) : The Fusion of Blockchain and Iot Technologies
No ratings yet
Blockchain of Things (Bcot) : The Fusion of Blockchain and Iot Technologies
32 pages
Yahoui Soheib Seif Green Iot
No ratings yet
Yahoui Soheib Seif Green Iot
8 pages
A Study On Smart Healthcare Monitoring Using IoT Based On Blockchain
No ratings yet
A Study On Smart Healthcare Monitoring Using IoT Based On Blockchain
9 pages
Toward Trusted IoT by General Proof-of-Work
No ratings yet
Toward Trusted IoT by General Proof-of-Work
33 pages
MPM1D Unit 2 Lesson 9 Zero and Negative Exponent 1vysndd
No ratings yet
MPM1D Unit 2 Lesson 9 Zero and Negative Exponent 1vysndd
2 pages
SATA Drivers For XP (Solution On 0x0000007B BSOD) - HP Support Forum
No ratings yet
SATA Drivers For XP (Solution On 0x0000007B BSOD) - HP Support Forum
8 pages
Design and Implementation of An Integrated IoT Blockchain Platform For Sensing Data Integrity
No ratings yet
Design and Implementation of An Integrated IoT Blockchain Platform For Sensing Data Integrity
26 pages
Blockchain Sharding Strategy For Collaborative Computing Internet of Things Combining Dynamic Clustering and Deep Reinforcement Learning
No ratings yet
Blockchain Sharding Strategy For Collaborative Computing Internet of Things Combining Dynamic Clustering and Deep Reinforcement Learning
6 pages
Beta Function - Wikipedia
No ratings yet
Beta Function - Wikipedia
5 pages
Blockchains in Iot
No ratings yet
Blockchains in Iot
42 pages
Blockchain Based Solutions To Secure IoT
No ratings yet
Blockchain Based Solutions To Secure IoT
25 pages
Accelerating Blockchain Applications On IoT Architecture Models - Solutions and Drawbacks
No ratings yet
Accelerating Blockchain Applications On IoT Architecture Models - Solutions and Drawbacks
24 pages
Sanghamitra User ID Password (Class 5)
No ratings yet
Sanghamitra User ID Password (Class 5)
9 pages
Pobt: A Light Weight Consensus Algorithm For Scalable Iot Business Blockchain
No ratings yet
Pobt: A Light Weight Consensus Algorithm For Scalable Iot Business Blockchain
13 pages
Mathematics 11 00418 v3
No ratings yet
Mathematics 11 00418 v3
22 pages
Mathematics 11 02157
No ratings yet
Mathematics 11 02157
20 pages
Performance Optimization For Blockchain-Enabled Industrial Internet of Things (IIoT) Systems PDF
No ratings yet
Performance Optimization For Blockchain-Enabled Industrial Internet of Things (IIoT) Systems PDF
12 pages
Level of Implementation of Industrial Technology Syllabi at ThePangasinan State University
No ratings yet
Level of Implementation of Industrial Technology Syllabi at ThePangasinan State University
9 pages
1 s2.0 S157401o3723000527 Main
No ratings yet
1 s2.0 S157401o3723000527 Main
16 pages
A Dynamic Adaptive Framework For Practical Byzantine Fault Tolerance Consensus Protocol in The Internet of Things
No ratings yet
A Dynamic Adaptive Framework For Practical Byzantine Fault Tolerance Consensus Protocol in The Internet of Things
14 pages
Blockchain Security Attacks, Challenges, and Solutions For The Future Distributed Iot Network
No ratings yet
Blockchain Security Attacks, Challenges, and Solutions For The Future Distributed Iot Network
22 pages
IET Blockchain - 2025 - Marchsreiter - Towards Quantum Safe Blockchain Exploration of PQC and Public Key Recovery On
No ratings yet
IET Blockchain - 2025 - Marchsreiter - Towards Quantum Safe Blockchain Exploration of PQC and Public Key Recovery On
19 pages
J. Parallel Distrib. Comput.: Junwei Zhang Zhuzhu Wang Lei Shang Di Lu Jianfeng Ma
No ratings yet
J. Parallel Distrib. Comput.: Junwei Zhang Zhuzhu Wang Lei Shang Di Lu Jianfeng Ma
16 pages
Everything You Need To Know About Chatgpt Expeed Software 240314091646 b2188bc5
No ratings yet
Everything You Need To Know About Chatgpt Expeed Software 240314091646 b2188bc5
19 pages
Sensors 21 00305 v2
No ratings yet
Sensors 21 00305 v2
21 pages
Paper 4-Modeling and Simulation of A Blockchain Consensus
No ratings yet
Paper 4-Modeling and Simulation of A Blockchain Consensus
10 pages
Tee Graph
No ratings yet
Tee Graph
9 pages
Pobt: A Light Eight Consensus Algorithm For Scalable Iot Business Blockchain
No ratings yet
Pobt: A Light Eight Consensus Algorithm For Scalable Iot Business Blockchain
13 pages
Lightblocks:: A Trusted Lightweight Signcryption and Consensus Scheme For Industrial Iot Ecosystems
No ratings yet
Lightblocks:: A Trusted Lightweight Signcryption and Consensus Scheme For Industrial Iot Ecosystems
15 pages
List of Hewlett-Packard Products
No ratings yet
List of Hewlett-Packard Products
28 pages
Blockchain For Internet of Things A Survey
No ratings yet
Blockchain For Internet of Things A Survey
19 pages
Ch03 Unlocked
No ratings yet
Ch03 Unlocked
37 pages
BeeKeeperA Blockchain-Based IoT System Withsecure Storage and Homomorphic Computation
No ratings yet
BeeKeeperA Blockchain-Based IoT System Withsecure Storage and Homomorphic Computation
17 pages
Sharding-Hashgraph A High-Performance Blockchain-Based Framework For Industrial Internet of Things With Hashgraph Mechanism
