SEBDA: A Secure and Efﬁcient Blockchain Based Data Aggregation

Scheme

Sehrish Shafeeq and Mathias Fischer

Universität Hamburg, Germany

ﬁ

Keywords:

Secure Data Aggregation, Blockchain, End-to-End Integrity.

Abstract:

Data aggregation plays a vital role in collecting and summarizing data in the Internet of Things (IoT). Data ag-

gregation results are used to make a critical decision; therefore, the end-to-end integrity of the data aggregation

result is of utmost importance. Recently, blockchain-based data aggregation approaches have been proposed

that mainly focus on data conﬁdentiality. However, existing approaches ignore two important requirements

1) the end-to-end integrity of data aggregation result and 2) the system’s scalability. This paper proposes a

blockchain-based data aggregation scheme to detect end-to-end integrity of aggregation results and identify

malicious aggregators. Furthermore, we improve the efﬁciency and scalability of the system by leveraging a

sidechain. Our simulation results indicate that the proposed system improves efﬁciency and scalability com-

pared to conventional blockchain-based data aggregation.

1 INTRODUCTION

The proliferation of the Internet of Things (IoT) is

driven by the promise to provide innovative solutions

to make life more efﬁcient, integrated, and produc-

tive (Catarinucci et al., 2015; Jeong and Lee, 2014).

These solutions are equipped with numerous devices

that collect and exchange data to make intelligent de-

cisions. By 2023, the number of IoT devices is ex-

pected to reach 29.3 billion (Cisco, 2020). In many

scenarios, data consumers only require access to ag-

gregated data, rather than ﬁne-grained data.

Data aggregation (Liu et al., 2019) is a process

of summarizing data obtained from multiple data

providers for statistical analysis, typically using a dis-

tributed approach called decentralized data aggrega-

tion. In this process, data providers send their raw

data to intermediate nodes that perform the aggrega-

tion function and then transmit the aggregation result

to the next intermediate node, continuing the process

until it reaches the querier. The intermediate nodes

are called aggregators.

Decentralized data aggregation reduces the num-

ber of data transmissions and improves scalability

(Krishnamachari et al., 2002). However, it has some

limitations. First, end-to-end integrity cannot be en-

forced easily, as malicious aggregators may not cor-

rectly perform aggregation operations and submit in-

correct aggregation results. End-to-end integrity im-

plies that the aggregation result is the output of the

correct computation of an aggregation function f per-

formed on the data values of a set of known data

providers. Second, the process lacks traceability and

transparency. The data submitted by data providers

and operations performed by aggregators are hidden

which makes difﬁcult to ﬁnd malicious aggregator.

In recent years, blockchain has attracted a lot of

attention for enhancing the security of IoT. However,

the current literature on the integration of blockchain

and data aggregation still faces some challenges. One

of the challenges is the scalability of the blockchain

network (Xie and Chen, 2021; Xie and Chen, 2021).

Furthermore, high transaction fees make microtrans-

actions infeasible and unattractive for data providers

to contribute to the process. Another issue is that ex-

isting approaches assume the aggregator to be "honest

but curious", meaning that it correctly performs com-

putation on the data which is not realistic assumption.

Therefore, there should be a mechanism that takes

advantage of blockchain technology in the data ag-

gregation process and simultaneously overcomes the

previously mentioned issues. This paper proposes a

decentralized data aggregation scheme with a 3-tier

architecture. The ﬁrst tier comprises data providers

that send their data to sidechains representing the sec-

ond tier. A sidechain is a secondary blockchain that

helps to improve the system’s scalability. Sidechains

perform aggregation on the data values and submit ag-

Shafeeq, S. and Fischer, M.

SEBDA: A Secure and Efﬁcient Blockchain Based Data Aggregation Scheme.

DOI: 10.5220/0012077900003555

In Proceedings of the 20th International Conference on Secur ity and Cryptography (SECRYPT 2023), pages 369-376

ISBN: 978-989-758-666-8; ISSN: 2184-7711

 2023 by SCITEPRESS – Science and Technology Publications, Lda. Under CC license (CC BY-NC-ND 4.0)

369

gregation results to the mainchain. The mainchain

is the third tier and performs data aggregation on

the intermediate aggregation results submitted by the

sidechain. Following are the main contributions of the

proposed Secure and Efﬁcient Blockchain based Data

Aggregation Scheme (SEBDA) scheme.

