1

Cerberus: A Blockchain-Based Accreditation and

Degree Verification System
Aamna Tariq∗ , Hina Binte Haq † , Syed Taha Ali‡
School of Electrical Engineering and Computer Sciences (SEECS), National University of Sciences and
Technology (NUST), Islamabad, Pakistan.
∗ † contributed equally to the paper.
∗ atariq.msit16seecs@[Link], † hhaq.dphd18seecs@[Link], ‡ [Link]@[Link]

Abstract—Credential fraud is a widespread practice that Corruption in the domain of education can have wide-
undermines investment and confidence in higher education ranging and detrimental effects. In 2013, in its global cor-
systems and bears significant economic and social costs. Legacy ruption report on education, Transparency International ex-
credential verification systems are typically time-consuming,
costly, and bureaucratic, and struggle against certain classes of tensively documented various instances of such phenomena,
credential fraud. In this paper, we propose a comprehensive particularly in developing countries where such fraud is per-
blockchain-based credential verification solution, Cerberus, vasive and systemic. Corrupt practices range over a wide
which is considerably more efficient, easy and intuitive to spectrum including bribery and nepotism in admissions and
use, and effectively mitigates widespread manifestations of in examinations results, a culture of teacher absenteeism,
credential fraud. Cerberus also improves significantly upon
other blockchain-based solutions in the research literature: it deteriorating quality of education, misappropriation of funds,
adheres closely to the existing credential verification ecosystem, ghost schools existing only on paper, diploma mills which
it addresses a threat model informed by real-world fraud issue fake academic degrees, and compromised accreditation
scenarios. Moreover, Cerberus uses on-chain smart contracts services [11].
for credential revocation, and it does not entail students In this paper, we specifically focus on the problem of
or employers to manage digital identities or cryptographic
credentials to use the system. We prototype our solution and fake academic credentials. With increasing social pressure to
describe our attempt to design an online verification service with outperform peers in highly competitive job markets, many
a rich feature set, including data privacy, transcript verification, applicants misrepresent their qualifications to make their cur-
and selective disclosure of data. We hope this effort contributes riculum vitae more appealing to employers. An academic
positively to towards alleviating the problem of fake credentials. credential typically requires considerable investment in terms
of time, effort, and funding, and in turn it confers a certain
Managerial Relevance Statement prestige on the bearer and opens new opportunities to them.
There is widespread recognition that the blockchain can effec- Fake degrees essentially enable third parties a ‘free ride’ on
tively combat the problem of fake credentials and significantly these benefits [12].
improve the credential verification process. There are several Falsified credentials range from high school diplomas to
efforts underway in this domain, both in industry and ideas
proposed in the research literature. However, to the best of our doctorate degrees. There have been publicized instances where
knowledge, what is most lacking is a rigorous effort to tailor investigators have successfully procured fake degrees on behalf
these solutions to existing practices of credential fraud, and to of pet cats [13] and dogs [14]. According to one study,
mitigate usability issues on the part of users. over a third of potential candidates admit to falsifying or
Our system will enable practitioners (universities, accredita- ‘enhancing’ their qualifications for a job application [15].
tion bodies, employers) to undertake the following: 1) to con-
cretely visualize the workings and benefits of such a system and A professor in South Africa was recently assassinated for
work towards integrating it into existing credential verification exposing a syndicate producing fake PhD degrees [16]. There
ecosystems, and 2) to adapt and customize the rich feature set is a marked scarcity of research on the scope of this problem,
of our solution to cater to their own requirements. but a conservative estimate suggests that there are more than
5000 unrecognized universities and diploma mills operating
worldwide, and issuing over 200,000 fake degrees annually
I. Introduction with revenues in excess of $1 billion [17].
The value of education to society cannot be overstated: ed- These unethical practices not only discourage individual
ucation plays a pivotal role in enabling social mobility [1] [2], investment in education but also damage the value, credibility
it contributes to economic uplift [3] [4] [5], and it promotes and reputation of a higher education system. Moreover, there
political stability and reform [6] [7] [8]. Education is also a may be considerable social harm: apart from a compromised
critical factor for innovation to meet local and international sense of ethics, a fake degree holder will likely not possess
challenges and opportunities [9]. For these reasons, education the requisite expertise in his field (achieved through rigorous
typically ranks near the top of government spending priorities training and evaluation), thereby posing a real danger in certain
in developed countries, and often absorbs over a fifth of total domains. For instance, subjects implicated in fake degree
government spending in the public sector [10]. scandals include doctors, nurses [18] [19] , pilots [20] [21],
 2

and even politicians and government ministers [22] [23] [24]. gest a simple and practical on-chain revocation mecha-
The traditional defense against fake credentials is stringent nism which leverages smart contracts.
verification procedures. In certain countries, this task is un- We describe here briefly a representative scenario which
dertaken at a national level by government bodies, such as motivates our solution: an Accreditation Authority operates
the Academic Degrees and Graduate Education Development and maintains a permissioned blockchain in partnership with
Center in China [25], the Higher Education Commission in universities and watchdog organizations. When a student,
Pakistan [26], and the Higher Attestation Commission in Alice, graduates, her university issues her a physical degree
Russia [27]. In some territories, accreditation is overseen by certificate and also add her details on the blockchain platform.
non-governmental agencies, such as the Council for Higher This certificate also contains a QR code which allows Alice, or
Education Accreditation (CHEA) in the United States [28], and any other party, to verify her credentials in real-time from the
Tertiary Education Quality and Standards Agency (TEQSA) blockchain using a smartphone app. This is similar to national
[29], Australia’s independent national quality assurance and visa verification services such as VEVO in Australia [56], the
regulatory agency for higher education. There also exist wide- Employer Checking Service in the UK [57], and E-Verify in
ranging international efforts such as the Hague Apostille the US [58], which allow employers to check the visa status
Treaty of 1961, whereby citizens can have their credentials cer- of job applicants via a Web portal. Alice can even paste a QR
tified by a designated authority so that they may be recognized code on her resume, thereby enabling prospective employers
in 116 signatory countries [30]. Another facility is the IAU to verify her details independent of the certificate. In case
World Higher Education Database (WHED) which provides her degree is revoked, the university will make corresponding
comprehensive information on accredited higher education entries in the blockchain which will be revealed when Alice’s
systems and credentials around the world [31]. QR code is scanned.
However, most credential verification mechanisms are This solution has notable differences with prior work: first,
opaque, cumbersome, time consuming, and costly. According our effort is on engineering a solution that preserves the exist-
to a survey, one in three employers in the UK do not request ing ecosystem and maintains key security properties such as
candidates for their degree certificates; and, of those who guarantees on data privacy, integrity, and revocation. Second,
do, 76% of employers assume the certificates are legitimate it approximates and improves upon the real world process flow
and do not verify their authenticity [32]. Foregoing diligent for credential management and verification. Furthermore, we
background checks entails costs in terms of lost time, perfor- focus on usability: our solution is relatively easy to use since
mance, and investment: in the US, the Department of Labour verification can be done by scanning a QR code and neither
reports that forged credentials and doctored qualifications cost Alice nor her employer are required to personally interact with
companies an average of $40,000 per bad hire [33]. the blockchain or maintain secret keys.
In recent years, the blockchain has been promoted as a
The rest of this paper is organized as follows: in Section
promising new technology for transparency and data integrity
II Background, we discuss the ground realities regarding aca-
in a variety of domains, including payment settlements [34]
demic credential fraud throughout the world and also discuss
[35], copyright protection [36] [37], data notarization [38]
the higher education Ecosystem specific to Pakistan. In Section
[39], digital government [40] [41] [42] [43], health care
III we discuss the architecture and flow of the Proposed
[44], [45], [46] [47], logistics and tracking [48] [49], and
System. In Section IV we enumerate implementation details
secure elections [50] [51]. Due to its distributed architec-
of our prototype of the system. In Section V Discussion, we
ture and its reliance on cryptography, the blockchain offers
highlight and explain how our system achieves the various
strong guarantees on accountability, accessibility and data
security properties. In Section VI we compare and contrast our
immutability, which is particularly suited to scenarios with
endeavour with similar systems and related work. In Section
multiple untrusted parties. Various efforts also advocate using
VII we delineate future direction for research and conclude
the blockchain to combat the fake degree problem [52] [53]
our discussion in Section VII.
[54], but as yet there are few rigorous efforts [55] in this
direction.
We attempt to address this deficiency. Our paper makes the II. Background
following contributions:
A. The Varieties of Credential Fraud
1) We propose a comprehensive blockchain-based solution
for easy and efficient verification of academic creden- Credential fraud has been around since at least the four-
tials. We describe a solution architecture which inte- teenth century [17], and there is considerable evidence that
grates seamlessly with typical credential management degrees were widely sold in German universities in the 18th
ecosystems and we devise a threat model informed by century [59]. However, this phenomenon gained rapid traction
real-world fraud scenarios, in the 20th century due to two main drivers: first, as Johnson
2) We prototype our solution and describe our attempt to convincingly argues, increasing global competition in job mar-
design an online verification service with a rich feature kets has given rise to a widespread culture of credentialism,
set, including data privacy, transcript verification, and with employers ‘overly relying on degrees as proof of job
selective disclosure of data, competency’, even for low-to-moderate skill positions. This
3) We propose a novel credential revocation mechanism. practice likely contributes considerably to the black market
This is a distinct contribution in its own right. We sug- for fake credentials [60].
 3

