A Blockchain System Based on Quantum-Resistant Digital Signature

Blockchain, which has a distributed structure, has been widely used inmany areas. Especially in the area of smart cities, blockchain technology shows great potential. ,e security issues of blockchain affect the construction of smart cities to varying degrees. With the rapid development of quantum computation, elliptic curves cryptosystems used in blockchain are not secure enough. ,is paper presents a blockchain system based on lattice cipher, which can resist the attack of quantum computation. ,e most challenge is that the size of public keys and signatures used by lattice cryptosystems is typically very large. As a result, each block in a blockchain can only accommodate a small number of transactions. It will affect the running speed and performance of the blockchain. For overcoming this problem, we proposed a way that we only put the hash values of public keys and signatures on the blockchain and store the complete content of them on an IPFS (interplanetary file system). In this way, the number of bytes occupied by each transaction is greatly reduced. We design a bitcoin exchange scheme to evaluate the performance of the proposed quantum-resistant blockchain system. ,e simulation platform is verified to be available and effective.


Introduction
Smart city [1] is the application of new technology to city management and service. Blockchain technology shows great potential in the field of smart cities. In terms of economic products, blockchain provides a unique identity of goods, which helps in real-time quality monitoring [2]. In terms of medicine, blockchain allows data to be stored safely. And it can be applied to the supervision and identification of drug supply chains. Blockchain is being paid attention to by more and more governments and is gradually being applied in smart cities.
In 2008, an author named Satoshi Nakamoto published a paper entitled "Bitcoin-A Peer-To-Peer Electronic Cash System". Afterwards, more and more developers have invested in blockchain research. Eth [3] (Ethereum), EOS [4] (Enterprise Operation System), EPT [5] (Electronic Payment To-ken), and other blockchain technologies [6,7] emerge one after another. ese technologies are widely used in finance, Internet of ings, intellectual property, traceability, and other areas. Up to now, there are more than 3,000 kinds of digital currencies in the world, with a total market value of 150 billion US dollars. Blockchain is essentially a distributed ledger that allows distrusted parties to trade directly without a third party. It has the characteristics of nontamper, nonforgery, traceable, transparent data especially safety like above, and so forth. ese characteristics largely depend on the underlying public key cryptography used in the blockchain. e security strength of traditional public key cryptosystems was dependent on one of the two difficult problems [8,9]: (1) factorization of large integers and (2) discrete logarithm problem. However, in 1997, Shor [10] and Grover et al. proposed quantum search algorithms, which make the decomposition of large integer factors no longer insoluble. And quantum search algorithms that break traditional public key cryptography are proposed continuously. As shown in Figure 1, with the development of quantum search algorithms, the security of blockchain based on traditional public key cryptosystems has aroused people's doubts. e need for blockchain to resist the attack of quantum algorithms is urgent.
ankfully, through the continuous efforts of researchers, there have been a lot of public key cryptosystems that are quantum-resistant algorithms. Among them, the number of lattice-based public key cryptosystems is the most competitive one. Up to now, there is no quantum algorithm that can solve the difficult problem of lattice-based public key. Regev [11] described several public key cryptosystems signatures based on lattices. is quantum-resistant cryptography brings hope for blockchain to resist the attack of quantum search algorithms. But the size of public keys and signatures used by lattice cryptosystems is typically very large.

Our Contributions.
In order to solve the problems faced by block chain, the following works are done in this paper: We propose an quantum-resistant blockchain scheme that the digital signature based on the elliptic curve is replaced by qTESLA digital signature based on lattice cipher to resist the attack of the quantum computer. We design a bitcoin exchange system to evaluate the performance of our system. e size of public keys and signatures used by qTESLA is very large. It will take up too much capacity of block. We store public keys and sign on IPFS and only put the hash values of them on the blockchain. Set the difficulty of POW (Proof of Work) to a suitable range; our system will be more efficient. We evaluated the strengths and weaknesses of the three systems. It provides effective experimental conclusions for future research.

e Paper Structure.
e rest of the paper is organized as follows: in Section 2, we will look at related works on quantum computers and quantum-resistant-lattice cryptography. We will introduce the techniques used, including Fiat-Shamir and its transformation, qTESLA's key generation and signature, and the principle of verification in Section 3; in Section 4, we propose a new quantum-resistant blockchain system. e availability, stability, and efficiency are analyzed in Section 5 and Section 6 concludes this paper.