• We propose a scheme that leverages the

blockchain and smart contracts for decentralized

data aggregation. The proposed scheme protects

the end-to-end integrity of the aggregation result

in the presence of malicious aggregators.

• Our solution improves scalability by coupling on-

chain computation with sidechain computation.

• The proposed scheme improves efﬁciency com-

pared to conventional blockchain-based data ag-

gregation.

• The proposed scheme encourages honest partic-

ipation in the network by giving economic in-

centives and discourages malicious behaviors by

penalty mechanism.

The rest of the paper is organized as follows: Sec-

tion 2 summarizes the literature. Section 3 describes

the system model and the background. Section 4

presents the proposed solution. Section 5 provides se-

curity analysis and comparision with state-of-the-art

solutions. In Section 6, we performed performance

analysis. Finally, Section 7 concludes the paper.

2 RELATED WORK

Authors of (He et al., 2008) ensure integrity through

redundancy by constructing disjoint aggregation

trees. Each data provider sends its data to two ag-

gregation trees. The base station accepts aggrega-

tion results only if they agree with each other. In

(He et al., 2009), authors enhance (He et al., 2008)

with a method to identify malicious nodes. In this

scheme, data providers split their data into pieces and

send them to cluster members. The cluster head per-

forms data aggregation, and cluster members monitor

the aggregation result to identify malicious behaviour.

In (Li and Luo, 2012), authors proposed a homo-

morphic signature scheme to ensure the correctness of

the aggregation result. In (Leontiadis et al., 2015), au-

thors uses authentication tag to produce proof of cor-

rect aggregation computation. (Cui et al., 2018) pro-

posed a data aggregation scheme that achieves end-

to-end integrity using Homomorphic MAC (Agrawal

and Boneh, 2009). However, in this scheme, a single

private key is shared among all data providers for Ho-

momorphic MAC tag generation, which can be disas-

trous in the compromise of any node. (Vinodha and

Mary Anita, 2021) uses a concatenation based data

aggregation function which enables BS to recover in-

dividual data values and veriﬁes integrity. However,

using concatenation-based data aggregation leads to

high communication costs.

(Fan et al., 2020) focus on removing a trusted

third party in smart grid data aggregation by using

blockchain. Each smart meter encrypts its data using

a Paillier cryptosystem (O’Keeffe, 2008) and sends it

to the mining node along with Boneh-Lynn-Shacham

short signature (Boneh et al., 2001). The mining

node aggregates the data, decrypts it and then pub-

lishes result on the blockchain. However, the mining

node is assumed to be honest but curious. (Loukil

et al., 2021) leverage smart contracts to group IoT de-

vices and choose an aggregator. Each data provider

ﬁrst encrypts its data using the consumer public key

and then encrypts it using the aggregator public key.

However, double encryption increases computational

complexity for IoT devices. (Lu et al., 2021) pro-

pose a fault-tolerant secure data aggregation scheme.

Smart meters submit their data reports to Edge Server

(ES), which aggregates local data. ES then sends a

transaction that contains the aggregation result to a

master node for global data aggregation. (Xie and

Chen, 2021) leverages differential privacy and token-

based encryption to protect data conﬁdentiality. In

this work, smart contracts perform data aggregation

and device identiﬁcation. In summary, existing ag-

gregation schemes have limitations in terms of focus-

ing solely on data conﬁdentiality, relying on a trusted

aggregator, and not considering scalability.

3 SYSTEM MODEL AND

BACKGROUND

3.1 System Model and Attacker Model

The system model consists of four entities: querier,

data providers, primary cluster head, and secondary

cluster head. The querier initiates the data aggrega-

tion process by issuing a query. The data provider

provides its data values

{

,... ,v

}

upon request of

the querier. Let D =

{

,. .. ,d

}

be a set of n data

providers, where each data provider has a unique

identiﬁer. Each primary cluster head collects data val-

ues and performs intracluster data aggregation. The

data provider can also act as a primary cluster head.

Each secondary cluster head is also responsible for

performing aggregation function f

agg

and challenges

primary cluster head if it submits incorrect aggrega-

tion results.

The querier and data providers are assumed to be

honest. An adversary A can compromise a primary

SECRYPT 2023 - 20th International Conference on Security and Cryptography

370

cluster head or secondary cluster head. A compro-

mised primary cluster head or secondary cluster head

is called a malicious aggregator. A malicious aggre-

gator may selectively drop the data received from its

cluster members or manipulate the aggregate.

