Volume 16 , Issue 2 , PP: 168-186, 2025 | Cite this article as | XML | Html | PDF | Full Length Article
Khalid Maidine 1 * , Ahmed El-Yahyaoui 2 , Salima Trichni 3
Doi: https://doi.org/10.54216/JCIM.160212
Traditional identity management systems are vulnerable to critical issues, such as privacy breaches and single points of failure, which compromise the security and integrity of user information. These centralized models require the disclosure of sensitive data to third parties, exposing users to heightened risks. To address these challenges and the emerging threat of quantum computing, this paper proposes a novel blockchain-based identity management architecture that employs blockchain’s decentralized, immutable ledger to eliminate centralized vulnerabilities, while zk-STARKs enable quantum-resistant, privacy-preserving identity verification without revealing sensitive information.The Framework integrate also InterPlanetary File System protocol for storing users data. This architecture establishes a user-centric, decentralized model that is resilient to both classical and quantum threats, and enhances privacy.
Blockchain Technology , ZK-STARK , IPFS , Identity Management , Quantum Computing , Smart Contract
[1] Eli ben-sasson et al. scalable, transparent, and post-quantum secure computational integrity. Tech. rep. 046. 2018, 2018.
[2] ATT Data Breach: Nearly ALL Customers Have Phone Records Stolen. https://news. trendmicro.com/2024/07/15/att-data-breach-110-million/, 2024. [Online; accessed 24-Octobre-2024].
[3] FBCS Breach Exposes Millions, Comcast and Truist Bank Affected. https://socradar.io/ fbcs-breach-exposes-millions-comcast-and-truist-bank/, 2024. [Online; accessed 24-Octobre-2024].
[4] Lawrence Abrams. Trello API abused to link email addresses to 15 million accounts. https://www.bleepingcomputer.com/news/security/trello-api-abused-to-link-email-addresses-to-15-million accounts/, ]2024. [Online; accessed 24-Octobre-2024.
[5] Md. Rayhan Ahmed, A. K. M. Muzahidul Islam, Swakkhar Shatabda, and Salekul Islam. Blockchain-based identity management system and self-sovereign identity ecosystem: A com- prehensive survey. IEEE Access, 10:113436–113481, 2022.
[6] R. Anusuya, D. Karthika Renuka, S. Ghanasiyaa, K. Harshini, K. Mounika, and K. S. Naveena. Privacy-Preserving Blockchain-Based EHR Using ZK-Snarks, page 109–123. Springer Interna- tional Publishing, 2022.
[7] Mauricio Barros, Frederico Schardong, and Ricardo Cust´odio. Leveraging self-sovereign identity, blockchain, and zero-knowledge proof to build a privacy-preserving vaccination pass, 02 2022.
[8] Insaf Boumezbeur, Karim Zarour, Dounia Keddari, Farah Boutouatou, Yasser Nassim Benzagouta, Imane Harkat, and Seghiri Meriem. Secure ehr sharing using blockchain and ipfs. 42:1–14, 07 2024.
[9] Sopan Deb. Ticketmaster Confirms Data Breach. Here’s What to Know. https://www. nytimes.com/2024/05/31/business/ticketmaster-hack-data-breach. html, 2024. [Online; accessed 24-Octobre-2024].
[10] Shalini Dhar, Ashish Khare, Ashutosh Dhar Dwivedi, and Rajani Singh. Securing iot devices: A novel approach using blockchain and quantum cryptography. Internet of Things, 25:101019, 2024.
[11] Mohammed El-hajj and Bjorn Roelink. Evaluating the efficiency of zk-snark, zk-stark, and bullet- proof in real-world scenarios: A benchmark study. Information, 15:463, 08 2024.
[12] Desmond Kong Ze Fong, Vinesha Selvarajah, and M.S. Nabi. Secure server storage based ipfs through multi-authentication. In 2022 International Conference on Advancements in Smart, Secure and Intelligent Computing (ASSIC), pages 1–7, 2022.
[13] Rishabh Garg. Blockchain Ecosystem, pages 23–42. 2023.
[14] Giancarlo Giuffra. A summary of scalable, transparent, and post-quantum secure computational integrity, 08 2019.
