Blockchain-based Infrastructure for Proof of Existence in eGovernment Alessandro Vizzarria a Radiolabs, Consorzio Università Industria, Laboratori di Radiocomunicazioni, Rome, Italy Abstract The explosion of the digital technologies is affecting several and different sectors. In this scenario the public sector has a crucial role. The eGovernment (eGov) sector has to adopt the necessary methodologies and technologies in order to enable the digital applications for the own clients, namely the citizens. A powerful data sharing together with the data integrity and the temporal traceability is strongly recommended in the public sector. This concept is an important key factor for the transparency between citizens and the public entities. In this direction the Proof of Existence (PoE) gives the possibility to certify the ownership of a specific document. The paper analyzes the different architectures for the information systems used in typical public scenarios. Peer-to-peer architectures as Bitcoin blockchains also analyzed in order to evaluate their contribution for a transparent PoE in a public context. The final conclusions remark the importance of the data integrity verification and the temporal traceability enabled by the bitcoin blockchain. Keywords Blockchain, eGovernament, Proof of Existence 1. Introduction between citizens and the public entities. In this direc- tion the Proof of Existence (PoE) gives the possibility The explosion of the digital technologies is affecting to certify the ownership of a specific document. The several and different sectors: eHealth [1, 2], automo- paper presents how the bitcoin distributed architec- tive [3] or energy [4, 5, 6] are the first examples of ture is useful for the PoE in a public context. The sec- how digital applications will create an important digi- tion 2 illustrates the traditional approach for informa- tal ecosystem. To provide connectivity to persons and tion systems and the different architectures used for to smart objects worldwide, some telecommunication eGov. The section 3 describes the bitcoin blockchain architectures have been proposed in the literature, in- technology. The section 4 analyzes a possible imple- cluding fixed access and ultra-dense wireless networks mentation of a blockchain-based information system and satellite [7, 8]. Moreover the introduction of new for eGov applications. In the section 5 final conclu- technologies and electronic devices characterized by sions are evidenced. an increasingly computational power is favoring dig- italization in several fields [9, 10, 11, 12, 13, 14, 15, 16, 17]. 2. Traditional Approach One of the most challenging applications is the pub- lic sector, whose scenario has a crucial role. The eGov- In the eGov context, the interaction between citizens ernment (eGov) sector has to adopt the necessary me- and public entities takes place in different ways de- thodologies and technologies in order to enable the pending on the information systems and architectures digital applications for the own clients, namely the cit- that are used. By the first proprietary information sys- izens [18]. This digitalization process forces the public tems we moved to the cloud-based information follow- entities to guarantee the integrity of the digital data ing different paradigms, as Service as a Service (SaaS), exchanged not only with the citizens but also with o- Platform as a Service (PaaS), Infrastructure as a Service ther public entities. A powerful data sharing together (IaaS). All these information systems can be based on with the data integrity and the temporal traceability is different architectures: centralized, decentralized and strongly recommended in the public sector. This con- distributed scheme [19]. All of them present issues re- cept is an important key factor for the transparency garding security and data management. In particular, in case of a document transmission procedure or dig- SYSTEM 2020: Symposium for Young Scientists in Technology, ital payments, the necessity for guaranteeing data in- Engineering and Mathematics, Online, May 20 2020 tegrity is very important [20]. " alessandro.vizzarri@radiolabs.it (A. Vizzarri)  © 2020 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings http://ceur-ws.org ISSN 1613-0073 CEUR Workshop Proceedings (CEUR-WS.org) Figure 1: Centralized Information System Figure 2: Decentralized