Blockchain-Based Data Storage Mechanism for Industrial Internet of Things

With the development of the Industrial Internet of Things and the continuous expansion of application scenarios, many development bottlenecks have followed. Its data security issue has become an obstacle to its widespread application. It has attracted substantial attention from both academia and industry. Blockchain technology has the characteristics of decentralization, openness and transparency and non-tampering. It has natural advantages in solving the security of the Industrial Internet of Things. Accordingly, this paper first analyzes the security risks associated with data storage in the Industrial Internet of Things and proposes the use of blockchain technology to ensure the secure storage of data in the Industrial Internet of Things. In traditional blockchains, the data layer uses Merkle hash trees to store data; however, the Merkle hash tree not able to provide non-member proof, which makes it unable to resist attacks from malicious nodes in the network. To solve this problem, this paper replaces the Merkle hash tree with a password accumulator to provide member proof and non-member proof. Moreover, the existing accumulators have trapdoors and cannot be updated in batches, and unable to meet the blockchain’s expansion requirements. This paper presents an improved RSA accumulator and gives the definition of the accumulator. Finally, this paper uses RSA to construct a batch update accumulator scheme without trapdoor, and shows that the scheme is feasible through correctness and security.


Introduction
With the rapid development of the Internet of Things technology, a series of national strategies, such as Made in China 2025, the American Advanced Manufacturing Partnership Program, and German Industry 4.0 have been proposed [1]. In this context, the Industrial Internet of Things has emerged at the historic moment and has become an important part of the intelligent transformation of the global industrial system [2]. Medical system [3], the Internet of Vehicles (IoV) [4][5][6], artificial intelligence [7], dam security systems [8,9], etc. Underpinning all this is the acceleration of the industrial Internet of Things, rapid maturity, the arrival of the Industrial Internet of Things era has no doubt. The Industrial Internet of Things is to realize the flexible allocation of manufacturing raw materials, the on-demand execution of manufacturing processes, the reasonable optimization of manufacturing processes and the rapid adaptation of the manufacturing environment through the interconnection of industrial resources, data communication and system interoperability to achieve efficient use of resources [10,11]. In order to building a new industrial ecosystem which is driven by services.
With the integration of industrial Internet of Things technology and traditional industries, the Industrial IoT has profoundly changed the mode of production, organization and business model of traditional industries [12]. Traditional technology has been unable to meet the needs of the future industrial Internet of Things. Industrial Internet of Things projects are usually applied to enterprises in raw material procurement, inventory management, downstream sales and other links. Many of the information systems among these subjects are independent of each other, and there is a problem of data forgery [13,14]. In terms of saving user data, under the current centralized management mode of the Industrial Internet of Things, there is a possibility of data loss due to failure of individual devices [15]. When the amount of data information is too large, it will increase the burden of the central server. In terms of operation and maintenance costs, the current industrial IoT data streams are aggregated into a single central control system [16]. With the continuous evolution of low-power wide-area technology (LPWA) [17], the future industrial IoT equipment will grow geometrically and centralized service cost is unaffordable. In terms of data transmission, due to the open nature of the wireless network, the nodes lacking security are very vulnerable, along with the wireless information transmitted between the devices is vulnerable to threats [18][19][20]. The possible threats are mainly spread of spam data, DDoS attacks and cross heterogeneous network attacks. Therefore, the security issues of the Industrial Internet of Things have attracted much attention, and the blockchain can provide the best solution.
In order to improve the data security of the Industrial Internet of Things, some scholars have integrated blockchain technology into the Industrial Internet of Things to improve security [21][22][23]. With the characteristics of decentralization, openness, transparency and non-tampering, blockchain technology provides trust, transparency and secure data guarantee for the Industrial Internet of Things. Moreover, encrypted contracts between industrial IoT devices can be recorded as smart contracts on the blockchain and automatically executed to improve efficiency. In blockchain technology, the data layer of the blockchain uses a Merkle tree to store data. However, the Merkle tree stores data has the following shortcomings: It can only provide member proof, cannot provide non-member proof, the storage takes up large memory, and members cannot be deleted at will. In recent years, cryptographic accumulators, a potential alternative to Merkle trees for blockchains, have attracted more and more interest. Because the accumulator has the characteristics of strongness, universality, compactness, it can provide the advantages of non-member proof, delete members at will, reduce data storage memory, so this paper introduces the accumulator in the blockchain and replaces it with the accumulator Merkle tree can reduce the memory of node data storage, and also better protect privacy. This paper studies the storage mechanism of blockchain data based on accumulators, and further proposes a method for secure storage of industrial Internet of things data based on blockchain. In addition, this paper presents the concept of batch update accumulator without trapdoors, uses RSA to construct a specific scheme, and demonstrates its security.
The remainder of this paper is structured as follows. Section 2 presents some related work about Industrial Internet of Things, blockchain technology, prime representation, RSA accumulator, strong RSA assumption and Batch and aggregation. In Section 3, the data security issues of the Industrial Internet of Things are described. In Section 4, moreover, the secure storage of data based on the blockchain-based Industrial Internet of Things is described. Finally, the conclusion is provided in Section 5.

