基於區塊鏈與零知識證明之隱私與公平性保護售票務系統

符嘉文; Jia Wen Foo

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/101734

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	洪一平	zh_TW
dc.contributor.advisor	Yi-Ping Hung	en
dc.contributor.author	符嘉文	zh_TW
dc.contributor.author	Jia Wen Foo	en
dc.date.accessioned	2026-03-04T16:08:55Z	-
dc.date.available	2026-03-05	-
dc.date.copyright	2026-03-04	-
dc.date.issued	2026	-
dc.date.submitted	2026-02-10	-
dc.identifier.citation	[1] Apple Inc. Introducing passkeys, 2023. https://developer.apple.com/passkeys/. [2] E. Ben-Sasson, A. Chiesa, E. Tromer, and M. Virza. Succinct non-interactive zeroknowledge for a von neumann architecture. In IEEE Symposium on Security andPrivacy, 2014. [3] E. Ben-Sasson, A. Chiesa, E. Tromer, and M. Virza. Succinct {Non-Interactive} zeroknowledge for a von neumann architecture. In 23rd USENIX Security Symposium(USENIX Security 14), pages 781–796, 2014. [4] J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. Kroll, and E. Felten. Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. IEEE Symposium on Security and Privacy, 2015. [5] V. Buterin. Ethereum: A next-generation smart contract and decentralized application platform, 2014. https://ethereum.org/en/whitepaper/. [6] V. Buterin. Proof of personhood, 2021. https://vitalik.ca/general/2021/01/11/poap.html [7] F. Casino, T. Dasaklis, and C. Patsakis. A systematic literature review of blockchain-based applications. Telematics and Informatics, 2019. [8] S.-C. Cha, W.-C. Peng, T.-Y. Hsu, C.-L. Chang, and S.-W. Li. A blockchain-based privacy preserving ticketing service. In 2018 IEEE 7th Global Conference on Consumer Electronics (GCCE), pages 585–587. IEEE, 2018. [9] Y. Chen and C. Bellavitis. Blockchain disruption and decentralized finance. Journal of Business Venturing Insights, 2022. [10] P. Courty. Some economics of ticket resale. Journal of Economic Perspectives, 17(2):85–97, 2003. [11] D. F. M. dos Santos. Smart e-tickets: buying authentic and trustworthy tickets with blockchain. Master’s thesis, Universidade de Lisboa (Portugal), 2019. [12] S. Eskandarian, S. Moosavi, and J. Clark. Sok: Transparent dishonesty: Front-running attacks on blockchain. In IEEE Security and Privacy Workshops, 2019. [13] P. . S. Explorations. Semaphore documentation: How it works, 2023. https://docs.semaphore.pse.dev. [14] S. Feulner, J. Sedlmeir, V. Schlatt, and N. Urbach. Exploring the use of self-sovereign identity for event ticketing systems. Electronic Markets, 32(3):1759–1777, 2022. [15] FIDO Alliance. Passkeys: Passwordless authentication, 2022. https://fidoalliance.org/passkeys/. [16] S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. In Providing sound foundations for cryptography: On the work of shafi goldwasser and silvio micali, pages 203–225. 2019. [17] Google. Passkeys on google, 2023. https://developers.google.com/ identity/passkeys. [18] J. Groth. On the size of pairing-based non-interactive arguments. In Annual international conference on the theory and applications of cryptographic techniques, pages 305–326. Springer, 2016. [19] K. Gurkan, W. J. Koh, and B. Whitehat. Community proposal: Semaphore: Zero-knowledge signaling on ethereum, 2020. Accessed July 1, 2021. [20] M. Gysel, B. Ford, and L.-H. Merino. Blockchain-based Event Ticketing. PhD thesis, Master＇s thesis: EPFL, 2023. [21] J. Han, L. Chen, S. Schneider, H. Treharne, and S. Wesemeyer. Privacy-preserving electronic ticket scheme with attribute-based credentials. IEEE Transactions on Dependable and Secure Computing, 18(4):1836–1849, 2019. [22] G. A. Haryadi, A. Zainudin, J.-M. Lee, and D.-S. Kim. Purenft: A blockchain-based ticketing system with lightweight ai for scalping prevention. In 2025 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6. IEEE, 2025. [23] P. Lafourcade, D. Mahmoud, G. Marcadet, and C. Olivier-Anclin. Transferable, auditable and anonymous ticketing protocol. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, pages 1911–1927, 2024. [24] X. Li, J. Niu, J. Gao, and Y. Han. Secure electronic ticketing system based on consortium blockchain. KSII Transactions on Internet and Information Systems (TIIS), 13(10):5219–5243, 2019. [25] M. L. Liu et al. A hybrid blockchain-based event ticketing system. PhD thesis, University of Saskatchewan, 2021. [26] M. Ma and Z. Xie. Blockchain-powered ticketing ecosystem: A scalable framework for china’s performance market. In 2025 International Conference on Culture-Oriented Science & Technology (CoST), pages 1–6. IEEE, 2025. [27] S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008. https://bitcoin.org/bitcoin.pdf. [28] S. Rafati Niya et al. Deti: A decentralized ticketing management platform. Journal of Network and Systems Management, 2022. [29] F. Regner, N. Urbach, and A. Schweizer. Nfts in practice–non-fungible tokens as core component of a blockchain-based event ticketing application. 2019. [30] B. Tackmann. Secure event tickets on a blockchain. In International Workshop on Data Privacy Management, pages 437–444. Springer, 2017. [31] K. Thomas, F. Li, C. Grier, and V. Paxson. Protecting the internet from credential stuffing attacks. In Proceedings of the Internet Measurement Conference (IMC), 2017. [32] U.S. Government Accountability Office. Event ticket sales: Market characteristics and consumer protection issues. Technical report, GAO, 2018. [33] K. Verslype, B. De Decker, V. Naessens, G. Nigusse, J. Lapon, and P. Verhaeghe. A privacy-preserving ticketing system. In IFIP Annual Conference on Data and Applications Security and Privacy, pages 97–112. Springer, 2008. [34] vplasencia and oskarth. Semaphore v4 specification, 2025. https://github.com/privacy-ethereum/zkspecs/blob/main/specs/3/README.md. [35] W3C Web Authentication Working Group. Web authentication: An api for accessing public key credentials, 2019. https://www.w3.org/TR/webauthn/. [36] Q. Wang, R. Li, Q. Wang, and S. Chen. Non-fungible token (nft): Overview, evaluation, opportunities and challenges. arXiv preprint arXiv:2105.07447, 2021. [37] G. Wood. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Yellow Paper, 2014. [38] Worldcoin Foundation. World id: A privacy-preserving proof of personhood, 2023. https://worldcoin.org/world-id. [39] X. Xu, I. Weber, and M. Staples. Architecture for blockchain applications. Springer, 2019. [40] Y. YuanJiang and J. T. Zhou. Ticketing system based on nft. In 2022 IEEE 24th International Workshop on Multimedia Signal Processing (MMSP), pages 01–05. IEEE, 2022. [41] Y. Zhan, F. Yuan, R. Shi, G. Shi, and C. Dong. Pritkt: a blockchain-enhanced privacy-preserving electronic ticket system for iot devices. Sensors, 24(2):496, 2024. [42] J. Zhao, S. Fan, and J. Yan. Blockchain-based ticketing systems: A survey. IEEE Access, 9:43742–43760, 2021. [43] zk kit. Leanimt: An optimized incremental merkle tree, 2024. https://github.com/zk-kit/zk-kit/blob/main/papers/leanimt/paper/leanimt-paper.pdf	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/101734	-
dc.description.abstract	線上售票系統中，尤其在熱門活動的情境下，黃牛炒票的手法層出不窮，嚴重影響票券交易的公平性。現有解決方案多仰賴實名制以限制重複購票，然而此方法需要使用者揭露大量個人資訊，並使售票平台成為高度敏感資料的集中管理者，增加隱私外洩與濫用的風險。本研究旨在提出一套兼顧使用者隱私保護與交易公平性的線上售票系統，避免在防制黃牛的同時犧牲使用者隱私。本研究提出名為BlozkTix的線上售票系統。系統建於以太鏈上，透過智慧合約執行購票與票券狀態管理，以確保交易流程的透明性、公正性與抗攻擊能力。同時，系統引入真人唯一性（Proof of Personhood, PoP）證明作為身分驗證機制，在使用者無需揭露個人資訊的情況下仍能有效限制重複購票行為。在虛擬貨幣逐漸普及、交易紀錄公開可驗的背景下，如何在公開帳本中避免交易紀錄與現實身分關聯已成為一大挑戰。為此，本研究採用多重匿名身分設計，將不同生命週期的身分證明分離，讓使用者在購票、選位等不同階段的行為完全無法被關聯分析。此外，透過採用裝置通行密鑰（passkey）作為票券身分的衍生來源，使匿名身分可透過裝置驗證即時重建，而不需以可轉移的私鑰或助記詞形式儲存，降低票券身分被轉移、外流與遺失的風險。實作與評估結果顯示，本研究提出之系統在合理的計算時間與交易成本下，有效實現跨購票生命週期的身分不可連結性，同時維持票券交易的公平性與實用性，提供可行的隱私保護型線上售票解決方案。	zh_TW