Quantum Computers.
As early as in the early 1980s, Benioff [12] proposed a two-order quantum system that could be used to simulate digital computation. Over the next few years, quantum computing gradually has taken on the basic form of mathematics. In 1997, Shor et al. proposed a polynomial time quantum algorithm for factorization of large integer and discrete logarithm problems, which seriously threatened the security of digital signature based on the elliptic curve. D-wave went from the first 16-bit quantum computer in 2007 to a 512-bit one, which provided the rapid development of quantum computers greatly. At the same time, IBM in the United States has found a key technology that can massively increase the quantum number of quantum computers. In 2016, IBM launched the world's first quantum computing cloud platform: IBMQ. Currently, the IBMQ processor has reached 17 qubits. In 2018, Google's Quantum Artificial Laboratory launched Britlecone. In 2020, Pan et al. at the University of Science and Technology of China have developed a dedicated quantum computer. e rapid development of quantum computer threatens the security of the traditional cryptographic public key system, and it is urgent to improve the blockchain technology used in the traditional cryptography.

Public Key Cryptosystem Based on Lattice.
ere are four mainstream public key cryptosystems against quantum algorithms [13]: public key cryptosystems based on a hash function, public key cryptosystems based on error correction code, public key cryptosystems based on lattice, and multivariable public key cryptosystems.
In 1996, Ajtai [14] gave the specification of the general difficult case to the worst case on lattice for the first time in his paper, introduced the small integer solution problem and one-way function problem in the average case, and proved that solving the above problems was equal to the difficult case on lattice in the worst case. In 1997, Aharonov and Benor [15] presented a lattice-based public key encryption system with security proof under the worst-case complexity assumption. From 1997 to 1998, Hoffstein Pipher and Silverman designed using a polynomial ring UNRU encryption system. UNRU is fast in encryption and decryption and has a more compact key size but lacks formal security proofs and does not have any known difficult problems to regulate. In 1997, Goldreich, Goldwasser, and Halevi et al. directly applied the lattice difficulty problem to the lattice public key encryption and proposed the GGH cryptosystem. e GGH regime is easy to understand and intuitive, but there are no worst-case security guarantees, and the security assessment is in the heuristic proof phase. At present, a lattice-based cryptosystem [16,17] is designed around two basic problems of small integer and learning error. In 2005, Regev [18] proposed the LWE problem to make the lattice-based cryptography system take into account provable security. In 2008, Ladner and Dwork [19] obtained the protiofate by using the single trap function on lattice (GPV) and constructed the public key encryption scheme and the signature scheme by using the protiofate sampling method.

Lattice Signature Scheme.
At present, the digital signature based on lattice cipher can be divided into three types: lattice aggregation signature, proxy signature, and fuzzy identity signature. Yanhua et al. [20]. designed the converged signature of two lattice bases, which has no security proof, leading to the existence of serious security risks. Lattice ordered aggregate signatures can only be used in sequentially related systems, but not in a disordered user system such as blockchain. A proxy signature may designate an agent to continue the signature authentication operation in the absence of the signer. Fuzzy identity signature is more used in the identification of biological attributes.
All of the above signatures belong to two modes, Fiat-Shamir and Hash-And-Sign. Between the two modes, the signature in Fiat-Shamir mode has a higher implementation efficiency. qTESLA digital signature is a kind of digital signature in its mode.

Quantum-Resistant Blockchain System.
e main technology used in the quantum-resistant computer blockchain system is to replace the original signature with a digital signature of the quantum-resistant algorithm. However, it only stays in theoretical research and lacks practical experience. e signed public key takes up a lot of block capacity. At present, the problem of the long public key has not been solved completely.
Some researchers are working on algorithms for digital signatures. Li et al. [21] proposed a digital signature algorithm using the Bonsai Trees technology. is algorithm can guarantee its security. However, it is inefficient. And its practicability needs to be verified. Gao et al. [22] proposed a double signature scheme that can be applied to the blockchain. However, the security of this scheme is only under the SIS assumption, which is not convincing. On the basis of Bonsai Tree, Yin et al. [23] extend a lattice space to multiple lattices. is scheme adds complexity to the signature. And the signatures produced by such schemes are enormous.