Information System 2.1. Centralized Information System 2.2. Decentralized Information System In a centralized information system, each client can The figure 2 depicts a decentralized information sys- interface with a single server for a given service [21]. tem [22]. The server 2 and server 3 are linked among As shown in Figure 1, if the citizen A needs to bene- theme and they interact with the citizen B. The citizen fit from the services of the municipality will be con- A instead interacts with the server 1 because he has a nected to the dedicated server (server 1). If the citizen municipality active session. A needs for interaction with Tax Register (server 2) or Server 2 and server 3 interact with each other but Land Register (server 3), he has to open other sessions not with the server 1. They cannot share the data stored on different server (e.g. server 2 and server 3). In this on the server 1. We have only a partial sharing of infor- system, the citizen A may prove the PoE only to the mation: from/to server 2 to/from server 3. The secu- server 1 within the same session. In order to submit rity management can regard the server 2 and server 3. the PoE to the server 2 and to server 3, the citizen A Server 1 can follow other policies or trusted third party needs to: certifications. The data repository is centralized for each data type or service. Security policies are man- • connect to them aged by a trusted third party. Since not all the servers are linked among them, the data sharing is quite dif- • open other sessions ficult and it can be affected by errors. Data integrity • transfer the signed document should be guaranteed by a trusted third party. In a sys- tem of this type, the citizen A is in the same situation Security vulnerabilities can occur. The citizen B in- described in the previous section. Citizen A may prove stead can forward the PoE to the server 2 or to the PoE only to the server with an active session. In case server 3 server thanks to the active sessions. Anyway, of PoE submission to the server 2 and server 3, citizen the citizen B cannot forward the PoE to the server 1. A needs to connect to them, to open other sessions To do it, the citizen B has to open other session on the and transfer the signed document. The citizen B can server 1. The data repository is centralized for each instead submit the PoE to the server 2 or to the server data type or service. Security policies are managed 3 thanks to the active session on server 2. Anyway, he by a trusted third party. Since not all the servers are cannot forward it to the server 1. In order to do it citi- linked among them, the data sharing is quite difficult zen B has to open a new session on it. In this scenario and it can be affected by errors. Data integrity should the same issues of the previous scenario are identified: be guaranteed by a trusted third party. In this scenario PoE corruption, digital identity theft and alteration of several issues can be identified. The PoE can be altered e-mail notification. by the citizens and the public entities. In fact, times- tamp or the document can be modified. The digital 2.3. Distributed Information System identity of the citizen A can be stolen or sniffed. The e-mail notifications can be also corrupted. In a distributed information system (Figure 3), all ser- vers are interconnected among them. The data shar- ing is allowed on the basis of appropriate policies. The 37 Figure 3: Distribuited Information System Figure 4: Blockchain Scheme client nodes can connect to one of the network servers. • Ledger: is a verifiable transactional database. Ev- As shown in the figure 3, the citizen A may access the ery peer can download locally the ledger and services of the municipality through the server 1. If the then hold it on a local device. citizen A needs to access the other servers, the server 1 can manage the interconnections with them. The All the user nodes communicate in term of trans- citizen B is in the same situation of the citizen A. Af- actions exchanged among them. The technology uses ter accessing the server 3, he can be redirected to the ECDSA cryptography curve to authenticate and iden- server 2 or server 1 for other services. tify the nodes. Moreover, it allows the nodes to se- All the servers can interact among them. This en- curely manage and add transactions to the ledger. The ables the data