PTAS: Privacy-preserving Thin-client Authentication Scheme in blockchain-based PKI

Abstract Recent years have witnessed tremendous academic efforts and industry growth in Internet of Things (IoT). Security issues of IoT have become increasingly prominent. Public Key Infrastructure (PKI) can provide authentication service to IoT devices which is a crucial element to the security of IoT. However, the conventional PKIs are organized as a tree-like centralized structure which has demonstrated serious usability and security shortcomings such as the single point of failure. Blockchain has numerous desirable properties, such as decentralized nature, cryptographic technology and unalterable transaction record, these properties make it a potential tool to build a decentralized blockchain-based PKI. Nevertheless, the latest proposals for blockchain-based PKI did not take thin-clients into consideration where thin-clients indicate those users who cannot download the entire blockchain due to the limited storage capacity of their equipment (most IoT devices fall into this category). To settle this problem, we firstly present a Privacy-preserving Thin-client Authentication Scheme (PTAS) employing the idea of private information retrieval (PIR), which enables thin-clients to run normally like full node users and protect their privacy simultaneously. Furthermore, in order to enhance security, we further propose a ( m -1)-private PTAS which means thin-client’s information can be protected against a collusion of at most ( m -1) full node users. Besides, security analysis and functional comparison are performed to demonstrate high security and comprehensive functionality of our schemes. Finally, extensive experiments are conducted to compare computational overhead and communication overhead of PTAS and ( m -1)-private PTAS.