Tongxin xuebao (Jun 2022)
Ciphertext policy hidden access control scheme based on blockchain and supporting data sharing
Abstract
Objectives: Although the traditional attribute-based encryption scheme achieves one-to-many access control,there are still challenges such as single point of failure,low efficiency,no support for data sharing,and privacy leakage.To solve these problems,a ciphertext policy hidden access control scheme based on blockchain and supporting data sharing is proposed. Methods:Firstly,an efficient attribute vector and policy vector generation algorithm is proposed using vector compression technology, which judges whether user attributes satisfy the access policy through the inner product operation result of attribute vector and policy vector.Afterwards, the prime order bilinear group and attribute encryption technology were used to achieve fine-grained access control while avoiding the leakage of user attribute values; using the interstellar file system to store the ciphertext and storing the hash address of the ciphertext on the blockchain through a smart contract,it realizes distributed and reliable access control and reduces the storage overhead of the blockchain. The revocation function is realized by maintaining the revocation list in the revocation contract,which avoids the abuse of the user's private key.Finally, data sharing is realized by combining the proxy re-encryption technology. Results: Security analysis and simulation result analysis is carried out for the scheme. Firstly, based on the asymmetric decisional bilinear Diffie-Hellman,the ciphertext indistinguishability of the scheme in the access control phase and the data sharing phase is proved. Secondly, the proposed scheme is compared with some access control schemes with similar technologies in recent years in terms of group order,access structure,policy hiding and so on,it can be seen from the comparison results that the scheme in this paper has certain advantages in terms of functional characteristics.Afterwards,the cost of deploying contracts and executing related functions on the blockchain is evaluated.The results show that the gas cost of the scheme in this paper is within a reasonable range.The final simulation results show that the proposed scheme has high efficiency in both the access control stage and the data sharing stage.According to the design of the existing paper comparative experiments,we set the number of attributes to 0-20.In the access control stage, the initialization time, key generation time, encryption time and decryption time are compared with other schemes.The results show that although the computational overhead of the proposed scheme is relatively large in the initialization stage, the efficiency in the key generation stage, encryption stage and decryption stage is higher than that of the other three schemes, so the proposed scheme has higher efficiency in the access control stage.In the data sharing stage, the re-encryption time and re-decryption time are compared with other schemes, respectively. The results show that the proposed scheme has high efficiency in both the re-encryption stage and the re-decryption stage.The scheme in this paper has a constant number of pairings in the decryption stage and the re-decryption stage,so the decryption time and the re-decryption time are small and the changes are not obvious with the increase of the number of attributes. Conclusions: The ciphertext policy hiding access control scheme based on blockchain and supporting data sharing constructed in this paper solves the problems of single point of failure, low efficiency, non-support for data sharing and privacy leakage in traditional attribute-based encryption schemes.Firstly,the attribute vector and policy vector generation algorithm proposed in this paper not only supports AND-gates on+/-,but also supports AND-gates on multi-valued attributes by extension. Secondly, the distributed management of ciphertext is realized by using Ethereum and Interstellar file system.Afterwards,the use of prime order bilinear groups improves the pairing efficiency of bilinear pairs and realizes data sharing by combining proxy re-encryption technology.
