{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T15:28:24Z","timestamp":1772724504939,"version":"3.50.1"},"reference-count":51,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2023,3,24]],"date-time":"2023-03-24T00:00:00Z","timestamp":1679616000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072319"],"award-info":[{"award-number":["62072319"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["2023YFQ0022"],"award-info":[{"award-number":["2023YFQ0022"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["2022YFG0041"],"award-info":[{"award-number":["2022YFG0041"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["2022CDLZ-6"],"award-info":[{"award-number":["2022CDLZ-6"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Sichuan Science and Technology Program","award":["62072319"],"award-info":[{"award-number":["62072319"]}]},{"name":"Sichuan Science and Technology Program","award":["2023YFQ0022"],"award-info":[{"award-number":["2023YFQ0022"]}]},{"name":"Sichuan Science and Technology Program","award":["2022YFG0041"],"award-info":[{"award-number":["2022YFG0041"]}]},{"name":"Sichuan Science and Technology Program","award":["2022CDLZ-6"],"award-info":[{"award-number":["2022CDLZ-6"]}]},{"name":"Luzhou Science and Technology Innovation R&D Program","award":["62072319"],"award-info":[{"award-number":["62072319"]}]},{"name":"Luzhou Science and Technology Innovation R&D Program","award":["2023YFQ0022"],"award-info":[{"award-number":["2023YFQ0022"]}]},{"name":"Luzhou Science and Technology Innovation R&D Program","award":["2022YFG0041"],"award-info":[{"award-number":["2022YFG0041"]}]},{"name":"Luzhou Science and Technology Innovation R&D Program","award":["2022CDLZ-6"],"award-info":[{"award-number":["2022CDLZ-6"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"The access control (AC) system in an IoT (Internet of Things) context ensures that only authorized entities have access to specific devices and that the authorization procedure is based on pre-established rules. Recently, blockchain-based AC systems have gained attention within research as a potential solution to the single point of failure issue that centralized architectures may bring. Moreover, zero-knowledge proof (ZKP) technology is included in blockchain-based AC systems to address the issue of sensitive data leaking. However, current solutions have two problems: (1) systems built by these works are not adaptive to high-traffic IoT environments because of low transactions per second (TPS) and high latency; (2) these works cannot fully guarantee that all user behaviors are honest. In this work, we propose a blockchain-based AC system with zero-knowledge rollups to address the aforementioned issues. Our proposed system implements zero-knowledge rollups (ZK-rollups) of access control, where different AC authorization requests can be grouped into the same batch to generate a uniform ZKP, which is designed specifically to guarantee that participants can be trusted. In low-traffic environments, sufficient experiments show that the proposed system has the least AC authorization time cost compared to existing works. In high-traffic environments, we further prove that based on the ZK-rollups optimization, the proposed system can reduce the authorization time overhead by 86%. Furthermore, the security analysis is presented to show the system\u2019s ability to prevent malicious behaviors.<\/jats:p>","DOI":"10.3390\/s23073443","type":"journal-article","created":{"date-parts":[[2023,3,27]],"date-time":"2023-03-27T03:01:14Z","timestamp":1679886074000},"page":"3443","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["An Access Control System Based on Blockchain with Zero-Knowledge Rollups in High-Traffic IoT Environments"],"prefix":"10.3390","volume":"23","author":[{"given":"Xin","family":"Lin","sequence":"first","affiliation":[{"name":"School of Computer Science, Sichuan University, Chengdu 610065, China"}]},{"given":"Yuanyuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science, Sichuan University, Chengdu 610065, China"}]},{"given":"Changhai","family":"Huang","sequence":"additional","affiliation":[{"name":"Sichuan GreatWall Computer System Co., Ltd., Luzhou 646000, China"}]},{"given":"Bin","family":"Xing","sequence":"additional","affiliation":[{"name":"Chongqing Innovation Center of Industrial Big-Data Co., Ltd., Chongqing 400707, China"},{"name":"National Engineering Laboratory for Industrial Big-Data Application Technology, Beijing 