Second, the 20th Century marked the ascendance of the b) Institutional Fraud: refers to the case where staff
“for-profit” education model in schools and universities, within institutions are compromised [67]. Such fraud may
whereby academic excellence and integrity had to contend in- involve the university registrar or other officials who create an
creasingly with economic and business interests. This situation illegitimate credential which is retroactively appended in the
was further complicated by rapid expansion higher education official record of the university. This tactic is more reliable
institutions in the form of distance learning programmes, than document fraud because the credential itself is authentic
flexible and distributed learning modes, branch campuses, and can usually withstand cursory scrutiny because it is backed
franchising, and credit transfer schemes [61]. The distributed by university records.
and transnational nature of these schemes makes it consider- A prominent example is the case of Busoga University in
ably more difficult to enforce independent checks on quality Uganda which was investigated in 2016 for issuing more than
and integrity. 1,000 “premium-tuition” degrees to South Sudanese students,
The result is a pervasive and thriving culture of credential most of them military officers seeking easy degrees to secure
fraud and a billion dollar industry [11]. Whereas concrete government positions [74].
figures on credential fraud are not available [62], some in- c) Diploma Mills: sell fake credentials from fictitious
vestigations reveal the alarming scope of this trend [63]. For universities and lead the mass market in credential fraud.
instance, in the US, home to the largest number of diploma These bodies operate in a highly structured and sophisticated
mills in the world [64], Ezell et al. document that the number manner, with a corporate culture including a dedicated mar-
of fake PhD degrees purchased every year exceeds 50,000, keting and sales teams, and offer customised "products" to
outnumbering the 40,000-45,000 legitimate PhDs awarded by buyers. These mills often maintain immaculate websites for
universities [65]. One diploma mill, operated by Americans fictitious universities [75].
with offices in Europe and the Middle East, has sold more than A recent example is the international scandal of Axact,
450,000 degrees with revenues exceeding US $450,000,000. widely considered the largest degree scam yet, where a
[66] Pakistan-based company that operated a web of more than 370
In Europe, the UK is believed to host the largest number of diploma mills which collectively earned millions of dollars in
diploma mills [64]. A prominent example was the University revenue by selling fake degrees and certificates of hundreds
of Wales, the second-largest university in the country with a of fictitious universities to clients worldwide [75]. Axact have
120-year history, which had 70,000 students enrolled in 130 also been known to extort their customers for funds after
colleges around the world. After multiple scams and admin- making sales to them by threatening to reveal that their
istrative failures were uncovered, the registrar resigned and credentials were bogus [76].
the university shuttered its highly profitable degree validation d) Accreditation Fraud: refers to the case where the
program, which accounted for nearly two thirds of institutional accreditation body that validates a credential as authentic may
revenue [67] [68]. itself be compromised or fictitious. A very common strategy
Fraud is also rampant in the developing world. According employed by diploma mills is to set up fake accreditation mills
to one estimate an alarming half of all high school transcripts to legitimize the credentials they sell.
in overseas university admissions applications by Chinese stu- The Federal Investigation Agency in Pakistan, has probed
dents are falsified [62]. This problem is also very widespread several instances where regulatory bodies verified fake degrees
in India [69] [70], and trafficking in fake certificates has of powerful officials without due diligence [77]. Recently
been described as a ‘pan-India’ crime [71]. A 2015 study a company investigating credentials of Chinese student ap-
found that one in nine politicians in the lower house of the plicants on behalf of prominent universities in the US had
Russian parliament possessed a plagiarized or fake degree. In to withdraw from the project on charges that it engaged in
Indonesia, a task force was set up by the government in 2015 widespread application fraud itself [78]. A Connecticut man
to crack down on fake degrees issued specifically to politicians who sold fake degrees operated a fictitious accreditation ser-
[22]. vice in parallel, the National Distance Learning Accreditation
Council to validate his degrees [79]. These practices pose
Here we broadly classify various categories of credential
highly complex challenges for employers who often have
fraud:
limited resources available to verify academic credentials.
a) Document Fraud: typically involves illegal counter-
feits, deceitful alteration of legitimate credentials (modification
of name, signatures, degree, details, etc.), or complete fabrica- B. Blockchain and Smart Contracts
tions (using fake logos, seals, and serial numbers) [72]. This Here we present a high-level overview of blockchain and
category also includes doctored or misleading translations and smart contracts technology and highlight the security proper-
evaluations of credentials. ties of this novel new paradigm.
A recent example is the case of degree shops that have A blockchain is a decentralized global ledger consisting of a
recently sprung up on the Syrian-Turkish border, where mer- continuously growing list of records, called blocks, arranged in
chants exploit desperate Syrian migrants and refugees by chronological order. Users possess cryptographic credentials,
selling them forged documents on their way to Europe. A namely a public/private key pair, which enables them to insert
high school diploma reportedly costs USD $600, whereas a new records into this ledger. Individual blocks are coupled
university degree can be as much as USD $2,500 [73]. together using hash pointers such that data cannot be removed
 4

or prepare equivalence certificates. In our setup, accreditation

bodies are also responsible for setting up and administering
the Cerberus network.
A final party to this scenario could be observers such as
citizen groups, activists, and watchdog bodies whose key role
is to audit the operations of these different parties and maintain
quality checks.
In our threat model, we assume that any of these entities
may be malicious. For instance, a student may try to forge a
credential or purchase one from a diploma mill. A university
may sell fake degrees. An accreditation body may try to
accredit fake degrees. Different malicious parties may even
collude. As we’ve noted in §.II-A, these threats are realistic
and there are abundant examples of each.
A credential verification solution should defend against the
aforementioned attacks to the greatest possible extent. Here
Figure 1: The ecosystem for credential verification we list certain desirable security properties of such a system:
• Authenticity The system should serve as a secure and
from the block nor added retroactively without detection by authentic repository which enables verification of creden-
all the other parties. The synchronization and integrity of this tials. All stakeholders should be able to view and audit
ledger is assured by a distributed consensus protocol which the inner workings of this system and maintain checks
periodically selects certain parties (miners) to append new on the behavior of other parties. Moreover, the system
blocks to the ledger. should integrate with existing credential management
The notion of smart contracts builds on this paradigm by infrastructure.
envisioning the shared ledger as a public memory space, • Resilience: In the ideal case, we should be able to detect
thereby extending the notion of verifiability from data to credential fraud if there is at least one honest party
computations. The earliest cryptocurrencies, including Bitcoin, participating on the blockchain network.
introduced limited support for scripts to govern the handling • Privacy Preservation: The system should not leak any
of transactions. Later platforms, notably Ethereum, provide data regarding students’ credentials or personal infor-
powerful support to users to embed complex application logic mation to third parties (such as employers) beyond any
into the ledger. information the students may choose to reveal themselves.
Various developers are using smart contracts to build sophis- This includes student identities, grade transcripts, degree
ticated solutions which address real-world solutions in a secure status, etc.
and decentralized manner. These include applications such as We also list here certain other features for a credential
trading securities and derivatives [80], optimize supply chains verification system that are desirable from a usability and
[81], remote healthcare [82], and prediction markets [83], etc. efficiency perspective:
Our credential verification solution uses a permissioned • Real-time Online Verification: A prominent property of
blockchain, i.e. one where peers in the ecosystem are assigned blockchain solutions is disintermediation, i.e. decoupling
different roles and privileges. Smart contracts define the rules the need for trusted centralized parties, and thereby
according to which credentials may be revoked. immensely speeding up operations. The credential ver-
ification process is typically cumbersome and involves
C. Ecosystem and Threat Model paperwork and communication with the awarding univer-
The ecosystem for credential verification typically consist sity. However, an online verification solution operating on
of various parties as depicted in Fig. 1. top of a permissioned blockchain should enable real-time
Universities award academic credentials in a field of study. degree verification for users.
A credential in this context refers to a diploma, degree, • Third-party Verification: The system should enable
or certificate issued by a university to a student in lieu third parties to directly and independently verify creden-
of successful completion of the requirements of a certain tials of a user without relying on intermediaries.
educational program. These credentials serve as proofs of • Selective Disclosure: Users should be able to verify
qualification, considered essential for most jobs and various individual credential details in a piecemeal manner. This
other life opportunities. Therefore, there is a considerable need would enable students to share selective details with
among employers and others to ensure that degrees belonging different parties. For instance, Alice could print her
to their workers are genuine. primary credential details on her curriculum vitae and on
Accreditation bodies are national-level or private entities job applications, without revealing any other potentially
which undertake the task of verifying and validating academic sensitive data, such as national identification number
credentials issued by educational institutions. Certain accredi- or grades transcript. These could be disclosed in other
tation authorities also issue certified translations of credentials situations that necessitate it.
 5