3.2 Background on Blockchain

Blockchain is a distributed ledger technology in

which a group of trustless actors works together to

maintain a record of transactions (Nakamoto, 2008).

The consensus is used to ensure that majority of the

network agree on a state in order to achieve security

and correctness guarantees. One of the signiﬁcant fea-

tures of blockchain is a smart contract., which is a

set of promises and protocols agreed among parties

for the execution of the promises (Wood et al., 2014).

Participants in the network validate the execution out-

come of a smart contract. To deploy a smart contract

on the blockchain, it is compiled to get Ethereum Vir-

tual Machine (EVM) bytecode, and then a contract

creation transaction that contains bytecode is sent to

the network. Authorized participants can interact with

a contract using the application binary interface (abi).

A transaction sender needs to pay gas to invoke con-

tract functions; gas is a measure of computational ef-

fort to execute EVM operations.

For a successful IoT application on a blockchain,

a blockchain needs to handle a large number of de-

vices. However, the rate at which blockchain handles

transactions is limited. Recently, many approaches

for solving the blockchain scalability issue have been

proposed (Chauhan et al., 2018). One of the notable

approaches is a sidechain; a sidechain is a secondary

blockchain connected to the mainchain. The proto-

cols of the sidechain are designed to meet application-

speciﬁc goals. The user can ofﬂoad some of the tasks

to the sidechain to achieve high transaction process-

ing speed and save high transaction fees. The inte-

gration of sidechains to the mainchain increases scal-

ability; however, the consensus algorithm is critical to

maintaining the security of the sidechain.

4 SEBDA SOLUTION

This section describes the architecture of the SEBDA

scheme.

4.1 SEBDA Overview

In this section, we introduce our SEBDA scheme at

an abstract level. First, a querier initiates the data

aggregation process by publishing a smart contract

Querier

Data

Provider

Sidechain

Mainchain

Figure 1: System overview.

mainchainAgg on a mainchain. Next, each partici-

pant register themselves by sending a transaction to

the mainchainAgg contract. Then, data providers are

divided into multiple clusters, and each cluster is as-

signed a primary cluster head and secondary cluster

heads, respectively. The primary cluster head com-

putes data aggregation and reports the result to the

mainchain. This opens a challenge period during

which secondary cluster head can challenge the sub-

mitted aggregation result. After the challenge period

expiration, the mainchainAgg contract performs in-

tercluster aggregation. A detailed explanation of the

SEBDA is described in Section 4.2.

4.2 SEBDA Protocol Details

The proposed data aggregation protocol consists of

the following ﬁve phases: system initialization, reg-

istration, intracluster data aggregation, dispute reso-

lution, and intercluster data aggregation.

4.2.1 System Initialization

Each participant has a digital wallet, a piece of soft-

ware enabling interaction with the blockchain. A wal-

let has a master private key that can essentially gener-

ate unlimited public key pk and private key sk pairs.

A participant’s public key pk is visible to the network.

A private key sk is known only to the participant and

is used to create a digital signature of a transaction

using the Elliptic Curve Digital Signature Algorithm

(ECDSA) (Breitner and Heninger, 2019).

4.2.2 Registration

The querier initiates the aggregation process by de-

ploying a smart contract, called mainchainAgg con-

tract to the mainchain by sending a transaction. After

a successful deployment of the mainchainAgg con-

tract, it is assigned a unique address add

main

that

SEBDA: A Secure and Efﬁcient Blockchain Based Data Aggregation Scheme

371

is used for further interactions. In addition to the

mainchainAgg contract, a querier also publishes a

contract called sidechainAgg contract on InterPlan-

etary File System (IPFS). IPFS is a peer-to-peer dis-

tributed ﬁle-sharing system. Further details of these

contracts are mentioned in subsequent sections.

Next, each data provider interested in participat-

ing registers itself by sending a transaction that in-

vokes a function regDp of the mainchainAgg con-

tract. The mainchainAgg contract mainly handles

participants’ registration, clusterization, challenges,

and intercluster aggregation functions. As a result

of successful registration, each device is assigned a

unique identiﬁer d

. Participants interested in acting

as aggregators also register themselves on the main-

chain. To do so, each aggregator sends a transac-

tion that invokes a function regCh of mainchainAgg

contract. To thwart submission of incorrect aggrega-

tion results, aggregators are required to submit tokens

called deposits during registration. The deposit act

as leverage against malicious aggregators. Aggrega-

tors are also incentivized to participate and follow the

rules in the network by rewarding them.