Background
As of now, there is no quantum algorithm which can solve the difficult problem based on lattice. e difficulty of lattice problem in the worst-case ensures its strong security. Moreover, the basic operations of lattices are parallel which will reduce the computation complexity. In this paper, qTESLA digital signature based on lattice cipher is used instead of the original digital signature based on the elliptic curve in bitcoin system to resist the attack of the quantum computer.
e qTESLA is a digital signature of Fiat-Shamir mode with high efficiency. erefore, this section describes the Fiat-Shamir pattern in detail and gives its signature transformation and the basic principle of qTESLA. [24,25] authentication protocol is an interactive zero-knowledge proof mode with high computational efficiency.

Identity Authentication Protocol Fiat-Shamir.
e basic principle of Fiat-Shamir is as Figure 2: p and q; let n � p × q. Alice generates her own private s ∈ (1, n − 1) and public keys v � s 2 modn using the key algorithm.
If Alice pretends to know the news s, she wants to perjure herself to prove it to Bob.
If Alice can predict in advance whether the c Bob is sending 0 or 1, then Alice can trick Bob.
If Alice cannot predict in advance the c that Bob sends, then the probability that Alice cheats Bob is 1/2 n . After tests, the probability of Alice cheating Bob is almost zero.
In reality, Alice could not have foreseen Bob's challenge.

Fiat-Shamir Transformation.
In Fiat-Shamir transformation, Alice uses hash function H instead of c to generate challenges in Figure 3. It can prove that Alice knows the message s without any interaction.
Signature and Verification. e principle of qTESLA is shown in Figures 9-11.

IPFS.
e public key length based on the qTESLA digital signature is too long and will occupy most of the block memory. At present, the main solution of quantum-resistant computer blockchain system is to adjust the algorithm and reduce the length of the public key. Although this method improves the use of limited block capacity, it cannot fundamentally solve the problem of public key length. is article uses the IPFS protocol to solve this problem. After uploading the available file, we get a hash value. When we need the file, we just need to enter the corresponding hash value to get it. e IPFS [26] protocol is a distributed file system that uses a combination of technologies [27] to ensure its unique advantages: S/Kademlia DHT. e structure of S/Kademlia DHT is shown in Figure 12. After the node receives the information, it updates its k bucket, as shown in Figure 13. Next, the node needs an introducer to join the KAD network. e node inserts the introducer into its own k bucket and performs FINDNODE to updates its own k bucket until it completes the build of k bucket. Finally, it publishes its own information to other nodes' k buckets. In the KAD network, the sender has to sign the sent message. After other nodes receive the message, they not only need to check the signature but also need to complete two difficult problems. It ensures that the   Figure 4: Some definitions of the ring.
information of the nodes joining the KAD network will not be attacked. BitTorrent. BitTorrent is a content distribution protocol. e rationale is as follows: users forward portions of content they know to each other until each user gets all of it. is technique enables nodes in two peer-topeer systems to send and receive files without having to trust each other. SFS (Self-Certifying File System). SFS is a self-authenticating file system that can be shared globally. On the SFS network, various key management mechanisms can be built. is file system separates key revocation from cipher distribution and does not affect key recovery. Git. A distributed version control system. IPFS Technical Summary. Combining the advantages of the above four technologies, IPFS [28,29] protocol constructs a globally distributed file system. IPFS does not immoderately distribute files in your local repository to other IPFS nodes. If no other IPFS nodes search your files, the files in your local repository will always exist locally. IPFS protocol has the characteristics of fast download, permanent storage of files, and natural resistance to DDOS attacks.

Quantum-Resistant Blockchain System Based on qTESLA
In this section, we describe the designed secure blockchain against quantum search algorithm and carried out experimental verification of the above theory. We simulate a bitcoin transaction simulation scenario and construct a blockchain system based on a quantum-resistant digital signature. In this system, we set up three time periods. Figure 14 shows our system architecture. Table 1 shows our experimental environment.

Phase A: Account
Create. e wallet is used to create an account. And it contains several modules: a module to generate public-private key pairs, a module to generate account addresses, and a signature module.
In this phase, the node generates a pair of public and private keys from the signature algorithm of the wallet. pk generates the address of this account through a hash algorithm. sk is used to generate the signature. en, we upload the public key to IPFS and get a hash sequence. In the future, the hash sequence will represent the public key. And it is much smaller than the original public key. So it is much better to write the hash IPFS into the transaction and store hash IPFS than to just manipulate the string of the public key.