The physical degree certificate issued to Alice by the

university incorporates a QR code, for credential verifica-
tion, printed on the front which facilitates verification of the
information on her certificate. If an employer, Bob, wants to
check if Alice’s degree is genuine, he can scan the code with
a smartphone app or use a web portal. These services retrieve
validating information from the Cerberus network in real-time,
verify the code, and inform Bob of the degree’s authenticity.
Alice can also print the credential verification code on her
resume alongside her educational details so that any third party
can verify her degree independently of the physical certificate.
If the university were to revoke Alice’s degree, it would
circulate a revocation transaction which the accreditation
body would verify and add to the blockchain. Any party that
checks Alice’s credential verification code subsequently would
Figure 2: System Overview be informed that the degree has been revoked (as explained in
detail below).
In the detailed solution specification which follows we
• Usability: The system should be easy to use and not also describe additional features whereby additional data may
require significant technical sophistication on the part of selectively disclosed and authenticated using the blockchain
users. Multiple studies also note that users face difficulty (such as Alice’s identity, the contents of her educational
storing and handling cryptographic credentials [84][85]. transcript, etc.). Solution developers can easily adapt these
• Revocation: If a credential is revoked, the revocation in- general techniques to different types of data as per their
formation should be efficiently and quickly disseminated requirements.
to all stakeholders, without any room for ambiguity.
Credential verification solutions in certain countries are A. Administering the Network
already adopting many of these features. Centralized online
The accreditation body is responsible for initial config-
verification systems have recently been rolled out to combat
uration of the network and to maintain the blockchain and
widespread credential fraud in India [86] and Malaysia [87].
update the network as participants change over time. The
In later sections, we discuss how popular technologies such
accreditation body has to deploy multiple nodes itself to dis-
as smart phones and QR codes can be leveraged to further
tribute and secure the network. These nodes should ideally be
facilitate user experience.
geographically spaced and secured as per industry standards.
The accreditation body also manages how other parties
III. The Proposed System: Cerberus access and use the network. When a new university is listed,
the accreditation body adds it to the network and certifies
In this section we describe the inner workings of our
it’s cryptographic keys. A university may also be removed
proposed solution. We start with a high-level overview of the
from the network for various reasons (e.g. in case of fraud
key steps in the life cycle of a credential. The process is
or if quality standards are not met) in which case it’s address
depicted in Fig. 2.
and keys are added to a blacklist. Keys that have been lost
An accreditation body operates and maintains a permis-
or compromised are also added to the blacklist and new keys
sioned blockchain network in partnership with multiple parties
are generated to replace them. The accreditation body also
including universities and observer entities, such as activist
provides access to third party observers to audit the network.
organizations and citizen groups. The universities circulate
The accreditation body may also update the network as
transactions containing validation information for credentials
per users’ requirements by introducing new contracts, roles,
they issue to students. The accreditation body periodically
and privileges to cater to evolving policies or changes in the
collects these transactions and aggregates them into blocks
ecosystem. The architecture of the system is shown in Fig. 3.
which are then added to the blockchain. Observer parties audit
every process in the system and maintain checks on integrity.
When a student, Alice, graduates, the university issues B. Issuance of the Credential
her a physical certificate of her academic degree and her When an academic session concludes, the university pre-
transcript. The university administration also creates a trans- pares degree certificates for students in the graduating batch.
action containing a digital fingerprint of Alice’s credential Issuing the credential comprises three key steps as follows:
details (alongside that of other graduating students). This a) Preparing the Credential: Our solution enables ver-
transaction is digitally signed by the university registrar and ification of two sets of data: the first is data pertaining to
propagated on the Cerberus network, where it is verified by the academic degree (denoted as degree_info), and second is
nodes belonging to the accreditation body, mined into a block more detailed data relating to the identity of the student and
and added to the blockchain. This step corresponds to the contents of her transcript (denoted as id/transcript_info). The
issuance and accreditation of a credential. student can choose to disclose these data items selectively for
 6

Figure 3: System Architecture

verification. For instance, she can publicly circulate details of

her degree on her resume or her social media profile, whereas
transcript and detailed identity details may only be required
by some employers.
The first data set, degree_info, typically contains the fol-
lowing information:
• name of the Student
• serial number of the degree
• title of the degree/program
• year the degree is awarded
• name of the University
The second data set, id/transcript_info, consists of the
following data items:
• details of student’s identity document (such as drivers
license, citizen card, etc.). This can even be just a personal Figure 4: Preparing the Credential
identification number.
• course codes, Titles, and credit hours for the study
program In our solution, the tree is composed as depicted in Fig. 4.
• grades earned by the student
Each leaf node represents a student’s data, and the root of the
• Grade Point Average and Cumulative Grade Point Aver-
tree is computed over the entire graduating batch of students1 .
age earned by the student This Merkle root, denoted the batch_Merkle_root, can now be
used to authenticate all data items in the original set, i.e. the
The items in both data sets are individually concatenated
degree, identity, and transcript information for all students in
and uniquely fingerprinted using a hash function, H(), forming
the batch.
the student-info that constitutes a leaf. Popular hash functions,
such as SHA2 or MD5 may be used for this purpose. The b) Registering the Credential: The next step is to record
fingerprints are then input into a Merkle tree. Merkle trees, the batch_Merkle_root computed by the university, on to the
first proposed by Ralph Merkle, are hash-based data structures blockchain.
that allow authentication of data sets by computing a message The registrar at the university creates a Cerberus trans-
digest (or root) over the data items using hash-and-concatenate action, addressed to the accreditation body, embeds the
operations to build a tree structure encompassing the entire batch_Merkle_root in the data field of the transaction, signs
set [88]. This arrangement significantly reduces the amount 1 Merkle trees are binary, and therefore, if there are an odd number of
of verification data that needs to be put on the blockchain to students, the last hash will be duplicated once to create an even number of
verify large data sets. leaf nodes.
 7

Figure 5: Issuance of Physical Certificates: degree-code and

id/transcript-code
Figure 6: Degree content Verification

the transaction with its private key, and circulates it on the

• degree_info, i.e. text of student’s name, serial number of
Cerberus network where it is received by every party. As
the degree, title of degree/program, year of the award,
per the consensus rules, nodes belonging to the accreditation
and name of the university
body check incoming transactions for correctness, verify the
• H(id/transcript_info), i.e. a hash fingerprint of the data
signatures, collect the transactions into a block and append it
pertaining to the student’s identity and transcript details,
to the blockchain.
which is also necessary to reconstruct the authentication
As we noted earlier in §.II-A, university staff themselves path for the degree_info
have been known to insert fake information into the student • the block-number and issuance-transaction-ID for the
record. In our scheme, universities can institute further checks transaction that validates the specific degree
against insider malfeasance by deploying schemes like multi- • the complete authentication path for the particular degree
signature wallets. This strategy requires the cooperation of in the Merkle tree, i.e. all the sibling-hashes on the path
additional personnel in different departments within the uni- leading up to the tree root
versity to successfully create a valid transaction, for instance,
The second QR code, denoted id/transcript_code, can be
the examination departments for the students’ schools as well
used to verify the student’s identity and the contents of
as the university registrar.
her transcript, and encodes id/transcript_info, i.e. contents
The insertion of the transaction in the blockchain serves of student’s identity document or identification number, and
as to accredit the student credentials with the accreditation complete contents of her transcript. This code can be printed
body. on the student’s degree or transcript as per requirements.
c) Issuance of the Physical Certificates: The physical We consider QR code specifications in detail in §. IV.
certificates of the credentials and transcripts contain printed Next we describe the verification process for students and
QR codes, enabling users to validate the information using the employers.
batch_Merkle_root on the blockchain.
Merkle trees have a useful property in that individual data C. Verification of the Credential
items in the original set over which the tree is computed
may be verified independently of the other data items if the The verification process for contents of the degree and of
‘authentication path’ for the individual data items are available, the the identity and transcript data is very similar.
i.e. those sibling nodes in the tree that share the same parent, Contents of the degree are verified by scanning the de-
on the path from the data item to the root. As an example, gree_code using a verification app, imprinted on the physical
in Fig. 4, Alice’s degree can be authenticated by hashing the copy of the degree or if embedded into a resume. The step-
contents of the degree, concatenating a hash of her transcript wise verification process is depicted in Fig. 6.
and identity documents, and then reconstructing the path up First, the user’s app computes degree_info’ using the plain-
to the root, using the sibling nodes 2 (shaded in Fig. 4), and text degree contents information in the degree_code. de-
then verifying that the signature on the transaction belongs gree_info’ and id/transcript_info are then concatenated and
to the university. All the information that a user requires to hashed. The result is then repeatedly concatenated with the
undertake this process is embedded in the QR codes imprinted appropriate sibling nodes and hashed to reconstruct Merkle
on the degree certificate. We describe these next. tree, i.e. batch_Merkle_root’. The app then queries the Cer-
berus blockchain (using the block number and transaction
The first QR code, denoted degree_code, is used to verify
ID in degree_code) and checks if batch_Merkle_root matches
the contents of the degree certificate, and encodes the follow-
batch_Merkle_root’ which it has computed. If the match is
ing data:
positive, the contents of the degree are successfully verified.
Transcript contents are verified in a similar manner:
2 For illustration purposes, the figure shows, a Merkle tree of height 4 and
The id/transcript_code is scanned, and a id/tran-
the sibling hashes on the authentication path are also 4. The number of sibling
hashes on the authentication path, are always equal to the height of the Merkle script_info’ generated by the app by hashing the plain-
tree text transcript data in the [Link] the verifier manu-
 8

Contract Rules Engine Contract Implementation Engine

Inputs: An {} Inputs: D H , P H
Revoking Authority-List (An ): r = Rules Engine (adressRulesEngine)
On receiving (A) Revoke Document (D H ):
if ( [Link] ∈ An {}): call [Link] ([Link])
An {} := A U An {} if ([Link] ([Link])=true):
else return (PH)
A ∈ An{} , has x 2 public keys else
Rules ([Link]): terminate process
if ( A ∈ An {} & A has not previously revoked the same Confirm Revocation (P H ):
document): call [Link] ([Link])
Revoke count := Revoke count ++ if ([Link] ([Link])=true & Revoke count = re-
return (true) quiredCount):
else call Revoke List (DH)
Revoke count := Revoke count else
terminate process
An {} = Revoking Authority-List Revoke-List (D H ):
A = Revoking Authority Revoke-List{} := D H U Revoke List{}
E = any Entity in the Ecosystem Output: ”PH”, Revoke-List

Figure 7: Rules Engine D H = Hash of Document P H = Process Hash required-

Count = revocation count required for successful revoca-
tion
ally enters the student’s identity document number. These
two items are concatenated and hashed to obtain a Figure 8: Implementation Engine
H(id/transcript_info’). If this regenerated H(id/transcript_info’
matches the H(id/transcript_info) (used earlier when verifying
the contents of the degree) then the transcript content is also • Batch revocation is also possible in case the degree status
verified. of an entire batch of students needs to be revoked (may
happened if the university fails to meet quality assurance
D. Revoking a Credential criteria or if any irregularities are discovered by the
university or accreditation body).
Now that we’ve discussed degree issuance and verification,
we are in a position to describe the revocation process. In To revoke a credential, a node in the Authority-List initiates
certain cases, universities or accreditation bodies may choose the revocation procedure, by invoking the Implementation
to revoke degrees. Cerberus implements efficient on-chain Engine and providing the student_info’. In case of batch
multiparty revocation using smart contracts. The revocation revocation, (batch_Merkle_root) is provided.
process involves two smart contracts, the Rules Engine which b) Implementation Engine:
defines the precise rules according to which credentials may
be revoked, Figure 7 and the Implementation Engine, which • This contract verifies that student_info’ matches one of
enforces these rules. These contracts are summarized in Fig. 8. the existing certificates on the blockchain.
The addresses of these contracts are explicitly embedded in • The contract then verifies that the node is listed in the
the original transaction made by the university to register the Authority-List and issues a process-hash for the certifi-
credential as described earlier. cate, and increments a revocation counter.
a) Rules Engine: • A second node in the Authority-List, using the process-
hash generated in the previous step, also invokes the
• Only predefined nodes (belonging to the accreditation Implementation Engine.
body and/or university) can execute this contract and • The Implementation Engine after verifying that the calling
participate in the revocation procedure. These nodes are node is listed in the Authority-List, increments the revoke
listed in an Authority-List. count again. It now stores student_info in a Revoke-List.
• Revocation must be approved by at least 2 nodes, in the
Authority-List. The verification process for the degree needs to be slightly
• The university and the accreditation body each have two modified to check for revocation status. In this case, the user’s
pairs of keys. Revocation may be undertaken individually smartphone app invokes the Implementation Engine present in
by the university or the accreditation body, or by both. the transaction. This contract checks if student_info’ is listed
• A node in the Authority-List can only sign the revocation in the Revocation-list. If so, then it declares the credential as
of a certificate once. revoked.
 9