sharing. Security vulnerabilities can also transactions are verified and confirmed by dedicated occur in this scenario. The PoE can be altered by the nodes (mining nodes). This implies there is no need citizens and the public entities. In fact, timestamp or for a central authority [25]. the document can be modified. Data integrity should be guaranteed by a trusted third party. The PoE can be 3.1. Wallet altered by the citizens and the public entities. In fact, When a peer wants to connect to the bitcoin blockchain, timestamp or the document can be modified. There is it has to download a dedicated software tool. This gen- any possibility to prove the temporality of the actions erates a couple of keys, a private and a public key lo- of the data. cally, which are to be used for transactions. • Private key: 256-bit hexadecimal number 3. Blockchain-based approach • Public key: 130-bit hexadecimal number An alternative distributed architecture for information system can adopt a peer-to-peer scheme. All the nodes • Bitcoin address: 160-bit hash of the public por- can represent either client either server (Figure 4). This tion of a public/private ECDSA keypair scenario is well modelled by the bitcoin blockchain. It refers to a “Public Distributed Verifiable Cryptographic • Amount of bitcoin to spend Ledger” [23] [24]. These important properties are de- fined as follows: 3.2. Transactions • Public: All participants gain the access to “read” In Bitcoin blockchain a transaction is a transfer of a kind of asset between the nodes. Assets can be cryp- • Distributed: Data Communication is Peer-to-Pe- tocurrencies as bitcoin or other non-monetary entities. er and Fully Decentralized Thus, is a node wants to transfer an asset to another node, a transaction has to be performed. Main param- • Asymmetric Cryptography: Public and Private eters related to transactions are listed in the Table I. Keys used for digitally signing the transactions Two transaction hashes are present as references to 38 Size Field Description [Bytes] 32 Transaction Pointer to the transac- Hash tion containing the Un- spent Transaction Out- put (UTXO) to be spent 4 Transaction The index number of Hash the UTXO to be spent; first one is 0. 1-9 Unlocking- Unlocking-Script (VarInt) Script Size length in bytes. Variable Unlocking- A script that fulfills Script the conditions of the UTXO locking script. Figure 6: Information stored in the block 4 Sequence Currently disabled Tx- Number replacement feature, set to 0xFFFFFFFF. a) Version Table 1 b) Hash of previous block (chain) c) Merkle root hash of block d) Timestamp e) Bits number f) Nonce number 2. The sequences of signed and verified transac- tions 3. Transaction ID 4. Destination Bitcoin Address 5. Vout: flag value for enabling (1) or disabling (0) bitcoin spending 6. Amount of bitcon to spend. It is expresses in Satoshi units (0.00000001 Bitcoin = 1 satoshi) 7. Number of confirmations needed for validating the block 8. Number and list of transactions Figure 5: Example of Bitcoin Transactions 3.4. Merkle root the Unspent Transaction Output (UTXO). The unlock- In the bitcoin blockchain, each block of data is linked ing script is a dedicated script containing the condi- to the successive with specific criteria based on trans- tions enabling the transactions between the nodes. Fi- action hashing. When a block is validated and another nally, a sequence number is present. It is a number block needs for validation, a Merkle Tree cryptogra- used for updating unconfirmed time-locked transac- phy scheme is adopted (Figure 7). In fact, transactions tions before their finalization. It is currently disabled. ID are hashed through a double SHA (256) algorithm, Figure 5 shows an example of bitcoin transactions. as shown in Figure 7. The result of this double hash is put into the block 3.3. Block Information header as TX_root record. Prev_Hash record in the current block header is the result of the previous block All transactions are included in blocks. Each block hashing using SHA (256) algorithm. contains information of several transactions made by This mechanism for chaining the data blocks gives the nodes belonging to the blockchain. These informa- the possibility to trace all the transactions between the tion are globally published and distributed. As shown nodes in terms of how, from-to and when an amount in the Figure 6, they mainly refer to: of bitcoin was spent. 