PriTKT: A Blockchain-Enhanced Privacy-Preserving Electronic Ticket System for IoT Devices.

Electronic tickets (e-tickets) are gradually being adopted as a substitute for paper-based tickets to bring convenience to customers, corporations, and governments. However, their adoption faces a number of practical challenges, such as flexibility, privacy, secure storage, and inability to deploy on IoT devices such as smartphones. These concerns motivate the current research on e-ticket systems, which seeks to ensure the unforgeability and authenticity of e-tickets while simultaneously protecting user privacy. Many existing schemes cannot fully satisfy all these requirements. To improve on the current state-of-the-art solutions, this paper constructs a blockchain-enhanced privacy-preserving e-ticket system for IoT devices, dubbed PriTKT, which is based on blockchain, structure-preserving signatures (SPS), unlinkable redactable signatures (URS), and zero-knowledge proofs (ZKP). It supports flexible policy-based ticket purchasing and ensures user unlinkability. According to the data minimization and revealing principle of GDPR, PriTKT empowers users to selectively disclose subsets of (necessary) attributes to sellers as long as the disclosed attributes satisfy ticket purchasing policies. In addition, benefiting from the decentralization and immutability of blockchain, effective detection and efficient tracing of double spending of e-tickets are supported in PriTKT. Considering the impracticality of existing e-tickets schemes with burdensome ZKPs, we replace them with URS/SPS or efficient ZKP to significantly improve the efficiency of ticket issuing and make it suitable for use on smartphones.