IV. Prototype QR code specification and size. The equation for calculating
the minimum size of the QR code is as follows: Minimum
The Accreditation Body and University nodes were run on
Size=(Scanning Distance/Distance Factor)x(Data Density/25)
desktop computers with the following specifications: CPU:
[90]. For our calculation the Distance Factor =10 was as-
Intel Core i7-3517U @ 1.90 GHz, Physical Memory: 4 GB
signed.
DDR3 1600 MHz, OS: Ubuntu 13.04.e
The Students, Employers and Observers, can either use, a Students Merkle Tree Sibling degree_code Scanning QR Code
desktop computers, a laptop or even a smart phone. For our in batch Height Hashes Size Distance Size
prototype we used one of each with the following specifica-
tions 2” 0.808”
50 6 192 bytes 406 bytes
4” 1.616”
• Desktop CPU: Intel Core i7-3517U @ 1.90 GHz, Phys-
ical Memory: 4 GB DDR3, OS: Ubuntu 13.04.e 2” 0.832”
100 7 224 bytes 438 bytes
• Laptop CPU: Intel Core i3-7100U @ 2.40 GHz, Physical 4” 1.664”
Memory: 8 GB DDR3, OS: Microsoft Windows 10 Pro 2” 0.904”
10.0.17134 200 8 256 bytes 470 bytes
4” 1.808”
• Smartphone CPU: 1.2GHz dual-core Qualcomm Snap-
2” 0.904”
dragon 410, Physical Memory: 1 GB , OS: Android 4.4.4 500 9 288 bytes 502 bytes
(KitKat); Sense UI, Main Camera: 8 MP 4” 1.808”
2” 0.936”
We implemented our protoype on Parity, an Ethereum 1000 10 320 bytes 534 bytes
Client, Version 1.10.4-stable. Parity claims to be the fastest 4” 1.872”
and most advanced Ethereum client [89]. Parity supports a 2” 0.968”
2000 11 352 bytes 566 bytes
private blockchain network configuration, through a Proof- 4” 1.965”
of-Authority consensus engine. Proof-of-Authority, a replace- 2” 0.968”
ment for Proof-of-Work, uses a set authorities - nodes that 4000 12 384 bytes 596 bytes
4” 1.965”
are explicitly allowed to create new blocks and secure the
blockchain. The transactions to become permanent record Table I: Batch Size & QR Code Specification
and included in the blockhain have to be signed off by the
predefined Authority List. This makes it easier to maintain a
private chain and keep the block issuers accountable. Ethereum V. Discussion
Virtual Machine (EVM) is the runtime environment provided A. Qualitative Analysis
by Ethereum for the efficient execution of smart-contracts. In this section we discuss how our scheme counteracts
Solidity Version 4.24, was used to code the smart contracts. common types of credential fraud described earlier in §.II-A
The data for all the students in a batch is input and converted and highlight its novel properties.
to a JSON format file. These JSON files, are input to the The permissioned blockchain architecture ensures strict
Python program for data preparation. This program deploys separation of roles and privileges among the participating
SHA256 where ever a hash function is required, such as entities, preserves the integrity and chronological ordering of
for fingerprinting the data, sibling hashes and merkle roots the credential record, and enables stakeholders to efficiently
computation etc. audit the operations of the system. If even one party on the
The required data for each QR code is input into an open- network is honest, it can detect suspicious behavior by other
source QR code generator to create the QR codes to be printed entities and raise the alarm.
on the credentials. Also an open source QR code reader was Counterfeit credentials and altered documents can easily be
embedded into our Android app, and website interface. detected using this system. A fake credential will not have
A QR (Quick Response) Code consists of black modules a corresponding record in the blockchain, whereas alterations
arranged in a square grid on a white background, that offer a of an original document will result in a different credential
unique representation of data and can be read by an imaging fingerprint which will not match the one on the blockchain.
device. There are various types of QR codes available, distin- However, our student, Alice, may bribe administrative staff
guished by the total number of black modules and the number in the university to falsify a credential on her behalf. Cerberus
of modules per unit area referred to as module density. The addresses this issue in two ways: first, due to the append-only
earliest and smallest QR code called version 1 was a 21X21 property of the blockchain, even universities and accreditation
grid, while each subsequent version increases by 4x4. Other bodies cannot insert backdated records into the ledger. Rewrit-
distinguishing features include the level of error correction ing entire blocks to retroactively add data would require the
level achieved (through redundancy of data), the size of the QR university to actively collude with the accreditation authority,
Code, scanning distance, light and angle, and camera quality. and this activity would be visible to all other parties on the
It can encode numeric, alphanumeric and byte data. [90]. Each blockchain.
hash is 32 bytes long. At best, Alice, can influence staff members to insert a
The amount of data in degree_code and id/transcript_code falsified record for her in the next upcoming batch on the
(for a batch of 100 students) is estimated to be around blockchain. This concern may also be mitigated if the uni-
800 alphanumeric characters, for which Table I shows the versity were to define multi-signature policies for registering
 10

credentials on the blockchain. In this case, for example, and benchmark the performance of each platform. We refer to
creating a transaction would require the university registrar as this benchmarking study to give the reader an insight into the
well as administrative staff in the relevant department within performance of a blockchain network deployed on Parity.
the university to independently vet and sign the transaction. We mainly evaluate Parity against 4 performance metrics:
Alice would therefore have to bribe multiple disassociated throughput ( measured as the number of successful transac-
parties to procure a fake credential, which will hopefully tions per second), latency (measured as the response time
require considerably more effort. per transaction) and scalability ( measured as the changes in
Likewise, this solution would address the problem of throughput and latency when increasing number of nodes and
diploma mills. Any new university wishing to join the network number of concurrent workloads), fault tolerance (measured as
would first have to be thoroughly vetted by the accreditation how the throughput and latency change during node failure)
body which would certify the university’s public key, thereby [92].
allowing the university to make transactions. Non-approved Although Hyperledger performs consistently better than
entities such as fake universities, by default, would not be Ethereum and Parity across the benchmarks. But Hyperledger
able to publish any data on the blockchain. uses the classic PBFTprotocol, which is communication bound
Combating fake accreditation agencies is more complex, and does not scale up beyond 16 [Link], however per-
as a resourceful attacker might set up an entire blockchain forms consistently at a decent rate on all fronts including
network himself to validate his fake credentials. In the context scalability. Cerberus, was deployed using Parity which imple-
of a single nationwide or regional accreditation service, there ments a Proof of Authority (or PoA) consensus, with a pre-
should ideally be no confusion regarding which accreditation determined set of authorities and each authority is assigned a
body is legitimate. In areas where accreditation services are fixed time slot within which it can generate blocks.
privatized, the situation can perhaps be mitigated by requiring
For Parity, Blockbench set the step Duration variable to 1,
accreditation bodies to include legitimating information on the
the confirmation length is set to 5 seconds. The experiments
blockchain itself, such as a license to operate or a statement of
were run on a 48-node commodity cluster. Each node had an
authorization from relevant government ministries or reputed
E5-1650 3.5GHz CPU, 32GB RAM,2TB hard drive, running
education watchdog bodies. The presence of reputed activist
Ubuntu 14.04 Trusty, and con-nected to the other nodes via
and watchdog bodies which have joined the network as ob-
1GB switch[91].
servers will add to the legitimacy of the accreditation body.
Cerberus has other fundamental advantages over legacy Parity was found out to process transactions at a constant
credential verification solutions. First and foremost, the rate of approximately 45 tx/s with an average latency of about
blockchain is integrated into the credential issuance process 3 seconds. It enforces a maximum client request rate at around
itself, thereby enabling accreditation-by-default in a sense. 80 tx/s. Parity’s performance remains constant as the network
The verification process consists of only a simple lookup on size and offered load increase, due to the constant transaction
the blockchain. This process dispenses with time-consuming processing rate at the servers. Interestingly, while Ethereum’s
and cumbersome paperwork that is typical in existing sys- throughput and latency degraded almost linearly beyond 8
tems and can be undertaken in real-time using computers servers, Hyperledger stops working beyond 16 servers [91].
and smartphones. Students and employers can verify the To evaluate how resilient the systems are to node failures
provenance and authenticity of credentials themselves and at due to crashing, the authors ran the systems with 8 clients for
their convenience without relying on third parties or requiring over 5 minutes, during which they killed off 4 servers at 250th
specialized technical skills or maintaining cryptographic keys. second. In Parity, each node generates blocks at a constant rate,
Privacy of student data is maintained since no actual data thus failing 4 nodes means the remaining nodes are given more
is put on the blockchain but only data fingerprints. These are time to generate moreblocks, therefore the overall throughput
computed using one-way hash functions thereby disassociating is unaffected [91].
the process of validation of the data from the data itself.
Performance Metric Total
No third party is therefore able to deduce students’ degree
details or information from the blockchain alone without also Throughput 45 transactions per second
accessing the authentication path data that is printed on the Latency 3 seconds
physical certificates. Cerberus enables the student to exercise Scalability (48 nodes) performance unaffected
personal control over this data and share it with various parties Fault Tolerance (4 nodes crashed performance unaffected
to undertake verification.
Selective disclosure is also facilitated in that the student Table II: Parity Benchmark Performance
can share an individual data item (degree data or identification
data and transcript contents) and it’s authentication path with Although experiments show the the latency of writing
a third party without having to reveal to them all the original and reading of blockchain systems is low as compared to
data items. traditional database systems [92], it is well suited to our
application, where we do not expect high transaction volumes
B. Quantitative Analysis or the need for immediate confirmation of transactions. Even
In Blockbench [91], the authors evaluate the output statistics if students graduate in at most 2 batches in a year, it would
of running a workload on Ethereum, Parity and Hyperledger be twice a year that transactions would be generated by each
 11