Related Work
In this section, the industrial Internet of Things, blockchain technology, prime representation, batch and aggregation, RSA accumulator and strong RSA assumption are described.

Industrial Internet of Things
A typical IoT system has three levels [24]. One is the perception layer, which uses RFID, sensors, QR codes, etc. to obtain object information anytime and anywhere; the second is the network layer, through the integration of telecommunications networks and the Internet, the object information is accurately transmitted in real time; the third is the application layer, which the information obtained by the perception layer is processed to realize practical applications such as intelligent identification, positioning, tracking, monitoring and management [25]. The architecture is as illustrated in Fig. 1 below.
Compared with the traditional IoT architecture, the industrial IoT system architecture adds on-site management. The role of the on-site management layer is similar to an application sublayer, which can preprocess data at a lower level, and is an indispensable layer for real-time control, real-time alarm and real-time data recording in industrial applications.
Perception layer: The perception layer is composed of field equipment and control equipment, mainly for the perception of industrial machine information and the issuance of control instructions. Field devices mainly include temperature sensors, humidity sensors, pressure sensors, RFID, electric valves, transmitters, etc. These devices are directly connected to industrial machines and serve as a peripheral mechanism for sensing the control process. Control equipment mainly refers to PLC and other controllers. In industrial systems, PLC and other controllers are used to achieve lower-level high-speed real-time control functions, which are particularly important for industrial control. The control device and field device form a field bus control network, such as the commonly used CAN bus network, Profibus bus network.
On-site management: On-site management mainly refers to the local dispatch management center of the factory, namely the SCADA system. The dispatch management center acts as the local manager of the industrial system and the provider of the external interface of the industrial data, generally includes industrial database servers, monitoring servers, file servers and Web network servers. As a layer different from the traditional IoT system architecture, the on-site management layer plays an important role in the industrial IoT system. On-site management integrates the existing industrial monitoring system. Its existence enables some key industrial data from the perception layer to be recorded and processed in a timely manner. For some lower-level process control instructions that require real-time performance, it can quickly respond and make control decisions in a timely manner.
Network layer: The network layer uses telecommunications network or Ethernet to set up a transmission channel for the local data of the factory and the remote data analysis center, so that the data can be transmitted anytime and anywhere.
Application layer: The application layer is the ultimate embodiment of the Industrial Internet of Things. The application layer meets the needs of industrial applications and is deeply integrated with industry expertise. It uses big data processing technology to analyze the data from the perception layer, which mainly includes monitoring the production process, tracking and recording the operating status of industrial machines. It produces results that have guiding significance for the development of enterprises and industries, such as optimizing production processes, knowing production management, improving operating efficiency, and predicting industry development, to achieve a wide range of intelligence. Different companies can share the analysis and processing results of big data with each other, which plays a great role in promoting collaborative production among enterprises, optimizing social industrial structure, and improving overall social productivity.