Phase B: Transactions Generates.
We are working on the assumption that account A transferred 0.3 bitcoins to account B. In a blockchain, transaction information is written in UTXO. Our system divides UTXO into two parts, the input and the output. And we set up two scripts which are the signature script and the unlocking script. In Figure 15, 1 and 2 belong to the input script and 3 belongs to the unlocking script.
As shown in Figure 16, when A initiates a transaction, it is divided into two steps: Step 1: we make a message of the transaction for the signature. is message contains the address of A, the id of the transaction, the number of transactions output, and the entire output.
Step 2: the transaction is signed by qTESLA. en, we enter the signature information and the IPFS hash sequence of A in the signature script. Figure 17, the transaction is broadcast through the P2P network structure and waits for verification by B and other miner nodes. After receiving the transaction, the miner node verifies the transaction by getting A's public key from the IPFS network through. e mining node packages trades in the nearest time period into blocks (candidate blocks). e miner calculated a difficult hash value (POW consensus algorithm), which was verified through the whole network and then written into the blockchain.

Experiment and Analysis
e system uses quantum-resistant digital signatures, so its security is impeccable. In this section, we explore the performance and efficiency of the system.
Under the same simulation scenario, we tested three different blockchain systems: (1) quantum-resistant

5.1.
Efficiency. In our simulation system, the transactions are sequential. A signature and a verification are generated while a transaction is created. Each system was tested 1,000 times to get the duration of the signature, the duration of verification, and the duration of the transaction. Table 2 shows that the average time of blockchain based on the elliptic curve is the shortest in the three systems. But the blockchain based on the elliptic curve cryptography cannot guarantee security. In addition, POW (Proof of Work) can take up a lot of time when a block generates. e duration of the transaction is negligible. We have reached the conclusion that the average mining time (workforce) is 2 seconds when the difficulty is 5 (a hash value that the first five digits is 0).

Analysis.
e standard deviations of the time taken for these three systems are shown in Table 3. e Table 3 shows that the qTESLA based blockchain system has the most stable performance. e time of qTESLA based blockchain with IPFS will be -instability due to the network. But the time is within acceptable limits.
As shown in Table 4, we processed the maximum and minimum values of the transactions' time in each system according to equation (1). e smaller the value, the better the stability. is result confirms our system is more stable:

Blockchain System Analysis with or without IPFS.
In this section, we evaluate the performance of blockchain used IPFS network. is system not only resists the attack of quantum algorithm but also relieves the stress of capacity. And it is more efficient than blockchain systems without IPFS, when the difficulty of PoW is appropriate.  Figure 9: Key generation.

Security and Communication Networks
As shown in Table 5, we measured some parameters about the size of each part of the UTXO (unspent transaction outputs) which is written into the block. Obviously, the number of bytes occupied by each transaction is greatly reduced. rough the test, we get the duration of each part of the transaction in Table 6. e duration of mining and the size of block together determine how long it takes to create a block. According to the data in Tables 5 and 6, we analyzed and concluded the blockchain system with IPFS is more efficient than the blockchain system without IPFS under suitable mining time in different block sizes. Table 7

Conclusions
With the rapid development of quantum computer, quantum-resistant blockchain system research is extremely urgent. In this paper, we draw a blockchain resisting quantum attacks. e qTESLA digital signature based on lattice cipher, which cannot be broken by quantum algorithm, is    It is the ratio of the latter to the former.   applied to the blockchain, and its public keys and signs are stored on the IPFS network. us, this way not only solves the problem of quantum attack but also solves the problem of block capacity. We have tested and analyzed our system. We have verified the feasibility and stability of our system and given some data reference. In the future, we can make a practical application based on our blockchain system. e realization of our system increases confidence for future research on quantum-resistant blockchain. And we provide a new idea to deal with the problem of public keys' length. e experimental results show that our experiment is feasible. And with the suitable difficulty of POW, our system will be better. With the rapid development of 5G, IPFS networks will become faster and faster so that our systems will become more efficient. In the construction of smart cities, the blockchain technology has been applied more widely and deeply, such as government affairs, people's livelihood, and urban governance. Our solution uses quantum-resistant signatures to enhance the security of the blockchain and provide security for the construction of smart cities.
Our experiment has some limitations that parallel transactions are not allowed, in the experiment. However, we can ignore the limitations. Because, in the real network, there are many uncertain factors in the transaction. We only test the individual deals.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that they have no conflicts of interest.