[15] Yinjie Gong, Yifei Jin, Yuchan Li, Ziyi Liu, and Zhiyi Zhu. Analysis and comparison of the main zero-knowledge proof scheme. In 2022 International Conference on Big Data, Information and Computer Network (BDICN), page 366–372. IEEE, January 2022.
[16] Jennifer Gregory. National Public Data breach publishes private data of 2.9B US citizens. https://securityintelligence.com/news/ national-public-data-breach-publishes-private-data-billions-us-citizens/,
2024. [Online; accessed 24-Octobre-2024].
[17] Bo Jiang, Ye Liu, and W.K. Chan. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 259–269, 2018.
[18] Jong-Hyouk Lee. Bidaas: Blockchain based id as a service. IEEE Access, 6:2274–2278, 2018.
[19] Shailaja Lohar. Decentralization of identity using ethereum and ipfs. Communications on Applied Nonlinear Analysis, 31(4s):378–391, July 2024.
[20] Shengchen Ma and Xing Zhang. Integrating blockchain and zk-rollup for efficient healthcare data privacy protection system via ipfs. Scientific Reports, 14:11746, 05 2024.
[21] Khalid Maidine and Ahmed El-Yahyaoui. Cloud identity management mechanisms and issues. In IEEE 6th International Conference on Cloud Computing and Artificial Intelligence: Technologies and Applications (CloudTech), pages 1–9, 2023.
[22] Bhabendu Kumar Mohanta, Soumyashree S Panda, and Debasish Jena. An overview of smart contract and use cases in blockchain technology. In 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pages 1–4, 2018.
[23] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Cryptography Mailing list at https://metzdowd.com, 03 2009.
[24] Andreea-Elena Panait and Ruxandra F. Olimid. On Using zk-SNARKs and zk-STARKs in Blockchain-Based Identity Management, page 130–145. Springer International Publishing, 2021.
[25] Vilius Petkauskas. Details of 20M Cutout.pro users exposed on leak forum. https: cybernews.com/news/cutoutpro-leak-exposed-millions-users/, 2024.Online; accessed 24-Octobre-2024].
[26] Tushar Richabadas. Dell: 49 million customer records exposed in 1 automated attack. https://blog.barracuda.com/2024/05/23/49-million-customer-records-exposed-in-1-automated-attack, 2024.Online; accessed 24-Octobre-2024.
[27] Will Schmidt. THE CHANGE HEALTHCARE CYBER ATTACK. https://www.pcgsoftware.com/ransomware-unitedhealth-group-and-change-healthcare, 2024. Online; accessed 24-Octobre-2024.
[28] Twingate Team. Spoutible Data Breach: What How It Happened? https://www. twingate.com/blog/tips/Spoutible-data-breach/, 2024. Online; accessed 24- Octobre-2024.
[29] Atharva Thorve, Mahesh Shirole, Pratik Jain, Crehan Santhumayor, and Soham Sarode. Decentralized identity management using blockchain. In 2022 4th International Conference on Advances in Computing, Communication Control and Networking (ICAC3N), pages 1985–1991, 2022.
[30] Zhiwei Wang, Qingqing Chen, and Lei Liu. Permissioned blockchain-based secure and privacy- preserving data sharing protocol. IEEE Internet of Things Journal, 10(12):10698–10707, 2023.
[31] Craig S Wright. Bitcoin: A peer-to-peer electronic cash system. SSRN Electronic Journal, 2008.
[32] Xiaohui Yang and Wenjie Li. A zero-knowledge-proof-based digital identity management scheme in blockchain. Computers Security, 99:102050, 2020.
[33] Xiangfu Zhao, Zhongyu Chen, Xin Chen, Yanxia Wang, and Changbing Tang. The dao attack paradoxes in propositional logic. In 2017 4th International Conference on Systems and Informatics (ICSAI), pages 1743–1746, 2017.
[34] Peilin Zheng, Zigui Jiang, Jiajing Wu, and Zibin Zheng. Blockchain-based decentralized application: A survey. IEEE Open Journal of the Computer Society, 4:121–133, 2023.
[35] Xinjie Zhu, Debiao He, Zijian Bao, Min Luo, and Cong Peng. An efficient decentralized identity management system based on range proof for social networks. IEEE Open Journal of the Computer Society, PP:1–12, 01 2023.