Blockchain Technology
Blockchain is mostly known as the technology underlying the cryptocurrency Bitcoin [26]. The core idea of a blockchain is decentralization. This means that blockchain does not store any of its database in a central location, but will copy and distribute the blockchain on the participant network. Whenever a new block is added to the blockchain, every computer on the network updates its blockchain to reflect the change. This decentralized architecture has the advantages of tamper resistance and no single-point failure vulnerabilities, which can ensure robust and secure operation on the blockchain. The general concept on how the blockchain operates is presented in Fig. 2.
Main components of Blockchain: Data block: Blockchain is essentially a block chain, a linear structure, starting from the so-called genesis block, all the way to each new block linked in the chain. Each block contains a number of transactions and is linked to its immediately-previous block through a hash label. In this way, all blocks in the chain can be traced back to the previous one, and no modification or alternation to block data is possible. In particular, a typical data block structure includes two main components, including transaction records and a blockchain header [26]. Here, transaction records are

New block Old blocks
The transaction is complete Verified transaction New data block Figure 2: The concept of blockchain operation organized in a Merkle tree-based structure where a leaf node represents a transaction of a blockchain user. For example, a user may request to have associated metadata to establish a transaction that is also signed with the private key of user for trust guarantees. At the same time, the block header contains the following information: (1) Hash of the block for verification, (2) Merkle root, used to store a set of transactions in each block (3) Nonce value which is a number that is generated by consensus process to produce a hash value below a target difficulty level, and (4) Timestamp which refers to the time when the block was created. A typical blockchain structure is presented in Fig. 3.
Distributed ledger (database): A distributed ledger is a type of database which is shared and replicated among entities on a peer-to-peer network. The shared database is available for all network participants within the blockchain ecosystem. Participants of the network can achieve on the agreement by a consensus mechanism in a distributed environment that does not require third parties to perform transactions.
Consensus algorithms: When nodes start to share or exchange data on the blockchain platform, there is no centralized parties to regulate transaction rules and protect data from security threats. In this regard, it is vitally to verify the trustworthiness of the block, track the data flow and guarantee a secure exchange of information to avoid fraud problems, such as double-spending attacks. These requirements can be met by using a verification protocol called a consensus algorithm. In the blockchain context, a consensus algorithm is a process used to reach agreement on a single data block among multiple unreliable nodes. An example of a consensus application is the Bitcoin blockchain. Bitcoin uses a proof of work algorithm (PoW) [27,28] as a consensus mechanism run by miners to ensure security in untrusted networks.
Smart contracts: Smart contracts are programmable applications that run on the blockchain network. Since the first smart contract platform known as Ethereum [29] was released in 2015, smart contracts have gradually become one of the most innovative topics in the blockchain field. For example, when a person signs a smart contract to transfer his funds, the funds will be automatically transferred through the blockchain network. Then the transfer information will be recorded as a transaction and stored on the blockchain as an immutable ledger [30]. This self-executing protocol that relies on code makes the smart contract immutable and resistant to external attacks [31][32][33].

Prime Representatives
For reasons of security and correctness, in the construction of this paper, the main representative concepts of the widely used elements will be quickly clarified. Initially introduced in [  representatives [35] provide a solution whenever it is necessary to map general elements to prime numbers. In particular, one can map a k-bit element e i to a 3k -bit prime x i using two-universal hash functions. This paper uses two general functions. h x ð Þ ¼ Fx, where F is a k Â 3k Boolean matrix. Since the linear system h x ð Þ ¼ Fx has multiple solutions, one k-bit element is mapped to more than one 3k-bit elements.
Let H be a two-universal family of functions mapping 0; 1 f g 3k to 0; 1 f g k and let h 2 H. For any element e i 2 0; 1 f g k , the prime number x i 2 0; 1 f g 3k can be computed by sampling O k 2 ð Þ times with high probability from a set of inverse h À1 e i ð Þ, so that h x i ð Þ ¼ e i .

RSA Accumulator
Suppose there is a set of k-bit elements where p, q are strong primes numbers. Using the RSA accumulator [36], we can represent X compactly and securely with an accumulation value acc X ð Þ, which is a k 0 -bit integer defined as acc X ð Þ ¼ g r x 1 ð Þr x 2 ð Þ...r x n ð Þ mod N , Where g 2 QR N and r x i ð Þ is a 3k-bit prime representative, computed using a universal hash function h.
According to the accumulative value acc X ð Þ, each element in the set X hash a member witness, the value is: Given the accumulated value acc X ð Þ and the witness W x i , you can verify the membership of x i in X by computing W r x i ð Þ x i mod N and checking that it is equal to acc X ð Þ. Any adversary A, who does not know [ N ð Þ, subject to computation restrictions, cannot find another set of elements X 0 6 ¼ X such that acc X 0 ð Þ ¼ acc X ð Þ unless A breaks the strong RSA assumption.