University. Furthermore, because of the use of the merkle tree, is little standardization. Moreover loopholes for fraud and
only a single transaction will be generated for each batch. crime persist, as documented in §. II-A.
As an estimate, let us assume that a university has It is widely acknowledged that the blockchain can play
around 20,000 students enrolled in an estimated 200 pro- a pivotal role in resolving many of these issues. Various
[Link] the number of universities in a country startups and companies now offer credential verification on
vary considerably ( 5300 in USA, 2914 in China, 789 in India, the blockchain, e.g. Appii [98], Gradba [99], Aversafe [52],
200 in Pakistan, 41 in Australia), according the structure of the Verify [100], Accredible [101], TrueRec [102], and Bcdiploma
Higher Education System and the population of the country, [103]. Efforts are also underway to build blockchain-backed
to estimate our transaction volumes, we assume that there credential verification solutions at the national level in
are 1000 such universities. If we assume that there are two Malaysia [104] and India [105].
graduating batches in a year (fall and spring), then 200,000 Academic researchers have made significant contributions
transactions will be generated biannually (as owing to the use in this domain and have proposed various new features and
of merkle trees Cerberus requires one transaction per batch). optimizations. A pioneering effort in this regard was made by
This comes down to 2.31 transactions/ second. Given that the University of Nicosia (UNIC) in 2015, when it became
Parity has a throughput of almost 45 transaction per second, the first educational institution to issue academic certificates
this transaction volume can easily be handled, also providing (for its Digital Currencies course) on the Bitcoin blockchain
enough room for scalability to cater to any growth in the [106]. Since 2017, UNIC has issued all university diplomas on
ecosystem. the Bitcoin blockchain. Their solution is to issue the student a
If we assume that all these transactions are generated in digitally signed PDF file of the credential. The hash of this file
one day (which is seldom the case), and these transactions is inserted in the OP_RETURN field of a Bitcoin transaction.
are processed at full throughput of 45 transactions/second, Another prominent example is Blockcerts, an initiative
then it will take the network 74 minutes to process all these of the MIT Media Lab, which similarly inserted credential
transactions. However a more realistic approach would be to verification information in the Bitcoin OP_RETURN field and
scatter the transactions, over an entire month, as universities the Ethereum extraData field. Blockcerts also supported batch
will generate transactions at their own schedule. However even issuance of credentials using Merkle trees.
at the worst case scenario, our system is able to withstand and
Blockcerts had two key shortcomings: first, it required
process the transaction volume.
students to maintain cryptographic keys, and, second, it main-
The reading latency of blockchain is comparable to the
tained credential revocation lists on a centralized website
reading latency of local database because reading blockchain
which could theoretically be compromised. To resolve the
is processed locally without sending transaction to the
second issue, researchers proposed Hypercerts, a distributed
blockchain network. Parity uses an account based data model,
and trustless credential revocation mechanism, which relies on
and it employs Patricia-Merkle tree that supports efficient
Ethereum smart contracts and the InterPlanetary File System
update and search operations. Thus, the feature of real-time
(IPFS), a decentralized data storage solution [107].
verification can be supported easily.
Solutions that followed contributed further to developing
Number of Universities 1000 scope, features, and application. For instance, EduCTX pro-
Number of Programmes Offered 200 poses a unified global higher education credit and grading
system based on the European Credit Transfer and Accu-
Transactions generated at Graduation 200X1000=200,000
mulation System (ECTS), in which coins are transferred on
Load divided over a day 2.31 transactions/second
the blockchain to signify academic study credits attained by
Time taken to process transactions (at 45 txs) 74 minutes students [54]. This solution, built on the ARK platform, also
Table III: Cerberus Transaction Volumes and Throughput requires students to maintain cryptographic keys.
Estimate EchoLink stores user identities and academic credentials on-
chain via smart contracts for a range of blockchain platforms,
Cerberus also significantly improves on state-of-the-art including Ethereum, AntShares, Metaverse, etc. [108] It’s goal
blockchain-based credential verification solutions proposed in is to build a professional networking and recruiting platform,
the literature. We discuss these next. providing easy access to a pool of vetted candidates. EchoLink
does not have a revocation mechanism.
UZHBC (University of ZuricH BlockChain) is a
VI. Related Work
blockchain-based verification system, specifically for diplomas
Legacy credential verification procedures typically rely issued by the University of Zurich [109]. It uses the public
on university databases and unique codes (pin numbers and Ethereum blockchain and employs a smart contract for both
hashing) and anti-counterfeiting technology to establish the issuance and verification functions, and accepts a PDF of the
credibility of a document [93], [94], [95]. Some solutions asso- credential as input. Likewise, Blockchain for Education also
ciate user profiles and education records with a single identity uses the public Ethereum blockchain and smart contracts for
[96] [97]. These systems have numerous weaknesses: there is access control and certificate management [53]. The Interplan-
systematic redundancy, tedious paperwork, and cumbersome etary Filesystem supplements this system by providing users
processes, resulting in extensive effort, cost, and delays. There access to profile information of certification authorities.
 12

Scheme System Features Security Features Usability

n
io

t
re

en
ct

su

em
te

lo

e
ro

nc

ag
isc

cy
n

itP

rie

ty
tio

an
D
n

en
n

ili
io

fe
tio

pe
ita

yM
ar
e

ib
at

er

iv

Ex
ca
d

sp

ss
ac

Ke
c

t
re

un
ifi

ec
vo

ce
an
iv

se
c

l
Co

No
Ac

Re

Ac
Pr
Ve

Se

Tr

U
UNIC[106] - G
# G
# -
Blockcerts*[55] - G
# G
# - -
Hypercert[107] - G
# G
# - -
Echo†[108] - G
# G
# - - G
# - G
#
UZHBC†[109] - G
# G
# -
EduCtx†[54] G
# - G
# #
G - G
#
Blockchain for G
# -
Education†[53]
Cerberus
= provides property; G
#= partially provides property; - = does not provide property
†= has academic publication; * = end-user tool available

Table IV: Summary comparison of various solutions

These systems have various limitations: for instance, UNIC it is on-chain and is a multi-party scheme, making it harder
and UZHBC are limited in scope to their parent institution and to abuse. Cerberus also maintains privacy of user data and
EchoLink is only available to registered users. Most of these offers students the novel facility of selective disclosure of their
solutions do not incorporate accreditation bodies (with the verification information as per requirements.
notable exception of EduCTX and Blockchain for Education), A key advantage of Cerberus over prior solutions is in terms
which leaves open the issue of university staff falsifying of usability. Verification is an intuitive process which simply
records and the problem of diploma mills. requires scanning QR codes. Users do not have to maintain
Most of these systems preserve privacy of student data. digital identities or cryptographic credentials. QR codes are
EchoLink is the notable exception since it is recruiting plat- easy and intuitive to use. Students can even distribute the codes
form and offers viewing access to registered users. on their resumes and circulate them publicly if they choose,
The issue of scalability is only addressed by Blockcerts, enabling verification without the physical credential.
which offers a batch issuance mechanism. Other systems rely Finally, Cerberus is a private and permissioned system,
on separate transactions per student which add to transaction which, in contrast to public blockchains, enables more stream-
costs and contribute to blockchain-bloat when deployed on lined management and enforcement of policy and rules, and
public blockchains. the system can be upgraded to cater to the changing require-
Moreover, the significant problem of certificate revocation, ments of the ecosystem.
is only satisfactorily addressed by two systems: Hypercerts
which relies on the InterPlanetary File System network, and by VII. Future Work
Blockchain for Education which claims to use smart contracts Here we describe possibilities for enhancing Cerberus and
for revocation (implementation details are not provided). adding new features.
In addition, many systems, notably Blockcerts, EchoLink One straightforward addition is to link multiple credentials
and EduCTX, require students and verifiers to maintain cryp- or qualifications undertaken by a student such that verifying
tographic credentials or digital identities to participate in the the most recent one ensures that all her previous credentials
ecosystem and avail the verification service. This complicates are also genuine. This can be easily incorporated, by including
the user experience as has been documented in multiple studies hashes of the earlier credentials in the transaction for her
in the literature. recent credential. This would simplify the verification process
We compare key properties of these solutions with our work in cases multiple qualifications in the candidate’s history need
in IV. Cerberus makes significant new contributions: for one, to be verified.
our solution adheres closely to the established ecosystem and Second, Cerberus is a private network, and as an additional
enables an extra layer of oversight by incorporating accred- integrity check, periodic snapshots of the Cerberus blockchain
itation authorities and independent observer and watchdog can be anchored to a public blockchain, such as Bitcoin,
bodies. This is an effective check against documented real- Ethereum etc. A convenient option for the snapshot would
world problems such as that of corrupt university staff and the be the hash of the latest block. This provides security against
phenomenon of diploma mills. malicious forks and history revision attacks if all parties in the
Cerberus relies on batch issuance and is therefore scalable network collude and insert data retroactively in the blockchain
and can function as a university, consortium, or national- [117]. Blocks may only be considered part of the canonical
level solution. Our revocation scheme is also unique in that record if they build on top of the most recent block snapshots.
 13