Next, querier partitions data providers D into mu-

tually disjoint non-empty n sets whose union is D and

each set is called a cluster c

. Then, each cluster c

is assigned an aggregator called primary cluster head.

Each cluster c

is also assigned multiple watchdogs,

called secondary cluster heads. A secondary clus-

ter head veriﬁes the aggregation result submitted by

primary cluster head. Both primary cluster head and

secondary cluster head are randomly selected. They

can also be chosen by aggregator election algorithm

such as LEACH protocol (Heinzelman et al., 2000;

Heinzelman et al., 2002); but this is not in the scope

of this research.

4.2.3 Intracluster Data Aggregation

In this phase, each cluster c

creates its sidechain. The

sidechain stores data values of data providers of a

cluster, and aggregators are responsible for manag-

ing it. After the sidechain creation, the primary clus-

ter head fetches the pointer to sidechainAgg con-

tract from the mainchain. Then, using the pointer,

the primary cluster head gets the sidechainAgg con-

tract from IPFS and publishes it on the sidechain. As

a result of successful sidechainAgg contract publi-

cation, it is assigned a unique address add

sidecontract

Next, the cluster head sends the address add

sidecontract

and abi of sidechainAgg contract to the data

providers of its cluster.

Each data provider d

in the cluster encapsulates

its data value v

in a transaction and sends it to the

sidechain within a speciﬁed period. The cluster ag-

gregator veriﬁes the transaction and executes it if it

recognizes the data provider as an authenticated clus-

ter member. The state of the intracluster aggregate

changes as a result of successful transaction execu-

tion. After computing the intracluster aggregation re-

sult, the primary cluster head submits it to the main-

chain.

When the mainchain receives the submitted intra-

cluster aggregation result, it emits an event to notify

secondary cluster heads. This opens a challenge pe-

riod during which secondary cluster head of a clus-

ter can open a dispute. Each secondary cluster head

compares the submitted intracluster aggregation re-

sult with the intracluster aggregation result computed

on the sidechain; if they are not equal, the secondary

cluster head challenge it within the challenge period.

If the intracluster aggregation result has not been chal-

lenged by any secondary cluster head during the chal-

lenge period the mainchain optimally accepts it, re-

wards the primary cluster head for good behavior, and

proceeds to Section 4.2.5.

4.2.4 Dispute Resolution

This phase executes only when one of the secondary

cluster heads challenges the intracluster aggrega-

tion result submitted by primary cluster head. The

mainchainAgg contract emits an event about the in-

tracluster aggregation result submitted by challenger

secondary cluster head and asks to vote within a spec-

iﬁed period t. If the majority of secondary cluster

head votes for the challenger aggregation result it is

accepted as a valid result; otherwise, the system ac-

cepts the intracluster aggregation result submitted by

the primary cluster head.

The dispute resolution phase ensures that the in-

correct aggregation result submitted by malicious pri-

mary cluster head is not accepted by the system

as long as the majority of aggregators are honest.

Similarly, a malicious secondary cluster head can-

not falsely win the challenge. To penalize a mali-

cious primary cluster head, a part of its deposit is

burned, meaning tokens are removed from circulation

by sending them to the wallet address that cannot be

used by anyone.

4.2.5 Intercluster Data Aggregation

Once all clusters have submitted their aggregation re-

sult and the challenge period is over, the querier initi-

ates intercluster aggregation by sending a transaction

that invokes a function computeInterclusterAgg of

mainchainAgg contract. The intercluster aggregate is

computed on the mainchain, and a network of miners

ensures transparent and correct computation of the in-

SECRYPT 2023 - 20th International Conference on Security and Cryptography

372

Algorithm 1: Challenge.

Input: cluster id c

cluster head address ch

claimed value claimedAgg

Modiﬁer: is challenge period active,

is challenger valid;

1: start challenge against cluster head ch

with claimed

value claimedAgg

;

2: increment vote v against cluster head ch

by 1;

3: if total votes v is greater than majority of aggregators

then

4: agg

← claimedAgg

5: a part of ch

deposit is burned

6: if ch

.deposit <= 0 then

7: remove cluster head ch

from aggregators list

8: end if

9: end if

tercluster aggregate. As a result of successful execu-

tion, an event is emitted to notify the querier about the

aggregation result.