Strong RSA Assumption
Given an RSA modulus N and a random element x 2 Z N , that is difficult (i.e., it can be done with probability that is neg k ð Þ, which is negligible in the security parameter k) for a computationally bounded adversary A to find y > 1 and a such that a y ¼ x mon N .

Batch and Aggregation
This paper uses batch processing to describe a single operation corresponding to n items, rather than one operation per items. For example, a verifier can perform batch verification on n certificates faster than performing n verifications on a single membership proof. Aggregation is a batching technique that is used when non-interactively combining n items to a single item. For example, a prover can aggregate n membership proofs to a single constant size proof.

Security Issues of the Industrial Internet of Things
The security and privacy of the industrial Internet of Things is the focus of the Industrial Internet of Things security research. However, because these Industrial Internet of Things lack mutual trust mechanisms between devices, all devices are required to be checked against the data of the Industrial Internet of Things Center [37][38][39]. Once the database collapses, it will cause great damage to the entire Industrial Internet of Things and will there are a lot of data collection and transmission processes between sensor nodes in the network. Therefore, such systems often encounter security threats such as information leakage, information forgery and unauthorized access. The structure of the Industrial Internet of Things is generally divided into four layers, namely perception layer, on-site management layer, network layer and application layer [40]. The following is an analysis of data security issues associated with each layer.

Perception Layer Security Analysis
Sensing nodes are vulnerable to eavesdropping or control. The Industrial IoT sensing nodes are simple in function, low in processing power, and low in energy, unable to achieve complete security protection on their own, and the large number of node groups is not easy to manage and control, and is prone to omissions, which can be used by attackers machine [41][42][43]. Therefore, the communication information of the node is easy to be eavesdropped, and even the node may be controlled, so that the wrong information is sent and the network information is confused. In addition, if the gateway node is eavesdropped or controlled, it will directly cause the network to be paralyzed, and the entire network information will be leaked.
Node camouflage: Due to the fragility of the node and the variability of the network topology, an attacker could analyze a node to obtain its identity and password information, tampers with the hardware and software, and then captures the node, disguised as a legitimate user, can conduct illegal behavior or malicious attacks [44]; These include the monitoring of user information, replacing devices, publishing false information, launching DoS attacks, etc.

On-Site Management Security Analysis
The on-site management mainly refers to the local dispatch management center of the factory, which belongs to the centralized management mode. There is the possibility of data loss due to the failure of individual equipment [45]. When the amount of data information is too large, it will increase the burden on the central server. Industrial IoT data streams are aggregated into a single central control system. With the continuous evolution of low-power wide-area technology (LPWA), industrial IoT devices will grow geometrically in the future, and the cost of centralized services will be difficult to bear. Moreover, lack of security, it is easy to accept false information and make wrong decisions.

Network Layer Security Analysis
Due to the small amount of data transmitted by devices in the Industrial Internet of Things, complex encryption algorithms are generally not used to protect data. As a result, data is stolen, tampered, attacked, illegally accessed to the network during transmission, eavesdropping on the data, and destroying confidentiality and integrity; denial of service attacks, man-in-the-middle attacks, virus intrusion, use of sniffer tools and system vulnerabilities attacks and other attack methods [46][47][48].

Application Layer Security Analysis
The industrial IoT application layer stores a large amount of user data. How to effectively store data to avoid data loss or damage, how to isolate data from multi-tenant applications, how to avoid data services from being blocked, and how to quickly recover data after a failure are all security issues that need to be considered by the application layer.
Data access rights, user authentication: The application layer is a direct layer for interworking with users and provides users with data access rights. Therefore, a sound authentication mechanism and access permission settings to isolate the intrusion of illegal users is the key security point of the IoT application system [49].
User privacy leakage: Privacy issues represent the biggest obstacle in the implementation of the Internet of Things. The Internet of Things is involved with many aspects of a user's life. Once information is leaked, the user's property, information security, and personal privacy can easily be violated [50][51][52]. Ensuring the privacy of information is the primary issue to be solved to promote the development of the Industrial Internet of Things.