Furthermore, as blockchain-based solutions permeate man- [6] Schweinhart, L., and Z. Xiang. "Evidence that the High/Scope Perry
agement and governance structures (as has been predicted Preschool program prevents adult crime." In American Society of Crimi-
nology Conference. 2003.
[118]), we anticipate there will be solutions for various public [7] Verba, Schlozman. "Brady 1995 Verba S., Schlozman KL, Brady HE
records (e.g. identity-information, health, education, driving Voice and Equality." (1995).
license, passport, criminal records, etc.). This may eventually [8] Reimers, Fernando. "Citizenship, identity and education: Examining the
public purposes of schools in an age of globalization." Prospects 36, no.
give rise to overarching records management systems, which 3 (2006): 275-294.
link multiple blockchains in the background as sidechains to a [9] Barro, Robert J. "Human capital and growth." American economic review
main chain, enabling them to securely and efficiently exchange 91, no. 2 (2001): 12-17.
[10] Cardenas-Denham, Sergio. "Corruption in Education: A Review of the
information and present a unified and integrated platform. Literature." PhD diss., Harvard Graduate School of Education, 2007.
A relevant example is IndiaChain, a high-level blockchain [11] Transparency International. Global corruption re-
platform with which other sidechains are expected to interface port: Education. Taylor & Francis, 2013. Available:
[Link]
[105]. Various sidechain protocols have been proposed to _education. [Accessed: 11- Sep- 2018].
date [110] [111] [112] include prominent projects such as [12] Grolleau, Gilles, Tarik Lakhal, and Naoufel Mzoughi. "An introduction
Rootstock [113] and Elements [114] that are sidechains linking to the economics of fake degrees." Journal of Economic Issues 42, no. 3
(2008): 673-693.
to the Bitcoin network. This architecture introduces modularity
[13] "Cat Gets MBA Degree - Money News Story - WCAU
in the system as well as obvious advantages of scalability and | Philadelphia", [Link], 2019. [Online]. Available:
interoperability. Whereas interoperability protocols are still at [Link]
a nascent stage in their development [115] [116], it would /money/3975070/[Link]. [Accessed: 19- Feb- 2019].
[14] "Education: Sending Degrees to the Dogs", [Link], 2019. [Online].
be interesting to devise integration solutions for Cerberus in a Available: [Link] ,954229-
unified platform and investigate new features and opportunities 1,[Link]. [Accessed: 19- Feb- 2019].
of such a step. [15] "Lying on your resume", Monster Career Advice, 2018. [Online]. Avail-
able: [Link]
[Accessed: 28- Feb- 2018].
[16] D. Davis, "Unizulu professor’s murder linked to fake PhD syndicate at
VIII. Conclusion university", Briefly, 2019. [Online]. Available: [Link]
[Link]. [Ac-
Credential fraud is a widespread and pervasive practice cessed: 19- Feb- 2019].
that undermines confidence in educational institutions, impairs [17] Ezell, A. (2015, November 10). The “Axact” Scam and the Big Busi-
social development, and involves significant economic costs. ness of Credential Fraud [webinar]. American Association of Collegiate
Registrars and Admissions Officers
Unfortunately, legacy credential verification systems are time-
[18] "Doctors fake degrees score reaches 38", [Link], 2019.
consuming, costly, and cumbersome. Moreover, they are not [Online]. Available: [Link]
very effective against certain widespread corrupt practices, doctors-fake-degrees-score-reaches-38. [Accessed: 19- Feb- 2019].
including fraud on the part of educational institutions and [19] C. Turner, "NHS consultants and nurses accused of buying
fake degrees online", The Telegraph, 2019. [Online]. Available:
accreditation bodies. [Link]
In this paper we have proposed Cerberus, a comprehen- accused-buying-fake-degrees-online/. [Accessed: 19- Feb- 2019].
sive blockchain-based solution which counters widespread in- [20] "24 PIA pilots held fake degrees, CAA informs SC | The
Express Tribune", The Express Tribune, 2019. [Online]. Available:
stances of fraud, as well as offers dramatic improvements over [Link]
legacy systems in terms of usability and efficiency. Cerberus caa-informs-sc/. [Accessed: 19- Feb- 2019].
also offers distinct benefits over existing blockchain-based so- [21] "Fake degree holders deserve no compassion: CJP | The
Express Tribune", The Express Tribune, 2019. [Online]. Available:
lutions proposed in the literature and in industry. Our solution [Link]
integrates effectively with the existing credential verification [Accessed: 19- Feb- 2019].
ecosystem, it includes a novel on-chain credential revocation [22] "Politicians, Fake Degrees and Plagiarism | Inside
Higher Ed", [Link], 2018. [Online]. Available:
mechanism, and does not require students or employers to [Link]
maintain cryptographic credentials. degrees-and-plagiarism. [Accessed: 05- Dec- 2018].
We hope this work contributes positively to ongoing and [23] "Breaking down Russia’s culture of fake degrees", Radio National, 2016.
[Online]. Available: [Link]
future efforts towards alleviating the phenomenon of credential /latenightlive/breaking-down-russias-culture-of-fake-degrees/7482698.
fraud. [Accessed: 19- Feb- 2019].
[24] "SA MP resigns over fake degree", BBC News, 2019. [Online]. Avail-
able: [Link] [Accessed: 19-
References Feb- 2019].
[25] "China Qualifications Verification", [Link], 2019. [Online].
[1] Haveman, Robert, and Timothy Smeeding. "The role of higher education Available: [Link] [Accessed: 19- Feb- 2019].
in social mobility." The Future of children (2006): 125-150. [26] "Degree Attestation System", [Link], 2019. [Online]. Available:
[2] Brown, Phillip. "Education, opportunity and the prospects for social [Link]
mobility." British Journal of Sociology of Education 34, no. 5-6 (2013): %20System/Pages/[Link]. [Accessed: 19- Feb- 2019].
678-700. [27] [Link], 2019. [Online]. Available: [Link] [Ac-
[3] Hanushek, Eric A., and Ludger Woessmann. "Education and economic cessed: 19- Feb- 2019].
growth." Economics of education (2010): 60-67. [28] "Home | Council for Higher Education Accreditation", [Link], 2019.
[4] Hanushek, Eric A., and Dennis D. Kimko. "Schooling, labor-force quality, [Online]. Available: [Link] [Accessed: 19- Feb- 2019].
and the growth of nations." American economic review 90, no. 5 (2000): [29] "Tertiary Education Quality and Standards Agency", [Link], 2019.
1184-1208. [Online]. Available: [Link] [Accessed: 19- Feb- 2019].
[5] Coulombe, Serge, Jean-François Tremblay, and Sylvie Marchand. Liter- [30] "Apostille Convention", [Link], 2018. [Online]. Available:
acy scores, human capital and growth across fourteen OECD countries. [Link] [Accessed: 15- Sep-
Ottawa: Statistics Canada, 2004. 2018].
 14