5 SECURITY ANALYSIS

5.1 End-to-end Integrity

To show that SEBDA ensures end-to-end data in-

tegrity, we analyze it in 2 scenarios 1. incorrect intra-

cluster data aggregation 2. incorrect intercluster data

aggregation.

For the ﬁrst scenario, assume there is a malicious

primary cluster head A which submits incorrect in-

tracluster aggregation result agg

′

to the mainchain.

Once the mainchain receives the result, it notiﬁes sec-

ondary cluster heads of the cluster c

and opens the

challenge period. An honest secondary cluster head

challenges the malicious primary cluster head A

and

submits correct aggregation result claimedValue, ac-

cording to Algorithm 1. Other honest secondary clus-

ter heads belonging to cluster c

votes in favor of the

challenger. The intracluster aggregation result agg

′

submitted by A is replaced by claimedValue when

claimedValue receives v/sch

> τ votes, where v is a

total number of votes in favor of claimedValue

, sch

is a total number of secondary cluster head in the clus-

ter i and τ is threshold whose value must be greater

than 50%. The more the secondary cluster head there

are, the more challenging it becomes for a malicious

primary cluster head to compromise the aggregation

result by colluding with a signiﬁcant portion of clus-

ter heads. According to the assumption, the majority

of secondary cluster head are honest; thus, intraclus-

ter aggregation result agg

′

submitted by malicious pri-

mary cluster head A is replaced by correct intracluster

aggregation result agreed by the honest majority.

Now, let’s consider the second case in which ad-

versary A tries to manipulate intercluster aggregation

result. Our scheme leverage smart contract to com-

pute intercluster aggregation result. The miners of

the main network are responsible for verifying trans-

actions and computing the new state of the smart con-

tract. Therefore, an adversary A can only manipu-

late intercluster aggregation results if its hash power

is greater than half of the total hash power, which is

hard to achieve in practice.

5.2 Authentication and Non-repudiation

All participants sign their transactions using ECDSA.

Other participants use the public key to verify the

transaction’s integrity (single-hop data integrity) and

authenticity. Single-hop integrity ensures that an ex-

ternal entity does not modify the aggregation result

but does not ensure that the aggregation result is com-

puted correctly. ECDSA has been proven existentially

unforgeable under the hardness of the Discrete Log-

arithm Problem (DLP) and collision-resistant hash

function. Furthermore, since all participants sign their

transaction using their private keys; therefore a partic-

ipant cannot deny a transaction. Thus, the proposed

scheme ensures single hop integrity, authentication

and non-repudiation properties.

5.3 False Data Injection

In a false data injection attack, an external adversary

A attempts to inject false data as data values or aggre-

gation results. It is essential to ensure false data in-

jection because the blockchain is a public ledger, and

any member of a blockchain can send a transaction

to submit data value and aggregation results. In our

scheme, each primary cluster head uses ECDSA to

signature a transaction that invokes an intracluster ag-

gregation result function subIntraclusterAgg. The

modiﬁer of a function subIntraclusterAgg ensures

that only authenticated primary cluster head can sub-

mit intracluster aggregation results. Modiﬁers check

the prerequisites of a function and execute the func-

tion of a smart contract only if prerequisites are sat-

isﬁed. Thus the modiﬁer of a subIntraclusterAgg

function rejects the intracluster aggregation result if

an adversary A tries to submit an intracluster aggrega-

tion result. Similarly, the sidechainAgg contract en-

sures that only authenticated data providers of a clus-

ter can submit data values. Also, the mainchainAgg

contract ensures that only members of a cluster can

challenge primary cluster head. Hence, by utilizing

ECDSA and modiﬁers, our scheme ﬁlters out false

data submitted by an external adversary A .

SEBDA: A Secure and Efﬁcient Blockchain Based Data Aggregation Scheme

373

Table 1: Comparision between SEBDA and related work.