1. Block Header, with: 39 Figure 7: Merkle Root in the Bitcoin blockchain Figure 8: The Bitcoin blockchain-based approach for eGov 3.5. Proof of work applications When a set of transactions is put into a block, this data block has to be validated by the miner nodes. The proof of work is a set of data to hardly produce for some nodes and easily for other ones. Bitcoin blockchain adopts the hashcash proof of wo- rk based on a partial hash inversion. A miner node must complete the proof of work requested by a spe- cific block. The difficulty of this work is runtime ad- justed in order to respect the maximum temporal in- terval of 10 minutes for the generation of a new block. Figure 9: Workflow comparison for the two different PoE A block is validated if its hash result is less than a approaches. Leftmost (a) the traditional approach. Right- most (b) the blockchain-based approach target value. After a block validation, a miner node receives a reward (e.g. in bitcoin) for the completed work. for the security certification is not necessary anymore. Citizens and public entities have the same permissions 4. PoE in eGovernment (Figure 8). In this context Municipality is the Peer 1, the Tax Register is the peer 2, the Land Register is the Applications Peer 3, the Parking Center is the Peer 4, Citizen A is Some strategies for securing data in applications con- the Peer 5 and the Citizen B is the Peer 6. They can cerning smart objects have been proposed in the liter- manage and share the data among them through the ature [26], [27]. Nevertheless, the bitcoin blockchain, blockchain. with its decentralized structure, can be very useful in The data exchange in the bitcoin blockchain is en- the eGov scenario. The possibility of the nodes to com- abled by a specific record of a transaction called OP_ municate in a peer-to-peer modality is positive from a RETURN [28]. It a valid opcode used in a bitcoin not social participation point of view. Citizen and public spendable transaction, which allows the insertion of a entities are nodes of the same blockchain. They can data stream with a maximum length of 80 Bytes. In read, write and share the same data included into the this way the citizens can share the hashes of docu- blocks. This approach can increase the citizen’s trust ments (e.g. SHA (256)) through the OP_RETURN op- in public authorities. The need for transparency by code. The peers hold a local copy of the bitcoin ledger the citizens is an important enabler for a blockchain- containing all transactions among all the nodes be- based infrastructure. In the previous eGov infrastruc- longing to the blockchain. Finally, the peers manage ture it is not possible by the citizens or public enti- the same wallet as defined in Section 3. ties to assure the Proof-of-Work of a document and to guarantee the data integrity without the involvement 4.1. Processes of a trusted third party. In any case this cannot ex- In figure 9 the two different approaches are shown: the clude the risk of data corruption of modification. In traditional and the blockchain-based. a peer-to-peer scheme as that provided by the bitcoin The traditional approach expects the document send- blockchain, the involvement of a trusted third party 40 on a pair of keys (public key and private key). The previous network architectures manage services and data with the involvement of a trusted third party for the security certification. The blockchain scheme does not need it. All the nodes participate to the blockchain and guarantee themselves. They can share data with anonymity. The Bitcoin Address is used for authenti- cation and 2-factor authorization. The other network architectures use a User ID (UID) and a Password (PWD). They can be affected by a temporary server unavail- ability with negative effects on services and data ex- changed. Adopting a peer-to-peer scheme, a blockchain ar- Figure 10: Block example. chitecture can guarantee the connection of at least one server. Anyway, each node holds locally a copy of the ledger containing all transaction information. Finally, ing to a specific server. The control of data integrity the most important aspect is related to the data in- can be separately performed by the citizen and pub- tegrity and to the temporal data traceability. All times- lic entities control on own devices. Each of them can tamp stored