[31] (IAU), "World Higher Education Database (WHED) Portal", [Link], [56] "Check visa details and conditions", [Link], 2019.
2018. [Online]. Available: [Link] [Accessed: 15- Sep- [Online]. Available: [Link]
2018]. visa/check-visa-details-and-conditions/check-conditions-online. [Accessed:
[32] R. Garner, "A third of employers never check job applicants’ 19- Feb- 2019].
qualifications,", The Independent, 2014. [Online]. Available: [57] "Use the Employer Checking Service", [Link], 2019. [Online]. Avail-
[Link] able: [Link] [Ac-
of-employers-never-check-job-applicants-qualifications-survey-finds- cessed: 19- Feb- 2019].
[Link]. [Accessed: 12- Sep- 2018]. [58] "Home", E-Verify, 2019. [Online]. Available: [Link]
[33] London, "Aversafe Meets Global Market Needs – Aversafe", Aversafe, [Accessed: 19- Feb- 2019].
2018. [Online]. Available: [Link] [59] Zaretskiy, Yury. "Fake Academic Degrees in the 18th Century?." (2016).
market-needs-6a7489ef67fe. [Accessed: 12- Sep- 2018]. [60] Johnson, Creola. "Credentialism and the proliferation of fake degrees:
[34] "Ripple - One Frictionless Experience To Send Money Globally | The employer pretends to need a degree; the employee pretends to have
Ripple", Ripple, 2019. [Online]. Available: [Link] [Accessed: one." Hofstra Lab. & Emp. LJ 23 (2005): 269.
19- Feb- 2019]. [61] N. Clarke, "Understanding Transnational Education, Its Growth
[35] "Stellar - Develop the world’s new financial system", Stellar, 2019. and Implications - WENR", WENR, 2018. [Online]. Available:
[Online]. Available: [Link] [Accessed: 19- Feb- 2019]. [Link]
[36] "Binded: Copyright made simple", [Link], 2018. [Online]. Avail- transnational-education-its-growth-and-implications. [Accessed: 11-
able: [Link] [Accessed: 15- Feb- 2018] Sep- 2018].
[62] S. Trines, "Academic Fraud, Corruption, and Implications
[37] "Artists & Creators | ascribe", ascribe, 2018. [Online]. Available:
for Credential Assessment", WENR, 2018. [Online]. Available:
[Link] [Accessed: 15- Feb- 2018]
[Link]
[38] "[Link]", [Link], 2018. [Online]. Available: for-credential-assessment. [Accessed: 11- Sep- 2018].
[Link] [Accessed: 11- Jan- 2018] [63] Mohamedbhai, Goolam. "The scourge of fraud and corruption in higher
[39] "Proof of Existence", [Link], 2018. [Online]. Available: education." International Higher Education 84 (2016): 12-14.
[Link] [Accessed: 05- Dec- 2018]. [64] Cohen, Eyal Ben, and Rachel Winch. "Diploma and accreditation mills:
[40] J. Young, "Sweden Officially Started Using Blockchain to Register New trends in credential abuse." Bedford: Verifile Accredibase (2011).
Land and Properties", Cointelegraph, 2019. [Online]. Available: [65] Ezell, Allen, and John Bear. Degree mills: The billion-dollar industry
[Link] that has sold over a million fake diplomas. Pyr Books, 2005.
to-register-land-and-properties. [Accessed: 19- Feb- 2019]. [66] Bear, John. Degree Mills: The Billion-Dollar Industry That Has Sold
[41] "Blockchain | Smart Dubai", [Link], 2019. [Online]. Avail- Over a Million Fake Diplomas. Prometheus Books, 2012.
able: [Link] [Accessed: 19- Feb- [67] Henry, "University of Wales abolished after visa
2019]. scandal", [Link], 2018. [Online]. Available:
[42] Ølnes, Svein, and Arild Jansen. "Blockchain Technology as s Support [Link]
Infrastructure in e-Government." In International Conference on Electronic [Link]. [Accessed: 04- Dec- 2018].
Government, pp. 215-227. Springer, Cham, 2017. [68] G Altbach, P. (2012). Taking on corruption in international
[43] Hou, Heng. "The Application of Blockchain Technology in E- higher education. [online] University World News. Available at:
Government in China." In Computer Communication and Networks (IC- [Link]
CCN), 2017 26th International Conference on, pp. 1-4. IEEE, 2017. [Accessed 28 Feb. 2019].
[44] Azaria, Asaph, Ariel Ekblaw, Thiago Vieira, and Andrew Lippman. [69] "Degree certificate racket thrives in Ben-
"Medrec: Using blockchain for medical data access and permission man- galuru", The Hindu, 2018. [Online]. Available:
agement." In Open and Big Data (OBD), International Conference on, pp. [Link] /degree-certificate-racket-
25-30. IEEE, 2016. thrives-in-bengaluru/[Link]?utm_content=buffer69bc3&utm_medium=social
[45] Xia, Qi, Emmanuel Boateng Sifah, Kwame Omono Asamoah, Jianbin [Link]&utm_campaign=buffer. [Accessed: 04- Dec- 2018].
Gao, Xiaojiang Du, and Mohsen Guizani. "MeDShare: Trust-Less Medical [70] Gitanjali, B. "Academic dishonesty in Indian medical colleges." Journal
Data Sharing Among Cloud Service Providers via Blockchain." IEEE of postgraduate medicine 50, no. 4 (2004): 281.
Access 5 (2017): 14757-14767. [71] “Tomar’s law degree is indeed fake, Smriti’s case is different.” 9 June.
[46] Mettler, Matthias. "Blockchain technology in healthcare: The revolution Available: [Link]
starts here." In e-Health Networking, Applications and Services (Health- fake-smritis-case-is-different/[Link] (Accessed 04- Dec- 2018).
com), 2016 IEEE 18th International Conference on, pp. 1-3. IEEE, 2016. [72] "CVC Nigeria - Committee of Vice Chancellors of Nigerian
[47] Shae, Zonyin, and Jeffrey JP Tsai. "On the Design of a Blockchain Universities.", [Link], 2018. [Online]. Available:
Platform for Clinical Trial and Precision Medicine." In Distributed Com- [Link] [Accessed: 04- Dec- 2018].
puting Systems (ICDCS), 2017 IEEE 37th International Conference on, [73] D. Schemo, "Diploma Mill Concerns Extend Be-
pp. 1972-1980. IEEE, 2017. yond Fraud", [Link], 2018. [Online]. Available:
[48] "Blockfreight, Inc. [BFT:XCPC]", Blockfreight, Inc. [BFT:XCPC], [Link] [Accessed:
2019. [Online]. Available: [Link] [Accessed: 19- Feb- 04- Dec- 2018].
2019]. [74] Barigaba, J. (2016). Uganda: Scandal - How Ugandan Varsity Awarded
1,000 Sudan Sudanese Degrees in Months. [online] All Africa. Available at:
[49] "Everledger | A Digital Global Ledger", [Link], 2018. [Online].
[Link] [Accessed 28 Feb. 2019].
Available: [Link] [Accessed: 7- Jan- 2018]
[75] D. Asad, "Axact CEO, 22 others sentenced to 20 years in
[50] "Agora", Agora, 2019. [Online]. Available: [Link] jail in fake degrees case", [Link], 2018. [Online]. Available:
[Accessed: 19- Feb- 2019]. [Link] [Accessed: 04- Dec- 2018].
[51] "The Online Voting Platform of The Future - Follow My Vote", Follow [76] Cheema, U. (2018). Axact fraud case: FIA report raises
My Vote, 2019. [Online]. Available: [Link] [Accessed: questions about FIA. [online] [Link]. Available at:
19- Feb- 2019]. [Link]
[52] "Decentralized credential verification", Aversafe - Decentralized Cre- raises-questions-about-fia [Accessed 28 Feb. 2019].
dential Verification, 2018. [Online]. Available: [Link] [77] "FIA probing fake degrees attestation by HEC of-
[Accessed: 05- Dec- 2018]. ficials", [Link], 2019. [Online]. Available:
[53] Kolvenbach, Sabine, Rudolf Ruland, Wolfgang Gräther, and Wolfgang [Link]
Prinz. "Blockchain 4 Education." In Proceedings of 16th European Con- attestation-by-hec-officials. [Accessed: 20- Feb- 2019].
ference on Computer-Supported Cooperative Work-Panels, Posters and [78] Stecklow, S. (2017). Exclusive: Chinese firm withdraws
Demos. European Society for Socially Embedded Technologies (EUSSET), from U.S. effort to fight college.... [online] U.S. Available at:
2018. [Link]
[54] Turkanović, Muhamed, Marko Hölbl, Kristjan Košič, Marjan Heričko, [Accessed 28 Feb. 2019].
and Aida Kamišalić. "EduCTX: A blockchain-based higher education [79] "Connecticut Man Pleads Guilty In Multi-Million Dollar
credit platform." IEEE Access (2018). Diploma Fraud", [Link], 2019. [Online]. Available:
[55] "Blockchain Credentials", Blockcerts, 2018. [Online]. Available: [Link]
[Link] [Accessed: 11- Jan- 2018]. multi-million-dollar-diploma-fraud. [Accessed: 20- Feb- 2019].
 15

