Towards Decentralized IoT Updates Delivery Leveraging Blockchain and Zero-Knowledge Proofs

TL;DR

CrowdPatching is a blockchain-based decentralized protocol enabling IoT manufacturers to securely delegate software update delivery to self-interested distributors using zero-knowledge proofs, scalable and suitable for constrained devices.

Contribution

The paper introduces CrowdPatching, a novel protocol combining blockchain, smart contracts, and zk-SNARKs for scalable, secure IoT update distribution with support for dynamic distributor addition.

Findings

Supports indefinite scaling of distributors

Enables secure, trust-aware delivery for constrained IoT devices

Provides formal security analysis using Tamarin Prover

Abstract

We propose CrowdPatching, a blockchain-based decentralized protocol, allowing Internet of Things (IoT) manufacturers to delegate the delivery of software updates to self-interested distributors in exchange for cryptocurrency. Manufacturers announce updates by deploying a smart contract (SC), which in turn will issue cryptocurrency payments to any distributor who provides an unforgeable proof-of-delivery. The latter is provided by IoT devices authorizing the SC to issue payment to a distributor when the required conditions are met. These conditions include the requirement for a distributor to generate a zero-knowledge proof, generated with a novel proving system called zk-SNARKs. Compared with related work, CrowdPatching protocol offers three main advantages. First, the number of distributors can scale indefinitely by enabling the addition of new distributors at any time after the initial distribution by manufacturers (i.e., redistribution among the distributor network). The latter is not possible in existing protocols and is not account for. Secondly, we leverage the recent common integration of gateway or Hub in IoT deployments in our protocol to make CrowdPatching feasible even for the more constraint IoT devices. Thirdly, the trustworthiness of distributors is considered in our protocol, rewarding the honest distributors' engagements. We provide both informal and formal security analysis of CrowdPatching using Tamarin Prover.