Industrial Internet of Things Data Storage Based on Blockchain
Firstly, this paper deploys the blockchain in the factory to illustrate the data storage mechanism of the blockchain system, which is illustrated in Fig. 4 below.
In the industrial IoT smart factory, various types of machines and users form the light nodes of the blockchain system. The management departments of various types of machines make up the full node of the blockchain system. A light chain node and a full node constitute a blockchain system.
The light node only stores the current state data in the blockchain system (the data collected at a certain moment, when the new data is collected, the data saved by the light node also changes). However, light nodes do not participate in the consensus and can transmit and receive data. In the blockchain system, full nodes not only save all data, but also participate in consensus. In addition, smart contracts are also deployed in the blockchain system to associate user information with management departments and machines to improve efficiency.
Data generated by various types of machines are transmitted to P2P networks through IoT devices and sensors. The data is continuously generated. At this time, the light node itself will store the current latest data and transmit the data to the full node. Each full node will verify the uploaded data and collect the data after verification. Then all the full nodes will reach a consensus and reach an agreement to store the data securely. The full node can also control how machine data is shared. User information involves two types of inquiries and orders. When users query information, because smart contracts are deployed in the blockchain network, the corresponding information can be obtained by triggering smart contracts to ensure that sensitive information is not leaked and access control is achieved. When the user has an order task, the user can unlock the smart contract by paying a deposit to the smart contract, and then send the corresponding information to each machine to complete the order task. This system can ensure that all uploaded data is true, stored data is not tampered with, decentralized, and automatically complete user data query and order tasks by deploying smart contracts.