No ratings yet
Sharding-Hashgraph A High-Performance Blockchain-Based Framework For Industrial Internet of Things With Hashgraph Mechanism
10 pages
AI Class 9 Part A
No ratings yet
AI Class 9 Part A
26 pages
Secure Blockchain With Internet of Things (S-Biot) For Modern World Application
No ratings yet
Secure Blockchain With Internet of Things (S-Biot) For Modern World Application
12 pages
J. Parallel Distrib. Comput.: Chunpeng Ge Zhe Liu Liming Fang
No ratings yet
J. Parallel Distrib. Comput.: Chunpeng Ge Zhe Liu Liming Fang
9 pages
13281-English
No ratings yet
13281-English
14 pages
Computers and Electrical Engineering
No ratings yet
Computers and Electrical Engineering
8 pages
DQN-Based Optimization Framework For Secure Sharded Blockchain Systems
No ratings yet
DQN-Based Optimization Framework For Secure Sharded Blockchain Systems
15 pages
Ai-Enabled Blockchain: An Outlier-Aware Consensus Protocol For Blockchain-Based Iot Networks
No ratings yet
Ai-Enabled Blockchain: An Outlier-Aware Consensus Protocol For Blockchain-Based Iot Networks
6 pages
Blockchain Research Journal
No ratings yet
Blockchain Research Journal
13 pages
Enable Fair Proof-Of-Work PoW Consensus For Blockc
No ratings yet
Enable Fair Proof-Of-Work PoW Consensus For Blockc
14 pages
Doppel A BFT Consensus Algorithm For Cyber Physic 2024 Journal of Systems A
No ratings yet
Doppel A BFT Consensus Algorithm For Cyber Physic 2024 Journal of Systems A
13 pages
Scalability and Performance of Blockchain Based So
No ratings yet
Scalability and Performance of Blockchain Based So
14 pages
GTxChain A Secure IoT Smart Blockchain Architecture Based On Graph Neural Network
No ratings yet
GTxChain A Secure IoT Smart Blockchain Architecture Based On Graph Neural Network
13 pages
MIDI Solutions Event Processor Plus
No ratings yet
MIDI Solutions Event Processor Plus
9 pages
Scalable Byzantine Consensus Via Hardware-Assisted Secret Sharing
No ratings yet
Scalable Byzantine Consensus Via Hardware-Assisted Secret Sharing
15 pages
A Scalable Blockchain Framework For Secure Transactions in Iot
No ratings yet
A Scalable Blockchain Framework For Secure Transactions in Iot
10 pages
Blockchain Iot Security
No ratings yet
Blockchain Iot Security
10 pages
Towards Secure Industrial Iot: Blockchain System With Credit-Based Consensus Mechanism
No ratings yet
Towards Secure Industrial Iot: Blockchain System With Credit-Based Consensus Mechanism
10 pages
Evaluating Blockchains For IoT
No ratings yet
Evaluating Blockchains For IoT
5 pages
Securing Iot With Blockchain
No ratings yet
Securing Iot With Blockchain
4 pages
Rahul Agrawal, Pratik Verma, Rahul Sonanis, Umang Goel, Dr. Aloknath De, Sai Anirudh Kondaveeti, Suman Shekhar
No ratings yet
Rahul Agrawal, Pratik Verma, Rahul Sonanis, Umang Goel, Dr. Aloknath De, Sai Anirudh Kondaveeti, Suman Shekhar
5 pages
Blockchain Assisted Data Edge Verification With Consensus Algorithm For Machine Learning Assisted IoT
No ratings yet
Blockchain Assisted Data Edge Verification With Consensus Algorithm For Machine Learning Assisted IoT
10 pages
Unit 5
No ratings yet
Unit 5
7 pages
Blockchain For Iot: The Challenges and A Way Forward: July 2018
No ratings yet
Blockchain For Iot: The Challenges and A Way Forward: July 2018
13 pages
WWW Kratikal Com Blog How Is Vulnerability Management Different From Vulnerability Assessment
No ratings yet
WWW Kratikal Com Blog How Is Vulnerability Management Different From Vulnerability Assessment
7 pages
Paper Work Main
No ratings yet
Paper Work Main
7 pages
50A Blockchain Based Authentication and Security Mechanism For IoT
No ratings yet
50A Blockchain Based Authentication and Security Mechanism For IoT
7 pages
Blockchain in Iot
No ratings yet
Blockchain in Iot
4 pages
BasIc Structure of Computer
No ratings yet
BasIc Structure of Computer
19 pages
Embedded System Assignment
No ratings yet
Embedded System Assignment
14 pages
The Dragonflybsd Operating System: Jeffrey M. Hsu, Member, Freebsd and Dragonflybsd
No ratings yet
The Dragonflybsd Operating System: Jeffrey M. Hsu, Member, Freebsd and Dragonflybsd
6 pages
Business Profile - Elecsoft
No ratings yet
Business Profile - Elecsoft
5 pages
Census and Statistics Department Hong Kong Special Administrative Region
No ratings yet
Census and Statistics Department Hong Kong Special Administrative Region
1 page
IoT Security Engineering
From Everand
IoT Security Engineering
MAXWELL DRAKE
No ratings yet
Network Coding and Signcryption for Cloud Data Integrity
From Everand
Network Coding and Signcryption for Cloud Data Integrity
Noah Joan
No ratings yet
Botnet Attack Detection in the Internet of Things Using Selected Learning Algorithms: A Research Study on Securing IoT Against Cyber Threats Using Machine Learning
From Everand
Botnet Attack Detection in the Internet of Things Using Selected Learning Algorithms: A Research Study on Securing IoT Against Cyber Threats Using Machine Learning
Bolakale Aremu
5/5 (1)

