Journal of King Saud University: Computer and Information Sciences (Mar 2024)
Blockchain-based CP-ABE data sharing and privacy-preserving scheme using distributed KMS and zero-knowledge proof
Abstract
Nowadays, the integration of blockchain technology with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has drawn the researcher attention because it can provide key security auditing and transaction traceability in the context of data sharing. However, in a majority of existing blockchain-based CP-ABE schemes, private keys were still issued by one central authority that would lead to heavy computation, higher transaction costs, and restricted scalability within the decentralized system. To address these challenges, we present an enhancement approach towards utilizing distributed key management service (KMS) and zero-knowledge paradigms. In our improved novel blockchain system model, we define two types of blockchain nodes for the CP-ABE scheme through staking mechanism. Firstly, the proxy re-encryption nodes are introduced to offer secure multi-party management and distribution of the CP-ABE's master secret key, eliminating dependence on a central authority and producing proofs of re-encryption correctness. Secondly, the operator nodes can collect all transactional information in blockchain-based CP-ABE scheme and then send the Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARKs) proofs to verify the batch’s integrity via smart contract. Subsequently, we employ the staking economic incentive model with reward determination and slashing in the decentralized blockchain system to ensure network security. Finally, simulation results validate the effectiveness of our proposed scheme in achieving secure and efficient data sharing. Even amidst the pressure of 100 simultaneous transactions, the average response time for a single node remains at an approximate 28 s. Additionally, there is a notable decrease in on-chain gas consumption, with a gas reduction exceeding 61%. Comparative analyses further indicate that our blockchain-based CP-ABE scheme, in conjunction with a decentralized KMS, offers a superior balance between computational efficiency and functional capability.