100040, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6166-890X","authenticated-orcid":false,"given":"Liangyin","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science, Sichuan University, Chengdu 610065, China"},{"name":"Institute for Industrial Internet Research, Sichuan University, Chengdu 610065, China"}]},{"given":"Dasha","family":"Hu","sequence":"additional","affiliation":[{"name":"School of Computer Science, Sichuan University, Chengdu 610065, China"}]},{"given":"Yanru","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science, Sichuan University, Chengdu 610065, China"}]}],"member":"1968","published-online":{"date-parts":[[2023,3,24]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1109\/JIOT.2014.2337336","article-title":"A vision of IoT: Applications, challenges, and opportunities with china perspective","volume":"1","author":"Chen","year":"2014","journal-title":"IEEE Internet Things J."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"2011","DOI":"10.1109\/COMST.2018.2803740","article-title":"How Can Heterogeneous Internet of Things Build Our Future: A Survey","volume":"20","author":"Qiu","year":"2018","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"103371","DOI":"10.1016\/j.jnca.2022.103371","article-title":"Blockchain for IoT access control: Recent trends and future research directions","volume":"203","author":"Pal","year":"2022","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"2191","DOI":"10.1109\/COMST.2021.3115797","article-title":"A survey of decentralizing applications via blockchain: The 5g and beyond perspective","volume":"23","author":"Yue","year":"2021","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/35.312842","article-title":"Access control: Principle and practice","volume":"32","author":"Sandhu","year":"1994","journal-title":"IEEE Commun. Mag."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Ragothaman, K., Wang, Y., Rimal, B., and Lawrence, M. (2023). Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions. Sensors, 23.","DOI":"10.3390\/s23041805"},{"key":"ref_7","unstructured":"Lindqvist, H. (2006). Mandatory Access Control. [Master\u2019s Thesis, Department of Computing Science, Ume\u00e5 University]."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","article-title":"Role-based access control models","volume":"29","author":"Sandhu","year":"1996","journal-title":"Computer"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Yuan, E., and Tong, J. (2005, January 11\u201315). Attributed based access control (ABAC) for web services. Proceedings of the IEEE International Conference on Web Services (ICWS\u201905), Orlando, FL, USA.","DOI":"10.1109\/ICWS.2005.25"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.1016\/j.mcm.2013.02.006","article-title":"A capability-based security approach to manage access control in the internet of things","volume":"58","author":"Gusmeroli","year":"2013","journal-title":"Math. Comput. Model."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"446","DOI":"10.1109\/JIOT.2016.2566659","article-title":"Distributed and adaptive medium access control for Internet-of-Things-enabled mobile networks","volume":"4","author":"Ye","year":"2016","journal-title":"IEEE Internet Things J."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1184","DOI":"10.1109\/JIOT.2018.2812239","article-title":"Blockchain meets IoT: An architecture for scalable access management in IoT","volume":"5","author":"Novo","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1594","DOI":"10.1109\/JIOT.2018.2847705","article-title":"Smart contract-based access control for the internet of things","volume":"6","author":"Zhang","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"3521","DOI":"10.1109\/TII.2019.2925898","article-title":"On the design of a flexible delegation model for the Internet of Things using blockchain","volume":"16","author":"Pal","year":"2019","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Song, H., Tu, Z., and Qin, Y. (2022). Blockchain-Based Access Control and Behavior Regulation System for IoT. Sensors, 22.","DOI":"10.3390\/s22218339"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Xu, R., Chen, Y., Blasch, E., and Chen, G. (August, January 30). Blendcac: A blockchain-enabled decentralized capability-based access control for IoTs. Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada.","DOI":"10.1109\/Cybermatics_2018.2018.00191"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Nakamura, Y., Zhang, Y., Sasabe, M., and Kasahara, S. (2020). Exploiting smart contracts for capability-based access control in the internet of things. Sensors, 20.","DOI":"10.3390\/s20061793"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Chen, Y., Tao, L., Liang, B., Sun, L., Li, Y., Xing, B., and Chen, L. (2023). Capability-& Blockchain-based Fine-grained and Flexible Access Control Model. IEEE Netw., 1\u20138.","DOI":"10.1109\/MNET.127.2200414"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Li, Q., and Xue, Z. (2020, January 4\u20136). A privacy-protecting authorization system based on blockchain and zk-SNARK. Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies, Guangzhou China.","DOI":"10.1145\/3444370.3444610"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Hu, Q., Dai, Y., Li, S., and Jiang, T. (2022). Enhancing Account Privacy in Blockchain-based IoT Access Control via Zero Knowledge Proof. IEEE Netw., 1\u20137.","DOI":"10.1109\/MNET.126.2200334"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"103577","DOI":"10.1016\/j.jnca.2022.103577","article-title":"Self sovereign and blockchain based access control: Supporting attributes privacy with zero knowledge","volume":"212","author":"Maesa","year":"2023","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_22","unstructured":"Petkus, M. (2019). Why and how zk-snark works. arXiv."},{"key":"ref_23","first-page":"315","article-title":"Succinct Non-interactive Arguments via Linear Interactive Proofs","volume":"Volume 7785","author":"Bitansky","year":"2013","journal-title":"Proceedings of the TCC, 2013"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Lavaur, T., Lacan, J., and Chanel, C.P. (2022). Enabling Blockchain Services for IoE with Zk-Rollups. Sensors, 22.","DOI":"10.20944\/preprints202208.0023.v1"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"4682","DOI":"10.1109\/JIOT.2020.2969326","article-title":"A survey on access control in the age of internet of things","volume":"7","author":"Qiu","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_26","first-page":"1","article-title":"Centralized, distributed, and everything in between: Reviewing access control solutions for the IoT","volume":"54","author":"Laurent","year":"2021","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_27","unstructured":"Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Decentralized Bus. Rev., 21260. Available online: https:\/\/bitcoin.org\/bitcoin.pdf."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"2084","DOI":"10.1109\/TSE.2019.2942301","article-title":"Smart contract development: Challenges and opportunities","volume":"47","author":"Zou","year":"2019","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"227945","DOI":"10.1109\/ACCESS.2020.3046025","article-title":"Non-interactive zero-knowledge for blockchain: A survey","volume":"8","author":"Partala","year":"2020","journal-title":"IEEE Access"},{"key":"ref_30","unstructured":"Goldwasser, S., Micali, S., and Rackoff, C. (2019). Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, Association for Computing Machinery."},{"key":"ref_31","unstructured":"Sguanci, C., Spatafora, R., and Vergani, A.M. (2021). Layer 2 blockchain scaling: A survey. arXiv."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Dannen, C. (2017). Introducing Ethereum and Solidity, Apress.","DOI":"10.1007\/978-1-4842-2535-6"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Dedeoglu, V., Jurdak, R., Dorri, A., Lunardi, R., Michelin, R., Zorzo, A., and Kanhere, S. (2020). Advanced Applications of Blockchain Technology, Springer.","DOI":"10.1007\/978-981-13-8775-3_3"},{"key":"ref_34","unstructured":"Sasson, E.B., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., and Virza, M. (2014, January 18\u201321). Zerocash: Decentralized anonymous payments from bitcoin. Proceedings of the 2014 IEEE Symposium on Security and Privacy, Berkeley, CA, USA."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Reid, F., and Harrigan, M. (2013). An Analysis of Anonymity in the Bitcoin System, Springer.","DOI":"10.1007\/978-1-4614-4139-7_10"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Barber, S., Boyen, X., Shi, E., and Uzun, E. (March, January 27). Bitter to better\u2014How to make bitcoin a better currency. Proceedings of the Financial Cryptography and Data Security: 16th International Conference, FC 2012, Kralendijk, Bonaire. Revised Selected Papers 16.","DOI":"10.1007\/978-3-642-32946-3_29"},{"key":"ref_37","unstructured":"Soni, D., and Makwana, A. (2017, January 6\u20138). A survey on mqtt: A protocol of internet of things (IoT). Proceedings of the International Conference on Telecommunication, Power Analysis and Computing Techniques (ICTPACT-2017), Chennai, India."