dc.description.abstract	In online ticketing systems, especially for high-demand events, ticket scalping has become increasingly prevalent and severely affected fairness in ticket distribution. Existing solutions often rely on real-name registration to restrict repeated purchases. However, such approaches require users to disclose extensive personal information and place ticketing platforms in the role of centralized custodians of highly sensitive data, increasing the risk of privacy leakage and misuse. This thesis aims to design an online ticketing system that preserves user privacy while maintaining transaction fairness, avoiding the trade-off between anti-scalping measures and privacy protection. This work proposes BlozkTix, an online ticketing system built on the Ethereum blockchain. Smart contracts are used to perform ticket purchases and manage ticket states, ensuring transparency, fairness, and resistance to tampering. To replace traditional real-name verification, the system adopts Proof of Personhood (PoP) as the identity verification mechanism, allowing users to prove their uniqueness and eligibility. Hence, the system effectively limiting repeated purchases without revealing personal information. As cryptocurrencies become increasingly prevalent and transaction records remain publicly verifiable, preventing the linkage between on-chain activities and real-world identities becomes a critical challenge. To address this issue, BlozkTix introduces a lifecycle-scoped anonymous identity design, in which identity proofs used at different stages of the ticket lifecycle are explicitly separated. As a result, user actions during ticket purchase, seat selection, and other stages cannot be correlated by any party. Furthermore, the system derives ticket-related anonymous identities from device-bound passkeys. By allowing identities to be re-derived through device authentication rather than stored as transferable private keys or mnemonic phrases, this reduces the risk of identity transfer, leakage, or loss, at the same time improving usability for end users. Implementation and performance evaluation results show that the proposed system achieves cross-stage unlinkability of user identities under acceptable computational cost. At the same time, it preserves fairness and practicality in ticket transactions, providing the practical solution of a privacy-preserving online ticketing system.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2026-03-04T16:08:55Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2026-03-04T16:08:55Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	口試委員審定書 i 誌謝 ii 摘要 iii Abstract v Contents vii List of Figures xi List of Tables xii Chapter 1 Introduction 1 Chapter 2 Related Works 4 2.1 Blockchain Ticketing Systems . . . . . . . . . . . . . . . . . . . . . 4 2.1.1 Blockchain Technology . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.2 Ethereum and Smart Contracts . . . . . . . . . . . . . . . . . . . . 5 2.1.3 Blockchain Ticketing and Anti-Scalping Mechanisms . . . . . . . . 6 2.2 Privacy-Preserving Identity Management . . . . . . . . . . . . . . . 9 2.2.1 Zero-Knowledge Proofs . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2.2 Decentralized Identity and Self-Sovereign Identity . . . . . . . . . . 10 2.2.3 Privacy-Preserving Ticketing Systems . . . . . . . . . . . . . . . . 10 2.2.4 Semaphore Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2.4.1 Identity . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2.4.2 Group . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2.4.3 Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.2.5 Proof of Personhood . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.3 Passkey-Based Authentication . . . . . . . . . . . . . . . . . . . . . 17 Chapter 3 System Design 19 3.1 Lifecycle-scoped Identity Structures . . . . . . . . . . . . . . . . . . 