[80] Mainelli, Michael, and Alistair Milne. "The impact and potential of [online] FactorDaily. Available at: [Link]
blockchain on the securities transaction lifecycle." (2016). like-blockchain-platform/ [Accessed 27 May 2019].
[81] Kim, Henry M., and Marek Laskowski. "Toward an ontology-driven [106] "Academic Certificates on the Blockchain", UNIC Blockchain
blockchain design for supply-chain provenance." Intelligent Systems in Initiative, 2018. [Online]. Available: [Link]
Accounting, Finance and Management 25, no. 1 (2018): 18-27. introductory-mooc/self-verifiable-certificates-on-the-bitcoin-
[82] Griggs, Kristen N., Olya Ossipova, Christopher P. Kohlios, Alessan- blockchain/academic-certificates-on-the-blockchain/. [Accessed: 10-
dro N. Baccarini, Emily A. Howson, and Thaier Hayajneh. "Healthcare Jan- 2018].
blockchain system using smart contracts for secure automated remote [107] Kim Hamilton Duffy, Learning Machine, Hypercerts: Blockcerts Re-
patient monitoring." Journal of medical systems 42, no. 7 (2018): 130. vocation Improvements- By João Santos, Instituto Superior Técnico,
[83] Clark, Jeremy, Joseph Bonneau, Edward W. Felten, Joshua A. Kroll, [108] Chen, S.X. and Team, E., Blockchain Based Professional Networking
Andrew Miller, and Arvind Narayanan. "On decentralizing prediction and Recruiting Platform.
markets and order books." In Workshop on the Economics of Information [109] Gresch, Jerinas, Bruno Rodrigues, Eder Scheid, Salil S. Kanhere, and
Security, State College, Pennsylvania. 2014. Burkhard Stiller. "The Proposal of a Blockchain-based Architecture for
[84] Eskandari, Shayan, Jeremy Clark, David Barrera, and Elizabeth Stobert. Transparent Certificate Handling."
"A first look at the usability of bitcoin key management." arXiv preprint [110] Androulaki, Elli, Christian Cachin, Angelo De Caro, and Elefthe-
arXiv:1802.04351 (2018). rios Kokoris-Kogias. "Channels: Horizontal scaling and confidentiality
[85] Krombholz, Katharina, Aljosha Judmayer, Matthias Gusenbauer, and on permissioned blockchains." In European Symposium on Research in
Edgar Weippl. "The other side of the coin: User experiences with bitcoin Computer Security, pp. 111-131. Springer, Cham, 2018.
security and privacy." In International Conference on Financial Cryptog- [111] Kokoris-Kogias, Eleftherios, Philipp Jovanovic, Linus Gasser, Nicolas
raphy and Data Security, pp. 555-580. Springer, Berlin, Heidelberg, 2016. Gailly, Ewa Syta, and Bryan Ford. "Omniledger: A secure, scale-out,
[86] "DigiLocker - Online document storage facility | National decentralized ledger via sharding." In 2018 IEEE Symposium on Security
Portal of India", [Link], 2018. [Online]. Available: and Privacy (SP), pp. 583-598. IEEE, 2018.
[Link] [112] Joseph Poon and Vitalik Buterin. "Plasma: Scalable Autonomous Smart
facility. [Accessed: 04- Dec- 2018]. Contracts" Available at: [[Link]
[87] "Penerima Ijazah Kehormat dan Ijazah Kedoktoran di Universiti [113] RSK - Smart Contract Platform Secured by the Bitcoin Network ",
Malaysia / Honorary Degree and Doctorate (PhD) Holders at Malaysian [Link], 2019. [Online]. Available: [Link] [Accessed: 30- Jun-
Universities", 2018. [Online]. Available: [Link] [Accessed: 2019].
04- Dec- 2018]. [Link] [114] "Elements", [Link], 2019. [Online]. Available:
[88] Merkle, Ralph C. "A digital signature based on a conventional encryption [Link] [Accessed: 30- Jun- 2019].
function." In Conference on the theory and application of cryptographic [115] Deng, Liping, Huan Chen, Jing Zeng, and Liang-Jie Zhang. "Research
techniques, pp. 369-378. Springer, Berlin, Heidelberg, 1987. on Cross-Chain Technology Based on Sidechain and Hash-Locking." In
[89] ”Parity Documentation - Parity Technologies”, [Link], 2018. International Conference on Edge Computing, pp. 144-151. Springer,
[Online]. Available: [Link] [Accessed: 29- Sep- 2018]. Cham, 2018.
[90] [Link]. (2019). Information capacity and versions of QR [116] Kan, Luo, Yu Wei, Amjad Hafiz Muhammad, Wang Siyuan, Gao
Code | [Link] | DENSO WAVE. [online] Available at: Linchao, and Hu Kai. "A multiple blockchains architecture on inter-
[Link] [Accessed 25 Jun. 2019]. blockchain communication." In 2018 IEEE International Conference on
[91] Dinh, Tien Tuan Anh, Ji Wang, Gang Chen, Rui Liu, Beng Chin Software Quality, Reliability and Security Companion (QRS-C), pp. 139-
Ooi, and Kian-Lee Tan. "Blockbench: A framework for analyzing private 145. IEEE, 2018.
blockchains." In Proceedings of the 2017 ACM International Conference [117] Barber, Simon, Xavier Boyen, Elaine Shi, and Ersin Uzun. "Bitter to
on Management of Data, pp. 1085-1100. ACM, 2017. better—how to make bitcoin a better currency." In International Conference
on Financial Cryptography and Data Security, pp. 399-414. Springer,
[92] Dinh, Tien Tuan Anh, Rui Liu, Meihui Zhang, Gang Chen, Beng
Berlin, Heidelberg, 2012.
Chin Ooi, and Ji Wang. "Untangling blockchain: A data processing
[118] ansiti, M. and R. Lakhani, K. (2017). The Truth About Blockchain. [on-
view of blockchain systems." IEEE Transactions on Knowledge and Data
line] Harvard Business Review. Available at: [Link]
Engineering 30, no. 7 (2018): 1366-1385.
truth-about-blockchain [Accessed 1 Jul. 2019].
[93] Sharma, Smita. "Certisafe, a novel Credential Authentication Process
and System (CAPS)." U.S. Patent Application 14/349,363, filed March
12, 2015. Appendix
[94] Malkawi, Mohammad Isam. "Counterfeit Prevention and Detection of
University and Academic Institutions Documents Using Unique Codes."
U.S. Patent Application 15/594,615, filed December 7, 2017. contract Rules {
[95] Digital Credential Service | Parchment", Parchment, 2018. [Online].
Available: [Link] [Accessed: 04- Dec- 2018]. uint public m_required;
[96] "Badgr", [Link], 2018. [Online]. Available: [Link] [Ac- uint public m_numOwners;
cessed: 04- Dec- 2018]. uint[256] m_owners;
[97] "Open Badges Homepage", [Link], 2018. [Online]. Available: uint constant c_maxOwners = 4;
[Link] [Accessed: 04- Dec- 2018]. mapping(uint => uint) m_ownerIndex;
[98] "World’s first blockchain career verification platform | APPII", APPII, mapping(bytes32 => PendingState) m_pending;
2018. [Online]. Available: [Link] [Accessed: 05- Dec- 2018].
bytes32[] m_pendingIndex;
[99] T. team, "Gradbase - Instantly Verify Qualifications", [Link], 2018.
[Online]. Available: [Link] [Accessed: 17- Jan- 2018].
[100] Zabar, Ed Adi. "Verification System." U.S. Patent Application struct PendingState {
14/231,852, filed October 9, 2014. uint yetNeeded;
[101] "Home", Accredible, 2018. [Online]. Available: uint ownersDone;
[Link] [Accessed: 05- Dec- 2018]. uint index;
[102] Tummuru, Nethaji, Surbhi Sheth-Shah, Michael Kunzmann, Sanjay }
Shirole, and Jun Meng. "Decentralized credentials verification network."
U.S. Patent Application 15/385,479, filed March 22, 2018. event Confirmation(address owner, bytes32
[103] BCDiploma", [Link], 2018. [Online]. Available: operation);
[Link] [Accessed: 05- Dec- 2018].
[104] A. Abas, "University consortium set up to authenticate degrees
modifier onlyowner {
using blockchain technology", [Link], 2018. [Online]. Available:
[Link] if (isOwner([Link]))
consortium-set-authenticate-degrees-using-blockchain. [Accessed: 27- _;
Jun- 2019]. }
[105] Bansia, M., Murali, A., Murali, A. and Sen, S. (2019). India readies
its biggest deep tech bet yet: a UPI-like blockchain platform | FactorDaily. modifier onlymanyowners(bytes32 _operation) {
 16

if (confirmAndCheck(_operation)) while (free < m_numOwners)

_; {
} while (free < m_numOwners &&
m_owners[free] != 0) free++;
function Rules_Contract(address[] _owners, uint while (m_numOwners > 1 &&
_required) { m_owners[m_numOwners] == 0) m_numOwners--;
m_numOwners = _owners.length + 1; if (free < m_numOwners &&
m_owners[1] = uint([Link]); m_owners[m_numOwners] != 0 && m_owners[free] ==
m_ownerIndex[uint([Link])] = 1; 0)
for (uint i = 0; i < _owners.length; ++i) {
{ m_owners[free] =
m_owners[2 + i] = uint(_owners[i]); m_owners[m_numOwners];
m_ownerIndex[uint(_owners[i])] = 2 + i; m_ownerIndex[m_owners[free]] = free;
} m_owners[m_numOwners] = 0;
m_required = _required; }
} }
}
function isOwner(address _addr) returns (bool) {
return m_ownerIndex[uint(_addr)] > 0; function clearPending() internal {
} uint length = m_pendingIndex.length;
for (uint i = 0; i < length; ++i)
function hasConfirmed(bytes32 operationHash, if (m_pendingIndex[i] != 0)
address _owner) constant returns (bool) { delete m_pending[m_pendingIndex[i]];
var pending = m_pending[operationHash]; delete m_pendingIndex;
uint ownerIndex = m_ownerIndex[uint(_owner)]; }
if (ownerIndex == 0) return false;
uint ownerIndexBit = 2**ownerIndex; }
if ([Link] & ownerIndexBit == 0)
{ Listing 1: Revocation Scheme Rules Smart-Contract
return false;
} else {
return true; contract Revoke_Document is Rules {
}
} bytes32 public hash;
string private revoke_data;
function confirmAndCheck(bytes32 _operation) mapping (bytes32 => Transaction) m_txs;
internal returns (bool) {
uint ownerIndex = struct Transaction {
m_ownerIndex[uint([Link])]; address from;
if (ownerIndex == 0) return; string data;
var pending = m_pending[_operation]; }
if ([Link] == 0) {
[Link] = m_required; event SingleTransact(address owner, string data);
[Link] = 0;
[Link] = m_pendingIndex.length++; event MultiTransact(address owner, bytes32
m_pendingIndex[[Link]] = operation, string data);
_operation;
} event ConfirmationNeeded(bytes32 operation,
uint ownerIndexBit = 2**ownerIndex; address initiator, string data);
if ([Link] & ownerIndexBit == 0)
{ function Revoking_Doc_Contract(address[]
Confirmation([Link], _operation); _owners, uint _required)
if ([Link] <= 1) { Rules_Contract(_owners, _required) {
delete }
m_pendingIndex[m_pending[_operation].index];
delete m_pending[_operation]; function revoke_doc(string _data) onlyowner
return true; returns (bytes32) {
} if ([Link] != 0) {
else SingleTransact([Link], _data);
{ return 0;
[Link]--; }
[Link] |= ownerIndexBit; hash = sha3([Link], [Link]);
} if (!confirm_revocation(hash,_data) &&
} m_txs[hash].from == 0) {
} m_txs[hash].from = [Link];
m_txs[hash].data = _data;
function reorganizeOwners() private returns ConfirmationNeeded(hash, [Link],
(bool) { _data);
uint free = 1; }
 17

return hash;
}

function getRevokeData() view returns (string){

return revoke_data;
}

function confirm_revocation(bytes32 _hash,

string data_) onlymanyowners(_hash)
returns (bool) {
if (hash == _hash) {
MultiTransact([Link], _hash,
m_txs[_hash].data);
delete m_txs[_hash];
revoke_data = data_;
return true;
}
}

function clearPending() internal {

uint length = m_pendingIndex.length;
for (uint i = 0; i < length; ++i)
delete m_txs[m_pendingIndex[i]];
[Link]();
}
}

Listing 2: Revoking Document Smart-Contract

Aamna Tariq received her BE degree in Electrical

Engineering from Air University Islamabad, Pak-
istan in 2015. She did her MS in Information Tech-
nology from SEECS, NUST, Pakistan in 2018. She
is currently Research Associate at Devices and Net-
work Security Lab, NCCS, Pakistan. Her research
interests include blockchain and smart contracts,
computer networks, network security and IoT.

Hina Binte Haq received her Bachelors in Telecom-

munication (Electrical) Engineering from MCS,
NUST, Pakistan in 2011. She completed her MS in
Information Security from SEECS, NUST, Pakistan
in 2018. She is currently pursuing her Ph.D. in Infor-
mation Security, from SEECS, NUST, Pakistan. Her
research interests include blockchain, information
theory, cryptography and machine learning.

Syed Taha Ali obtained his BSc. (Eng) from GIK

Institute, Pakistan in 2002 and M.S., and Ph.D.
in Electrical Engineering from University of New
South Wales, Australia, in 2006 and 2012 respec-
tively. He is currently Assistant Professor at SEECS,
NUST, Pakistan. His research interests include com-
puter networks, network security, digital currencies.