Paper Single hop

data In-

tegrity

False Data

Injection

Scalable End-to-end

data in-

tegrity

Smart contracts

(Fan et al., 2020) ✓ ✗ ✗ ✗ ✗

(Wang et al.,

2020)

✓ ✗ ✗ ✗ task publication

(Xie and Chen,

2021)

✓ - ✗ ✗ data aggregation

(Loukil et al.,

2021)

✓ ✓ ✗ ✗ group formation, aggregator selec-

tion

(Lu et al., 2021) ✓ ✓ ✗ ✗ ✗

SEBDA ✓ ✓ ✓ ✓ data aggregation , dispute resolu-

tion

5.4 Comparision with Related Work

Comparision with other blockchain-based data aggre-

gation schemes (Fan et al., 2020; Wang et al., 2020;

Xie and Chen, 2021; Loukil et al., 2021; Lu et al.,

2021) shows that they provide single-hop data in-

tegrity and do not consider malicious aggregator; thus

fails to achieve end-to-end integrity. The main goal of

(Xie and Chen, 2021) is to protect the data conﬁden-

tiality in the presence of an untrusted aggregator and

leader. However, a leader responsible for calling the

aggregation function of a smart contract can submit

an incorrect or incomplete database DB where DB is

collected data of devices. Additionally, the system is

not scalable enough to handle many IoT devices.

6 EVALUATION

In this section, we compare the performance of our

solution with a Conventional Blockchain-based Data

Aggregation (CBDA) system that performs all opera-

tions on the mainchain.

6.1 Experimental Setup and Procedures

We chose Ethereum blockchain to conduct our exper-

iments, and Ganache is used to simulate the Ethereum

blockchain. To make Ganache close to the main

Ethereum network, we set the block time to 12 sec.

It is important to note that other factors, such as gas

price and the number of pending transactions, also in-

ﬂuence the transaction processing time on Ethereum

main network. However, these factors are challenging

to incorporate into the experimental setup. The smart

contracts are written in Solidity, and the web3.js li-

brary is used to interact with the Ethereum node. The

data values of data providers are randomly generated,

and a sum aggregation query is used for performance

evaluation. We considered 3 sidechains connected to

the mainchain, and each sidechain is assigned one pri-

mary cluster head and two secondary cluster heads.

The experiments are repeated 30 times and each data

value represents the average. The experiments are

conducted on the physical machine equipped with In-

tel(R) Xeon(R) CPU E5 − 2660 v4, 131.7964 GB

RAM, CPU Frequency 2.00GHz, and docker con-

tainer is used for virtualization.

6.2 Results

We have evaluated the performance of our scheme

based on gas, transactional cost, and computational

cost. Table 2 shows the gas consumed by different

functions of a solidity smart contract. Ethereum sets

the minimum gas units for any transaction to 21, 000.

This mainly covers the cost of running an elliptic

curve algorithm. In addition to this, a transaction also

incurs gas that is dependent on the used opcodes in

the smart contract. It can be seen that the cluster head

registration function regCh requires the highest gas.

This is because when a node sends a transaction to

the change of Ethereum accounts state as a result of

deposit transfer. Then, it also updates the smart con-

tract’s state to reﬂect the newly added cluster head.

Table 2: Gas unit of different functions.

Number Function Gas units

1 regDp 95413

2 regCh 179334

3 subData 27631

4 subIntraclusterAgg 61093

5 compInterclusterAgg 76791

6 challenge 76652

Next, in Figure 2, we compare the cost of the data

aggregation process in terms of transaction fees. The

data aggregation cost is the sum of each transaction

fee executed during the aggregation process, includ-

ing the registration fee. The results are compared with

SECRYPT 2023 - 20th International Conference on Security and Cryptography

374

the CBDA system. The transaction fee is calculated

as transaction f ee = gas units ∗ gas price per unit.

The gas used by different aggregation functions can

be seen in Table 2. Gas price is the amount of ether

(ETH) per gas unit that must be paid to execute a net-

work transaction and ﬂuctuates over time. ETH is a

digital coin used in the Ethereum network, and one

of the denominations of ETH is Gwei. At the time

of running experiments (26 Sep 2022), the gas price

was 14 Gwei in the Ethereum network; thus, we have

also used 14 Gwei as the gas price for our network. In

Figure 2, it can be observed that our proposed SEBDA

results in overall lower transaction fees as compared

to the CBDA system. This is because intracluster ag-

gregation computation is performed on the sidechain

in our SEBDA scheme. Hence, it saves transaction

fees and encourages participation of data providers in

the network.

