Title Page
Contents
국문요약 11
1. Background 12
1.1. Introduction 12
1.2. Related work 19
1.2.1. Privacy-preserving IdM system 19
1.2.2. Healthcare system for IoT devices 23
1.3. Contrubutions 26
2. Preliminaries 27
2.1. Shamir secret sharing 27
2.2. Zk-SNARK 28
2.3. Digital signature 29
2.4. ElGamal encryption 30
2.5. Hash function 31
2.6. Commitment scheme 31
2.7. Diffie-Hellman key exchange (DHKE) 31
2.8. Blockchain 32
3. Privacy-preserving IdM system 34
3.1. Main entities 34
3.2. Assumptions 35
3.3. Proposed system 36
3.3.1. Arithmetic circuit 37
3.3.2. SC 41
3.3.3. System description 44
3.4. Security 48
3.4.1. Security requirements 48
3.4.2. Security analysis 49
3.5. Performance evaluation 55
3.5.1. Off-chain simulation 55
3.5.2. On-chain evaluation 59
3.6. Limitations and future works 62
4. Healthcare system for IoT devices 63
4.1. Main entities 63
4.2. Assumptions 64
4.3. Proposed system 65
4.3.1. Arithmetic circuit C 66
4.3.2. SC 67
4.3.3. System description 69
4.4. Security 73
4.4.1. Security requirements 73
4.4.2. Security Analysis 74
4.5. Performance evaluation 80
4.5.1. Off-chain simulation 80
4.5.2. On-chain simulation 82
4.6. Limitations and future works 84
5. Conclusion. 86
References 87
ABSTRACT 92
Table 1. Privacy-preserving IdM systems comparison. 22
Table 2. Healthcare systems comparison. 25
Table 3. Notations in the IdM system. 37
Table 4. Off-chain environment parameters. 55
Table 5. Time complexity of anonymous authentication and SSS shares distribution processes. 57
Table 6. Time complexity of the PIA-opening process. 58
Table 7. Total time complexity of the off-chain simulation. The total number of users is m, z is the number of times the PIA-opening process is... 59
Table 8. On-chain simulation environment parameters. 60
Table 9. SC' s transaction fees. 60
Table 10. Total cost of the on-chain simulation. The number of times the PIA-opening process is implemented is d, the number of times... 61
Table 11. Notations in the healthcare system. 66
Table 12. Time complexity of the off-chain simulation (without zk-SNARK). 81
Table 13. Time complexity of zk-SNARK. 82
Table 14. Transaction hashes and fees. 83
Table 15. Total cost for the HSP and Ui.[이미지참조] 84
Fig. 1. Privacy-preserving IdM system. The ownership is the relation between the PIA and the PS. Only the user and... 13
Fig. 2. Data sharing between IoT devices and physicians. 15
Fig. 3. System overview and the relations of all entities. 35
Fig. 4. Structure of the SC' s Table₂. 41
Fig. 5. PIA-opening structure. (1) After verifying πD of Ui, the SC checks whether Ci is in Table 1, associated with...[이미지참조] 43
Fig. 6. Sequence diagram of Step 1. 44
Fig. 7. Sequence diagram of Step 2. 45
Fig. 8. Sequence diagram of Step 3. 47
Fig. 9. Sequence diagram of Step 4. 48
Fig. 10. Healthcare system model. 64
Fig. 11. The structure of the SC' s Table₁. We call ĥi the proof string identifier because the zk-SNARK' s proof strings in the...[이미지참조] 67
Fig. 12. Flow chart of the healthcare system. 72
Algorithm 1. IdM system' s arithmetic circuit C 38
Algorithm 2. IdM system' s arithmetic circuit D 40
Algorithm 3. IdM system' s SC 42
Algorithm 4. Healthcare system' s arithmetic circuit C 66
Algorithm 5. Healthcare system' s SC 68