in the blocks are linked among them. It is verify a data integrity that can be different from the quite impossible to modify or corrupt a particular data other. With the blockchain-based approach, the cit- block because an attacker should resolve all hashes of izen A can access the server 1 for municipality ser- all the data blocks belonging to the bitcoin blockchain. vices. He can compute the document hash and store it into the OP_RETURN record of an unspendable bit- coin transaction. The same situation is for the citizen 5. Conclusion B. Once the not spendable transaction is confirmed, the document is officially certified and demonstrated The necessity for guaranteeing the integrity of data to exist before the time the transaction was confirmed. and consequentially the PoE is an important topic for In this way the other peers (server 2 and server 3) from the eGov environment. This enable a major transpa- public entities can verify the PoE. Within the bitcoin rency and trust in the public entities by the citizens. blockchain, they can search for the following informa- Since the public entities will become more digitalized tion: in the next years, the information systems have to base on reliable network infrastructures. This paper ana- • Bitcoin Address of citizen A lyzed different preferred information configurations: • Transaction ID (TxID) centralized, decentralized and distributed. All of them can be affected by the risk of the data corruption. The • Block height PoE becomes crucial to certify by citizens or public entities. A blockchain-based system can be used for 4.2. Block information PoE guaranteeing thanks to its peer-to-peer scheme. Citizens and public entities can exchange hashed data The corresponding block is shown in Figure 10. We stored in an option bitcoin record, the OP_RETURN. In suppose it as the successive block of block listed in this way the data integrity can be verified comparing Figure 4. Not only data in the present block header the exchanged hashes. Moreover, the temporal trace- are different from the previous one, but also those in ability is also made possible due to the linked times- the block body. Being a not spendable transaction, the tamps stored in the block headers. Next works will corresponding amount is equal to 0.0 Satoshi. Hashes be focused on an experimental implementation and on are put into the OP_RETURN of an unspendable trans- innovative hashing algorithms for data integrity guar- action. They are included in the block. anteeing. 4.3. Final Comparison Table II presents a final comparison among the pre- vious scheme for certifying a PoE. All network con- figurations adopt an asymmetric cryptography based 41 Table 2 Comparison References Access 7 (2019) 186340–186351. [10] C. Napoli, G. Pappalardo, E. Tramontana, R. K. [1] M. Asif-Ur-Rahman, et al., Toward a heteroge- Nowicki, J. T. Starczewski, M. Woźniak, Toward neous mist, fog, and cloud-based framework for work groups classification based on probabilistic the internet of healthcare things, IEEE Internet neural network approach, in: International Con- of Things Journal 6 (2019) 4049–4062. ference on Artificial Intelligence and Soft Com- [2] P. Ferroni, F. Zanzotto, N. Scarpato, A. Spila, puting, Springer, 2015, pp. 79–89. L. Fofi, G. Egeo, A. Rullo, R. Palmirotta, P. Bar- [11] M. Wózniak, D. Połap, R. K. Nowicki, C. Napoli, banti, F. Guadagni, Machine learning approach G. Pappalardo, E. Tramontana, Novel approach to predict medication overuse in migraine pa- toward medical signals classifier, in: 2015 Inter- tients, Computational and Structural Biotechnol- national Joint Conference on Neural Networks ogy Journal 18 (2020) 1487. (IJCNN), IEEE, 2015, pp. 1–7. [3] I. Benedetti, R. Giuliano, C. Lodovisi, [12] D. Połap, M. Woźniak, C. Napoli, E. Tramontana, F. Mazzenga, 5g wireless dense access net- Real-time cloud-based game management sys- work for automotive applications: Opportunities tem via cuckoo search algorithm, International and costs, 2017 International Conference Journal of Electronics and Telecommunications of Electrical and Electronic Technologies for 61 (2015) 333–338. Automotive, Torino (2017) 1–6. [13] G. Capizzi, C. Napoli, L. Paternò, An innovative [4] D. Bracci, S. Elia, A. Ruvio, A study on a high- hybrid neuro-wavelet method for reconstruction reliability electromechanical undervoltage relay of missing data in