An efficient blockchain-based authentication scheme with transferability
- PMID: 39264886
- PMCID: PMC11392242
- DOI: 10.1371/journal.pone.0310094
An efficient blockchain-based authentication scheme with transferability
Abstract
In the development of web applications, the rapid advancement of Internet technologies has brought unprecedented opportunities and increased the demand for user authentication schemes. Before the emergence of blockchain technology, establishing trust between two unfamiliar entities relied on a trusted third party for identity verification. However, the failure or malicious behavior of such a trusted third party could undermine such authentication schemes (e.g., single points of failure, credential leaks). A secure authorization system is another requirement of user authentication schemes, as users must authorize other entities to act on their behalf in some situations. If the transfer of authentication permissions is not adequately restricted, security risks such as unauthorized transfer of permissions to entities may occur. Some research has proposed blockchain-based decentralized user authentication solutions to address these risks and enhance availability and auditability. However, as we know, most proposed schemes that allow users to transfer authentication permissions to other entities require significant gas consumption when deployed and triggered in smart contracts. To address this issue, we proposed an authentication scheme with transferability solely based on hash functions. By combining one-time passwords with Hashcash, the scheme can limit the number of times permissions can be transferred while ensuring security. Furthermore, due to its reliance solely on hash functions, our proposed authentication scheme has an absolute advantage regarding computational complexity and gas consumption in smart contracts. Additionally, we have deployed smart contracts on the Goerli test network and demonstrated the practicality and efficiency of this authentication scheme.
Copyright: © 2024 Jin, Omote. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
Conflict of interest statement
The authors have declared that no competing interests exist.
Figures
Similar articles
-
Provably secure and lightweight blockchain based cross hospital authentication scheme for IoMT-based healthcare.Sci Rep. 2025 Feb 22;15(1):6461. doi: 10.1038/s41598-025-90219-5. Sci Rep. 2025. PMID: 39987251 Free PMC article.
-
Blockchain Enabled Anonymous Privacy-Preserving Authentication Scheme for Internet of Health Things.Sensors (Basel). 2022 Dec 26;23(1):240. doi: 10.3390/s23010240. Sensors (Basel). 2022. PMID: 36616838 Free PMC article.
-
A Blockchain-Based Authentication and Authorization Scheme for Distributed Mobile Cloud Computing Services.Sensors (Basel). 2023 Jan 22;23(3):1264. doi: 10.3390/s23031264. Sensors (Basel). 2023. PMID: 36772304 Free PMC article.
-
Design of a Secure Medical Data Sharing Scheme Based on Blockchain.J Med Syst. 2020 Jan 8;44(2):52. doi: 10.1007/s10916-019-1468-1. J Med Syst. 2020. PMID: 31915982 Review.
-
A Comparative Analysis on Blockchain versus Centralized Authentication Architectures for IoT-Enabled Smart Devices in Smart Cities: A Comprehensive Review, Recent Advances, and Future Research Directions.Sensors (Basel). 2022 Jul 10;22(14):5168. doi: 10.3390/s22145168. Sensors (Basel). 2022. PMID: 35890848 Free PMC article. Review.
Cited by
-
Development of a service blueprint for blockchain services.PLoS One. 2025 Jan 27;20(1):e0317449. doi: 10.1371/journal.pone.0317449. eCollection 2025. PLoS One. 2025. PMID: 39869548 Free PMC article.
References
-
- Goldwasser S., Kalai Y. T., and Rothblum G. N., “One-time programs.,” in Crypto, vol. 5157, pp. 39–56, Springer, 2008.
-
- K. Durnoga, S. Dziembowski, T. Kazana, and M. Zajac, “One-time programs with limited memory,” in Information Security and Cryptology: 9th International Conference, Inscrypt 2013, Guangzhou, China, November 27-30, 2013, Revised Selected Papers, pp. 377–394, Springer, 2014.
-
- Li S., Xu C., Zhang Y., and Zhou J., “A secure two-factor authentication scheme from password-protected hardware tokens,” IEEE Transactions on Information Forensics and Security, vol. 17, pp. 3525–3538, 2022. doi: 10.1109/TIFS.2022.3209886 - DOI
-
- Mall P., Amin R., Das A. K., Leung M. T., and Choo K.-K. R., “PUF-based authentication and key agreement protocols for IoT, WSNs, and Smart Grids: a comprehensive survey,” IEEE Internet of Things Journal, vol. 9, no. 11, pp. 8205–8228, 2022. doi: 10.1109/JIOT.2022.3142084 - DOI
-
- Poettering B. and Stebila D., “Double-authentication-preventing signatures,” International Journal of Information Security, vol. 16, pp. 1–22, 2017. doi: 10.1007/s10207-015-0307-8 - DOI
MeSH terms
LinkOut - more resources
Full Text Sources