4 ×10

5 ×10

6 ×10

7 ×10

8 ×10

9 ×10

1 ×10

1.1 ×10

1.2 ×10

1.3 ×10

1.4 ×10

5 10 15 20 25 30 35 40 45 50

Gas price (GWEI)

Number of data providers

CBDA

SEBDA

Figure 2: Transaction cost comparision.

Figure 3 displays the computational cost of

data submission and intercluster aggregation in our

scheme. Our SEBDA scheme takes 139 ms for

data submission and intracluster aggregation of 100

data providers. Both operations are handled on the

sidechain, improving efﬁciency and removing trans-

actional costs on the data provider. In Figure 4, we

illustrate the scalability of our scheme and analyze

the effect of an increasing number of data providers

on the total data aggregation computation time. The

inside smaller chart we zoomed in on the y-axis of

the original graph. In our SEBDA scheme, most of

the total time is consumed by intracluster aggregation

result submission and intercluster cluster aggregation

because these operations are done in the mainchain,

which takes 12 sec to process a single transaction as

we can see that our SEBDA scheme shows superior-

ity than the CBDA system with an increasing number

of data providers. For example, our SEBDA scheme

reduces 91.9% of the total computational cost for 50

data providers. Thus, it can be concluded that our

scheme can handle a large number of data providers

without affecting overall performance, as its compu-

tational time increases linearly with the increasing

number of data providers.

100

120

140

160

10 20 30 40 50 60 70 80 90 100

Time (ms)

Number of data providers

SEBDA

Figure 3: Computational cost of data submission and intra-

cluster aggregation.

7 CONCLUSION AND FUTURE

WORK

We propose a 3-tier blockchain-based data aggrega-

tion scheme that use sidechains for data submission

and intracluster aggregation. To protect the end-to-

end integrity, SEBDA utilizes challenge and dispute

resolution protocols. The reward and punishment pro-

tocols encourage participation and discourage mali-

cious behaviors. Our simulation results prove that

SEBDA improves efﬁciency and scalability. To the

best of our knowledge, this is the ﬁrst blockchain-

based data aggregation scheme that addresses in-

tegrity and scalability requirements. In the future, we

will investigate the effect of an increasing number of

sidechains on security and ﬁnd a sweet spot between

security and scalability of the blockchain-based data

aggregation scheme. Moreover, we also aim to deploy

the proposed solution on low power IoT devices and

conduct experiments in a practical setting. This will

involve creating a small-scale IoT network where IoT

devices submit data values to the sidechain.

200

400

600

800

1000

1200

10 20 30 40 50 60 70 80 90 100

48.02

48.04

48.06

48.08

48.1

48.12

48.14

20 40 60 80 100

Time (sec)

Number of data providers

CBDA

SEBDA

Figure 4: Computation cost of data aggregation.

SEBDA: A Secure and Efﬁcient Blockchain Based Data Aggregation Scheme

375

REFERENCES

Agrawal, S. and Boneh, D. (2009). Homomorphic macs:

Mac-based integrity for network coding. In Applied

Cryptography and Network Security: 7th Interna-

tional Conference, ACNS 2009, Paris-Rocquencourt,

France, June 2-5, 2009. Proceedings 7, pages 292–

305. Springer.

Boneh, D., Lynn, B., and Shacham, H. (2001). Short sig-

natures from the weil pairing. In International confer-

ence on the theory and application of cryptology and

information security, pages 514–532. Springer.

Breitner, J. and Heninger, N. (2019). Biased nonce sense:

Lattice attacks against weak ecdsa signatures in cryp-

tocurrencies. In International Conference on Finan-

cial Cryptography and Data Security, pages 3–20.

Springer.

Catarinucci, L., De Donno, D., Mainetti, L., Palano, L., Pa-

trono, L., Stefanizzi, M. L., and Tarricone, L. (2015).

An iot-aware architecture for smart healthcare sys-

tems. IEEE internet of things journal, 2(6):515–526.

Chauhan, A., Malviya, O. P., Verma, M., and Mor, T. S.

(2018). Blockchain and scalability. In 2018 IEEE In-

ternational Conference on Software Quality, Reliabil-

ity and Security Companion (QRS-C), pages 122–128.

IEEE.

Cisco, U. (2020). Cisco annual internet report (2018–2023)

white paper. Cisco: San Jose, CA, USA.

Cui, J., Shao, L., Zhong, H., Xu, Y., and Liu, L. (2018).