astronomical photometric sur- immersed in natural ester oil: application in mu- veys, Lecture Notes in Computer Science (includ- tual aid system for gensets using, Proceedings ing subseries Lecture Notes in Artificial Intelli- IEEE International Conference on Dielectric Liq- gence and Lecture Notes in Bioinformatics) 7267 uids ICDL 2019, Roma Italy, (Jun. 2019). LNAI (2012) 21–29. [5] G. Iazeolla, A. Pieroni, A power management of [14] G. Capizzi, G. Sciuto, C. Napoli, E. Tramontana, server farms, Applied Mechanics and Materials A multithread nested neural network architec- 492 (2014) 453–459. ture to model surface plasmon polaritons prop- [6] C. Boccaletti, S. Elia, M. Salas, M. Pasquali, High agation, Micromachines 7 (2016). reliability storage systems for genset cranking, [15] M. Matta, G. Cardarilli, L. Di Nunzio, R. Fazzo- Journal of Energy Storage 29 (June 2020). lari, D. Giardino, A. Nannarelli, M. Re, S. Spanò, [7] B. Jou, et al., Architecture options for satellite in- A reinforcement learning-based qam/psk sym- tegration into 5g networks, 2018 European Con- bol synchronizer, IEEE Access 7 (2019) 124147– ference on Networks and Communications (Eu- 124157. CNC), Ljubljana, Slovenia (2018) 398–399. [16] G. Capizzi, S. Coco, G. Sciuto, C. Napoli, A new it- [8] F. Mazzenga, R. Giuliano, F. Vatalaro, Fttc-based erative fir filter design approach using a gaussian fronthaul for 5g dense/ultra-dense access net- approximation, IEEE Signal Processing Letters 25 work: Performance and costs in realistic scenar- (2018) 1615–1619. ios, Future Internet 9 (2017) 71. [17] M. Matta, G. Cardarilli, L. Di Nunzio, R. Fazzolari, [9] S. Spanò, G. Cardarilli, L. Di Nunzio, R. Fazzolari, D. Giardino, M. Re, F. Silvestri, S. Spanò, Q-rts: D. Giardino, M. Matta, A. Nannarelli, M. Re, An A real-time swarm intelligence based on multi- efficient hardware implementation of reinforce- agent q-learning, Electronics Letters 55 (2019) ment learning: The q-learning algorithm, IEEE 589–591. 42 [18] M. Themistocleous, Developing e-government [24] S. Lim, P. Fotsing, A. Almasri, O. Musa, M. Kiah, integrated infrastructures: A case study, in Proc. T. Ang, R. Ismail, K. Ku-Mahamud, M. Omar, of the 38th Annual Hawaii International Con- N. Abu Bakar, I. Muraina, Awareness, trust, ference on System Sciences, Hawaii, USA (2005) and adoption of blockchain technology and cryp- 228–234. tocurrency among blockchain communities in [19] M. Åke Hugoson, Centralized versus decentral- malaysia, International Journal on Advanced Sci- ized information systems, in Hystory of Nordic ence, Engineering and Information Technology 9 Computing 2, vol. 3, Berlin Heidelberg: Springer (2019) 1217–1222. (2009) 106–115. [25] J. Bohr, Who uses bitcoin? an exploration of the [20] S. Lim, P. Fotsing, A. Almasri, O. Musa, M. Kiah, bitcoin community, in Proc. 2014 Twelfth An- T. Ang, R. Ismail, Blockchain technology the nual International Conference on Privacy, Secu- identity management and authentication service rity and Trust (PST), Toronto, Canada (2014) 94– disruptor: A survey, International Journal on 101. Advanced Science, Engineering and Information [26] J. Dazine, M. A., L. Hassouni, Internet of things Technology 8 (2018) 1735–1745. security, IEEE International Conference on Tech- [21] B. Allen, A. Boynton, Information architec- nology Management, Operations and Decisions ture, In: Search of Efficient Flexibility (MIS Quar- (ICTMOD), Marrakech, Morocco (2018) 137–141. terly/December 1991). [27] R. Giuliano, F. Mazzenga, A. Neri, A. Vegni, Se- [22] C. Bacon, Organizational principles of systems curity access protocols in iot networks with het- decentralization, Journal of Information Tech- erogenous non-ip terminals, IEEE Int. Conf. on nology 5 (1990). Distributed Computing in Sensor Systems (IEEE [23] R. Fergal, An analysis of anonymity in the bit- DCOSS 2014) in Int. Works. Internet of Things coin system, in Proc. 2011 IEEE Third Inter- – Ideas and Perspectives (IoTIP-14), Marina Del national Conference on Privacy, Security, Risk Rey, CA, USA, May (2014) 257–262. and Trust (PASSAT) and 2011 IEEE Third Inerna- [28] M. D. Sleiman, Bitcoin message: Data insertion tional Conference on Social Computing (Social- on a proof-of-work cryptocurrency system, in Com), Boston, USA (2011) 1318–1326. Proc. Of 2015 International Conference on Cy- berworlds (CW), Visby, Sweden (2015) 332–336. 43