Blockchain Data Storage Mechanism Based on Accumulator
Since the data in the traditional blockchain is stored using the Merkle hash tree, meaning that provide non-member proof cannot be provided. By contrast, the accumulator has the function of providing nonmember proof. Accordingly, this paper proposes to use the accumulator instead of the original Merkel tree in the block to build an accumulator-based blockchain data storage mechanism.  In the improved blockchain in this paper, all full nodes are connected to an accumulator, and full nodes are used for data storage and data verification. The Merkle tree of each block is replaced with an accumulator. All light nodes are not verified, only the current state and data transmission are stored, and the Merkle tree is replaced with an accumulator.
Each block contains a block header and a block body. In addition to replacing the Merkle tree in the block body with an accumulator, this paper also allows each full node in the blockchain network to share an accumulator, but the light node does not. The accumulated value of the accumulator shared by all nodes is the value of all data in the entire blockchain, that is, assuming that the current block is the nth block, the accumulated value is acc X ð Þ, and a new block is added at this time. The accumulator adds the data of the n þ 1th block, and then the accumulated value acc X ð Þ also needs to be changed accordingly. The accumulated value of each block is the accumulated value of the data collected by this block in a certain period of time. The Merkle root hash value in the block header becomes the accumulated value, and an accumulated value 1 is added. This accumulated value is the accumulated value of the accumulator replacing the Merkle tree, and the Merkle tree in the block body becomes the accumulator. The data points n 1 ; n 2 ; . . . ; n m represent the data collected by the nodes over a certain period. At this time, the hash value is not computed in the block body, but the accumulated value is computed, and the obtained accumulated value exists in the block header. The advantage of this approach is that it can reduce storage memory. When the Merkle tree was originally used, the hash value of each layer was stored, and now an accumulated value is stored. In addition, the accumulator can also provide nonmember proof.
The blockchain is jointly maintained by many network nodes. The improved blockchain proposed in this paper comprises an accumulator for each block, while each full node shares an accumulator, and the light node also has an accumulator, but the light node does not share an accumulator. Both accumulated values are stored in the block header, and each block connects with other block by finding the hash value of the block header.
First, the block data is created: A machine generates a set of data, along with a signature unique to the data uploading machine, and then uploads the data to the blockchain network, and other machines do the same. In other words, the data is generated continuously. At this time, all nodes of the blockchain network collect the data uploaded over a period of time to verify the legitimacy of the data source, pass the verification, and arrange the data in a certain order. Each light node only stores the current latest data state.
In the next step, a new block is created: After all the full nodes of the blockchain network have collected the data, a new block is created. At this time, the accumulator in the block generates the accumulated value of the data in the block, and then the accumulator also makes corresponding changes to the newly added data accumulation value, stores both accumulation values in the block header, after which the block header information is combined into a string. A 250 binary number is obtained through the hash functions twice, and the result is then generated. The difficulty value setting is met, if the first few digits are 0, if it is not satisfied, it must recalculate by adjusting the nonce value until it meets. Which is: Once a certain full node in the blockchain network is calculated and the new block is created successfully, then this node will broadcast the successful block message to the entire network and other full nodes will receive the message.
The second element is node verification: When the full node receives the message released by the new block, the full node will verify it. At this time, the verification content comprises two parts: whether the data in the block is included in the accumulated value of the full node, and whether the hash value of the block header is less than the target difficulty. When all the full nodes are verified, a consensus is reached, and all other full nodes on the network agree to this newly generated block.
Finally, after the node verification is complete, the hash value obtained by the block header is connected to the hash value of the previous block header, after which the new block is successfully added to the blockchain.
In this paper, an accumulator is used to replace the Merkle tree in the block and each full node shares an accumulator, which can greatly reduce storage memory and is convenient for member and non-member verification. For example, the RSA accumulator is now used to prove the membership and nonmembership, and the member certificate can be quickly provided directly through the accumulator, that is, For example, to prove that x 1 is in x 1 ; x 2 ; x 3 , use the formula ð Þr x 3 ð Þ mod N , and find that x 1 is a member. When proving non-membership, it is assumed that ð Þ , and the accumulative value acc X ð Þ ¼ g r x 2 ð Þr x 3 ð Þr x 4 ð Þ . Calculate ax 1 þ bx 2 x 3 x 4 ¼ 1, find a and b. Verification check g ar x 1 ð Þ acc X ð Þ b ¼ g 1 , prove that x 1 is a non-member factor. Instead of applying for the first node like Merkle tree, calculate the various hash values involved from the leaf node. If it is a light node verification, it will be necessary to apply to other nodes for additional hash values involved. The process is cumbersome.
In the improved blockchain in this paper, each full node is both a storage node and a verification node, and the light node only stores the current state. When you want to query historical data, you can query it through the accumulator of the full node, and you can also verify whether the data belongs to the originally collected data. If you want to query the specific historical data in a certain period of time, you can query the corresponding data through the block accumulator, whether it is the overall data query or the block data query.

Improved RSA Accumulator Definition
Because the accumulator generally has trapdoors and a single update element, it is difficult to meet the requirements of security and large-scale data addition. Accordingly, this paper improves the accumulator. An improved RSA accumulator is proposed so that the accumulator has no trapdoors and can update elements in batches. For newly added data, use batch to add to the accumulator. For elements to be deleted, use bulk deletes to remove useless data from the accumulator. Let k be a security parameter, and a batch update accumulator with no trapdoor consists of the following algorithms: Setup (1 k ; hÞ: It is setting algorithm that security parameter k and random type h as input and randomly generates t. KeyGen 1 k ; t À Á : It is a probabilistic algorithm that takes security parameters k and t as input and returns the parameter pk, where pk is the public key. AccVal X ; PK ð Þ: It is a probabilistic algorithm for computing accumulated values. It takes the set X ¼ x 1 ; x 2 ; . . . ; x n f gand pk as input, and returns the accumulative value acc X ð Þ and auxiliary information a c that some other algorithms will use. Verify x; W ; acc X ð Þ; pk ð Þ : It is a deterministic algorithm that uses the witness W and pk to check whether the element x belongs to the set X represented by the accumulated value acc X ð Þ. Witness x of W effectively returns Yes, otherwise returns No. AddEle X È ; a c ; acc X ð Þ; pk ð Þ : It is a probabilistic algorithm that adds some new elements in batches. The input value is to add . . . ; x È l È É element set, auxiliary information a c , accumulative value acc X ð Þ and parameter pk. The return value is the accumulative value of acc X [ X È ð Þand the set X [ X È , the witness W È 1 ; W È 2 ; . . . ; W È l È É and the inserted element x È 1 ; x È 2 ; . . . ; x È l È É and auxiliary information a c , a u , which will be used for future update operations.
DelEle X É ; a c ; acc X ð Þ; pk ð Þ : It is a probabilistic algorithm that to delete some elements in batches. The input value is to delete the element set of , auxiliary information a c , accumulative value acc X ð Þ and parameter pk. The return value is the accumulative value of acc X nX É ð Þ corresponding to the set X nX É , and the auxiliary information a c , and a u will be used for future update operation. WitGen a c ; X ; pk ð Þ : It is a probabilistic algorithm that creates a witness for each element in set X , taking auxiliary information a c , set X and parameter pk as inputs. UpdWit W i ; a u ; pk ð Þ : It is a deterministic algorithm that updates witnesses for acc X ð Þ and acc x 0 ð Þ (new set after update) that are still accumulating. The input is W i , the witness to be updated, auxiliary information a c and pk. An updated witness W 0 i is returned, and the witness can prove that x i is still accumulating in the new accumulative value acc X 0 ð Þ.