},{"key":"ref_38","unstructured":"Fovino, I.N., Carcano, A., Masera, M., and Trombetta, A. (2009, January 23\u201325). Design and implementation of a secure modbus protocol. Proceedings of the Critical Infrastructure Protection III: Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, NH, USA. Revised Selected Papers 3."},{"key":"ref_39","first-page":"541","article-title":"Merkle tree traversal in log space and time","volume":"Volume 3027","author":"Szydlo","year":"2004","journal-title":"Proceedings of the Eurocrypt"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Yin, X., He, J., Guo, Y., Han, D., Li, K.C., and Castiglione, A. (2020). An efficient two-factor authentication scheme based on the Merkle tree. Sensors, 20.","DOI":"10.3390\/s20205735"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"MacKenzie, P., Patel, S., and Swaminathan, R. (2000, January 3\u20137). Password-authenticated key exchange based on RSA. Proceedings of the Advances in Cryptology\u2014ASIACRYPT 2000: 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan.","DOI":"10.1007\/3-540-44448-3_46"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"10-es","DOI":"10.1145\/1266977.1266979","article-title":"Provably secure authenticated group Diffie-Hellman key exchange","volume":"10","author":"Bresson","year":"2007","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"ref_43","unstructured":"Haakegaard, R., and Lang, J. (2023, February 27). The Elliptic Curve Diffie-Hellman (ECDH). Available online: https:\/\/koclab.cs.ucsb.edu\/teaching\/ecc\/project\/2015Projects\/Haakegaard+Lang.pdf."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Enyeart, D., Ferris, C., Laventman, G., and Manevich, Y. (2018, January 23\u201326). Hyperledger fabric: A distributed operating system for permissioned blockchains. Proceedings of the Thirteenth EuroSys Conference, Porto, Portugal.","DOI":"10.1145\/3190508.3190538"},{"key":"ref_45","unstructured":"Botrel, G., Piellard, T., Housni, Y.E., Kubjas, I., and Tabaie, A. (2023, February 27). ConsenSys\/Gnark: V0.6.4. Available online: https:\/\/zenodo.org\/record\/6093969#.ZBqKWxVBy3A."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Albrecht, M., Grassi, L., Rechberger, C., Roy, A., and Tiessen, T. (2016, January 4\u20138). MiMC: Efficient encryption and cryptographic hashing with minimal multiplicative complexity. Proceedings of the Advances in Cryptology\u2013ASIACRYPT 2016: 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam.","DOI":"10.1007\/978-3-662-53887-6_7"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Mallouli, F., Hellal, A., Saeed, N.S., and Alzahrani, F.A. (2019, January 21\u201323). A survey on cryptography: Comparative study between RSA vs. ECC algorithms, and RSA vs. El-Gamal algorithms. Proceedings of the 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)\/2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), Paris, France.","DOI":"10.1109\/CSCloud\/EdgeCom.2019.00022"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1080\/09720529.2019.1681673","article-title":"Bitcoin security with a twisted Edwards curve","volume":"25","author":"Semmouni","year":"2022","journal-title":"J. Discret. Math. Sci. Cryptogr."},{"key":"ref_49","unstructured":"AVISPA (2023, March 10). Automated Validation of Internet Security Protocols and Applications. Available online: https:\/\/www.avispa-project.org\/."},{"key":"ref_50","unstructured":"Cervesato, I. (2001, January 16\u201319). The Dolev-Yao intruder is the most powerful attacker. Proceedings of the 16th Annual Symposium on Logic in Computer Science\u2014LICS, Washington, DC, USA."},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"8269","DOI":"10.1109\/JIOT.2022.3154039","article-title":"A survey on attribute-based encryption schemes suitable for the internet of things","volume":"9","author":"Rasori","year":"2022","journal-title":"IEEE Internet Things J."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/7\/3443\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T19:02:46Z","timestamp":1760122966000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/7\/3443"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,24]]},"references-count":51,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2023,4]]}},"alternative-id":["s23073443"],"URL":"https:\/\/doi.org\/10.3390\/s23073443","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,24]]}}}