KEYWORDS: Blockchain, Computer security, Data modeling, Data storage, Data privacy, Control systems, Symmetric key encryption, Design, Matrices, Computing systems
This paper present a novel blockchain CP-ABE (Ciphertext-Policy Attribute-Based Encryption) data ciphertext sharing scheme, leveraging decentralized proxy re-encryption. It utilizes Ethereum blockchain and zero-knowledge proof technologies to develop a blockchain key management system for multiparty secure computation. This system aims to mitigate heavy computation and key leakage risks associated with traditional centralized CP-ABE systems. The approach begins with the design of a distributed master key generation and distribution protocol within the data ciphertext access control, deploying the UMBRAL-based proxy re-encryption technology on blockchain for key management system. Moreover, the paper uses ERC1155 to mint transferable NFTs for blockchain transactions in data sharing and access control. Through simulation experiments, our scheme demonstrates improved scalability in blockchain ciphertext data transactions and storage, alongside a significant decrease in the Gas costs of on-chain data asset transactions. Furthermore, our methodology not only augments the safety of distributed key management but also realizes high computational efficiency and swift query response, particularly in scenarios of high concurrency.
KEYWORDS: Blockchain, Symmetric key encryption, Data modeling, Data storage, Computer security, Algorithm development, Systems modeling, Control systems, Computing systems, Scientific research
The integration of blockchain technology with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has addressed key challenges in distributed systems, such as mutual trust and collusion, while enhancing auditability of key management. However, existing blockchain-based CP-ABE models face a trilemma, unable to achieve decentralization, scalability, and security concurrently. Therefore, we propose ZK-CPABE, which merges Zero-Knowledge Proofs with blockchain-based CP-ABE, significantly improving verifiability and scalability. This system combines a secure private key distribution and zero-knowledge proofs to construct off-chain computation and scalable transactions for CP-ABE. Our Ethereum-based ZK-CPABE prototype demonstrates its effectiveness and potential for secure, scalable data sharing and access control.
KEYWORDS: Blockchain, Grazing incidence, Computer security, Symmetric-key encryption, Data storage, Matrices, Data privacy, Information security, Distributed computing, Design and modelling
Currently, with the continuous in-depth research and application of blockchain access control, security issues on the blockchain have become a focus of attention. Based on CPABE, this paper proposes a trusted and secure blockchain access control scheme based on ciphertext policy. Firstly, a decentralized attribute-based encryption algorithm (DABE) is adopted to achieve distributed calculation of user attribute private keys, effectively solving the problems of high trust cost and single point of failure caused by the key center generating private keys in traditional CPABE. At the same time, a private key consensus verification protocol based on zero-knowledge proof is designed to ensure the correctness and security of user attribute private keys without leaking private key information. Through the analysis of on-chain security and experimental simulation, the results show that this scheme has better performance while maintaining high security and is more suitable for distributed access control with large attribute scales.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.