Improved Accumulator Based on RSA
The non-trapdoor batch update accumulator proposed in this paper is implemented by means of RSA. The program contains eight parts: Setup; KeyGen; AccVal; WitGen; Verify; AddEle; DelEle; UpdWit f g . The scheme eliminates the trusted setting through Setup, introduces the representation of prime numbers, and can map common elements to prime numbers, and the scheme can also be updated in batches. The specific scheme is described in Section 4.4.4.

Specific Scheme
Setup (1 k ; hÞ: It is setting algorithm, and this paper uses no feasible setting. Generate t randomly by h. KeyGen 1 k ; t À Á : Given a security parameter k and a random type t, an appropriate security modulus N is generated, N ¼ pq, where p, q are strong prime numbers, and g 2 QR N is used for exponentiation. Given two general hash functions h x ð Þ, which are used to compute the prime representation, the function h x ð Þ maps the k-bit element to a 3k-bit element. Finally, a pk is returned. AccVal X ; pk ð Þ: Given an element set X ¼ x 1 ; x 2 ; . . . ; x n f g and pk as input. Use h x ð Þ to make the set X ¼ x 1 ; x 2 ; . . . ; x n f g into a3k-bit element fr x 1 ð Þ; r x 2 ð Þ; . . . ; r x n ð Þg, compute: acc X ð Þ ¼ g r x 1 ð Þr x 2 ð Þ...r x n ð Þ mod N, The accumulated value is obtained, and finally the accumulated value acc X ð Þ and auxiliary information a c are output. WitGen a c ; X ; pk ð Þ : Given a c , X and pk. Use h x ð Þ to make the set X ¼ x 1 ; x 2 ; . . . ; x n f ginto a 3k-bit element r x 1 ð Þ; r x 2 ð Þ; . . . ; r x n ð Þ f g , compute: Þ of each element is output. Verify x; W ; acc X ð Þ; pk ð Þ : Given an element x, its witness W , the accumulated value acc X ð Þ and pk, check whether the element x belongs to the set X represented by the accumulated value acc X ð Þ and W x ¼ acc X ð Þ. If yes, return Yes, otherwise return No. AddEle X È ; a c ; acc X ð Þ; pk ð Þ : Given a set of elements as insert, auxiliary information a c ; accumulative value acc X ð Þ and pk, compute: Then output a new accumulated value acc X 0 ð Þ, witness W È i ; x È i ð Þ, and auxiliary information a c , a u . DelEle X É ; a c ; acc X ð Þ; pk ð Þ : Given a set of elements information a c , accumulative value acc X ð Þ and pk, compute: Then output a new accumulated value acc x 0 ð Þ corresponding to the set X nX É and auxiliary information a c , a u .
UpdWit W i ; a u ; pk ð Þ : Given a witness W i , auxiliary information a c and pk, compute