19 3.2 Presale Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3 Platform Signup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.4 Ticket Purchase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.5 Refund Ticket . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.6 Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.7 Event Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.8 Finalization and Settlement . . . . . . . . . . . . . . . . . . . . . . . 31 3.9 Execution Layers and Design Rationale . . . . . . . . . . . . . . . . 32 Chapter 4 System Implementation 33 4.1 Event Contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 4.1.1 Core Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . 34 4.1.2 Contract Functions . . . . . . . . . . . . . . . . . . . . . . . . . . 35 4.1.3 Ticket Identity Lifecycle . . . . . . . . . . . . . . . . . . . . . . . 38 4.2 Backend Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 4.2.1 Blockchain Listener . . . . . . . . . . . . . . . . . . . . . . . . . . 39 4.2.2 Services and API Layer . . . . . . . . . . . . . . . . . . . . . . . . 40 4.2.3 Backend Storage Management . . . . . . . . . . . . . . . . . . . . 41 4.3 Frontend Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.3.1 Purchase and Queue Flows . . . . . . . . . . . . . . . . . . . . . . 42 4.3.2 Refund Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 4.3.3 Administrative Dashboard . . . . . . . . . . . . . . . . . . . . . . 46 4.3.4 Scanner Interface and Offline Entry Verification . . . . . . . . . . . 46 4.3.5 Design Considerations . . . . . . . . . . . . . . . . . . . . . . . . 48 Chapter 5 System Evaluation 50 5.1 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 5.1.1 Scalping-related Threats . . . . . . . . . . . . . . . . . . . . . . . 50 5.1.2 Privacy-related Risks . . . . . . . . . . . . . . . . . . . . . . . . . 53 5.2 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . 56 5.2.1 Group Construction and Membership Update . . . . . . . . . . . . 58 5.2.2 Proof Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 5.2.3 Proof Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 5.2.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 5.3 Contract Gas Cost Evaluation . . . . . . . . . . . . . . . . . . . . . 60 Chapter 6 Discussion 62 6.1 Extensible Identity Verification via DID and Multiple Semaphore Groups 62 6.2 Multi-Event Support and Organizer-Defined Verification Policies . . 63 6.3 Broader Applicability Beyond Ticketing Scenarios . . . . . . . . . . 64 Chapter 7 Conclusion 66 7.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 7.2 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 7.3 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 References 70 Appendix A — Source Code 76	-
dc.language.iso	en	-
dc.subject	售票系統	-
dc.subject	零知識證明	-
dc.subject	隱私保護	-
dc.subject	區塊鏈	-
dc.subject	去中心化應用	-
dc.subject	Ticketing System	-
dc.subject	Zero-knowledge proofs	-
dc.subject	Privacy-preserving	-
dc.subject	Blockchain	-
dc.subject	Decentralized Application	-
dc.title	基於區塊鏈與零知識證明之隱私與公平性保護售票務系統	zh_TW
dc.title	A Privacy- and Fairness-Preserving Ticketing System Using Blockchain and Zero-Knowledge Proofs	en
dc.type	Thesis	-
dc.date.schoolyear	114-1	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	黃冠寰;陳恭;林經堯;廖世偉	zh_TW
dc.contributor.oralexamcommittee	Gwan-Hwan Wang;Kung Chen;Jin-Yao Lin;Shih-Wei Liao	en
dc.subject.keyword	售票系統,零知識證明隱私保護區塊鏈去中心化應用	zh_TW
dc.subject.keyword	Ticketing System,Zero-knowledge proofsPrivacy-preservingBlockchainDecentralized Application	en
dc.relation.page	76	-
dc.identifier.doi	10.6342/NTU202600625	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2026-02-10	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊網路與多媒體研究所	-
dc.date.embargo-lift	2026-03-05	-
顯示於系所單位：	資訊網路與多媒體研究所

文件中的檔案：

檔案	大小	格式
ntu-114-1.pdf	15.41 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。