TP-PBFT: A Scalable PBFT Based On Threshold Proxy Signature For Iot-Blockchain Applications

Uploaded by

TP-PBFT: A Scalable PBFT Based On Threshold Proxy Signature For Iot-Blockchain Applications

Uploaded by

This article has been accepted for publication in IEEE Internet of Things Journal.

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022

TP-PBFT: A Scalable PBFT Based on Threshold

W ITH the rapid development of 5G communication

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 2

Author Description Addressed challenges Year

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 3

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 4

shown here is that it does not respond to the requests of other

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 5

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 6

Di , and the elements in it are sorted from high to low

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 7

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 8

1) Select primary: We use P to represent the node number

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 9

Algorithm 3: Threshold Proxy Signature Generation

current V, num, state and d.

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 10

group composed of the nodes in the cluster where A is located.

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 11

4) Signature Verification: In order to verify whether the

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 12

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 13

compare the communication times required by PBFT and

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 14

Parameter Values TABLE V

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 15

[7] X. Wang, P. Zeng, N. Patterson, F. Jiang, and R. Doss, “An improved

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 16

IEEE INTERNET OF THINGS JOURNAL, VOL. X, NO. X, XXXX 2022 17

Jinlan Peng is purchasing the master degree in

Ning Gan is purchasing the master degree in cy-

You might also like