Correctness
The correct property of the accumulator scheme is just to say that if the element x belongs to the accumulation set X , and if the corresponding witnesses W have been computed using WitGen and UpdWit, the verification process should pass. The scheme fSetup, KeyGen, AccVal, WitGen, Verify, AddEle, DelEle, UpdWitg is correct. We say that for all sufficiently large k 2 N , for the pk output by Algorithm SetupðÞ and Algorithm KeyGenðÞ, both AccVal and WitGen algorithms will output the correct accumulated value and witness, and the AddEle and DelEle algorithms will output the new accumulative values and witnesses, all probabilities in k can be negligible.
Proof: First, we show that the Verify algorithm is correct for the accumulator. Let set X ¼ x 1 ; x 2 ; . . . ; x 2 f g , acc X ð Þ is the corresponding accumulated value, and pk is the public key. Where x is considered to be the i-th element of the set, because: therefore Consistency shows that in the accumulator, if the element x is accumulated in the accumulated value, the witness can provide a valid proof for x.
When some elements are added, for the newly added element x È i i ¼ 1; . . . ; l ð Þ , it is easy to verify the correctness in the same way; for the old element x i whose witness W i is updated to W 0 i , the correctness is as follows: For deleting elements, you can verify the correctness in the same way.

Security
The security of the accumulator scheme is illustrated by an experiment in which the adversary plays the role of user and attempts to forge witnesses (i.e., find valid witnesses for elements that do not belong to the set). Such opponents must succeed with a very low probability. If the opponent finds a set of elements X ¼ x 1 ; x 2 ; . . . ; x n f g S, where S is the domain, the element x 0 2 SnX and a witness W 0 can prove that x 0 has accumulated in the accumulated value The possibility is negligible.
The security of the accumulator is based on strong RSA. Given an RSA modulus N and a random element x 2 Z N , this is difficult (i.e., it can be done with neg k ð Þ, which can be negligible in the security parameter k) Say, it can find y > 1, so a y ¼ x mod N .
Let k be the security parameter, h be the double universal hash function, and N be the 3w þ 1 ð Þbit RSA module. Given a set of elements X , a computationally-bounded opponent A, can find a set X 0 with the same accumulated value as X (i.e., acc X 0 ð Þ ¼ acc X ð Þ) is negligible.
Proof: Suppose A can find a set X 0 , which means that A finds other sets À Á , the opponent can now compute the x-th root of g as follows, Since r x j À Á is a prime number, A uses the extended euclidean algorithm to compute a; b 2 Z such that ar þ br x j À Á ¼ 1. Now let y ¼ A a g b , y x ¼ A ar x j ð Þ g br x j ð Þ ¼ g arþbr x j ð Þ ¼ g mod N. Therefore, A can break the strong RSA hypothesis that appears with probability v k ð Þ bit neg k ð Þ is negligible.
Note that in this model, t is chosen honestly, while the opponent can choose t and h by themselves. In fact, a more stringent requirement can be considered, where h is not only known by the opponent, but actually chosen by her. However, in this case, in all subsequent security assumptions, even if the adversary can choose the basic module, they must also assume that these assumptions hold. Unfortunately, no module family has been established under this security assumption.

Conclusion
This paper first analyzes the challenges of industrial IoT data security, then analyzes the blockchain technology, and proposes a blockchain-based industrial IoT data security storage mechanism. The data layer of the blockchain uses a Merkel tree to store data, but the Merkel tree cannot provide proof of nonmembership. Accumulate the advantages of strength, universality and compactness of appliances. It can provide non-member certification, reduce data storage overhead, and better protect privacy. Therefore, this paper builds an accumulator-based blockchain data storage. But the traditional accumulator has trapdoors and cannot batch update elements. Accordingly, to solve the problem of data storage expansion in the blockchain, the concept of an improved RSA accumulator is proposed. It not only has no trapdoor, but also can add and delete elements in batches. Finally, the validity of the proposed scheme is proved by correctness and security.
Funding Statement: This work is supported by the NSFC (61772454, 61772280, 62072249), and by the National Key Research and Development Program of China (2019YFC1511000).

Conflicts of Interest:
The authors declare no conflicts of interest to report regarding the present study.