Data aggregation with end-to-end conﬁdentiality and

integrity for large-scale wireless sensor networks.

Peer-to-Peer Networking and Applications, 11:1022–

1037.

Fan, H., Liu, Y., and Zeng, Z. (2020). Decentralized

privacy-preserving data aggregation scheme for smart

grid based on blockchain. Sensors, 20(18):5282.

He, W., Liu, X., Nguyen, H., and Nahrstedt, K. (2009).

A cluster-based protocol to enforce integrity and pre-

serve privacy in data aggregation. In 2009 29th IEEE

International Conference on Distributed Computing

Systems Workshops, pages 14–19. IEEE.

He, W., Nguyen, H., Liuy, X., Nahrstedt, K., and Abdelza-

her, T. (2008). ipda: An integrity-protecting private

data aggregation scheme for wireless sensor networks.

In MILCOM 2008-2008 IEEE Military Communica-

tions Conference, pages 1–7. IEEE.

Heinzelman, W. B., Chandrakasan, A. P., and Balakrishnan,

H. (2002). An application-speciﬁc protocol architec-

ture for wireless microsensor networks. IEEE Trans-

actions on wireless communications, 1(4):660–670.

Heinzelman, W. R., Chandrakasan, A., and Balakrishnan,

H. (2000). Energy-efﬁcient communication protocol

for wireless microsensor networks. In Proceedings of

the 33rd annual Hawaii international conference on

system sciences, pages 10–pp. IEEE.

Jeong, J. and Lee, E. (2014). Vcps: Vehicular cyber-

physical systems for smart road services. In 2014

28th International Conference on Advanced Informa-

tion Networking and Applications Workshops, pages

133–138. IEEE.

Krishnamachari, L., Estrin, D., and Wicker, S. (2002). The

impact of data aggregation in wireless sensor net-

works. In Proceedings 22nd international conference

on distributed computing systems workshops, pages

575–578. IEEE.

Leontiadis, I., Elkhiyaoui, K., Önen, M., and Molva, R.

(2015). Puda–privacy and unforgeability for data ag-

gregation. In International Conference on Cryptology

and Network Security, pages 3–18. Springer.

Li, F. and Luo, B. (2012). Preserving data integrity for

smart grid data aggregation. In 2012 IEEE Third Inter-

national Conference on Smart Grid Communications

(SmartGridComm), pages 366–371. IEEE.

Liu, X., Yu, J., Li, F., Lv, W., Wang, Y., and Cheng, X.

(2019). Data aggregation in wireless sensor networks:

from the perspective of security. IEEE Internet of

Things Journal, 7(7):6495–6513.

Loukil, F., Ghedira-Guegan, C., Boukadi, K., and Ben-

harkat, A.-N. (2021). Privacy-preserving iot data ag-

gregation based on blockchain and homomorphic en-

cryption. Sensors, 21(7):2452.

Lu, W., Ren, Z., Xu, J., and Chen, S. (2021). Edge

blockchain assisted lightweight privacy-preserving

data aggregation for smart grid. IEEE Transactions on

Network and Service Management, 18(2):1246–1259.

Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic

cash system. Decentralized Business Review, page

21260.

O’Keeffe, M. (2008). The paillier cryptosystem. Mathe-

matics Department April, 18:1–16.

Vinodha, D. and Mary Anita, E. (2021). Discrete integrity

assuring slice-based secured data aggregation scheme

for wireless sensor network (dia-ssdas). Wireless

Communications and Mobile Computing, 2021:1–17.

Wang, X., Garg, S., Lin, H., Kaddoum, G., Hu, J., and Hos-

sain, M. S. A Secure Data Aggregation Strategy in

Edge Computing and Blockchain empowered Internet

of Things. pages 1–1.

Wood, G. et al. (2014). Ethereum: A secure decentralised

generalised transaction ledger. Ethereum project yel-

low paper, 151(2014):1–32.

Xie, X. and Chen, Y.-C. Decentralized Data Aggregation: A

New Secure Framework based on Lightweight Cryp-

tographic Algorithms. In 2021 IEEE Conference on

Dependable and Secure Computing (DSC), pages 1–

Xie, X. and Chen, Y.-C. (2021). Decentralized data aggre-

gation: a new secure framework based on lightweight

cryptographic algorithms. Wireless Communications

and Mobile Computing, 2021.

SECRYPT 2023 - 20th International Conference on Security and Cryptography

376