信息网络安全 ›› 2024, Vol. 24 ›› Issue (6): 863-878.doi: 10.3969/j.issn.1671-1122.2024.06.005

• 密码专题 • 上一篇    下一篇

基于区块链的可验证可撤销属性加密方案

郭瑞1,2, 杨鑫1,2(), 王俊茗1,2   

  1. 1.西安邮电大学网络空间安全学院,西安 710121
    2.西安邮电大学无线网络安全技术国家工程研究中心,西安 710121
  • 收稿日期:2024-03-06 出版日期:2024-06-10 发布日期:2024-07-05
  • 通讯作者: 杨鑫 xin_27334313@163.com
  • 作者简介:郭瑞(1984—),男,河南,副教授,博士,CCF会员,主要研究方向为属性加密、云计算及区块链安全|杨鑫(1996—),男,陕西,硕士研究生,主要研究方向为属性加密、区块链|王俊茗(1999—),男,陕西,硕士研究生,主要研究方向为数据共享、区块链
  • 基金资助:
    国家自然科学基金(62072369);陕西省创新能力支持计划(2020KJXX-052);陕西省自然科学基金(2024JC-YBMS-545);陕西省重点研发计划(2020ZDLGY08-04)

Verifiable and Revocable Attribute Encryption Scheme Based on Blockchain

GUO Rui1,2, YANG Xin1,2(), WANG Junming1,2   

  1. 1. School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
    2. National Engineering Research Center for Secured Wireless, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
  • Received:2024-03-06 Online:2024-06-10 Published:2024-07-05

摘要:

针对电子医疗系统在数据共享中存在的隐私泄露与用户权限管理问题,以及云存储服务器可能返回不完整、不正确的密文结果,文章提出了一种基于区块链的可验证可撤销属性加密方案。该方案利用密文策略属性加密技术,确保了电子病历系统中共享数据的机密性,实现了隐私数据的细粒度访问控制。同时,利用变色龙哈希函数设计了用户撤销算法,使得非授权用户无法继续访问共享数据。此外,利用密码累加器设计了结果验证算法,交由部署在区块链上的智能合约执行,确保了云服务器返回给用户数据的正确性与完整性。在安全性方面,证明了该方案的密文信息在选择明文攻击下是不可区分的。最后,使用JPBC密码库和Hyperledger Fabric区块链平台对文章所提方案与同类方案进行模拟仿真,结果表明该方案在密钥生成、加解密及用户撤销阶段均具有较高的计算效率。

关键词: 区块链, 属性加密, 数据共享, 外包解密, 用户撤销

Abstract:

In view of the issues of privacy leakage and user rights management in data sharing in electronic medical systems, and the fact that cloud storage servers may return incomplete and incorrect ciphertext results, this paper proposed a verifiable and revocable attribute encryption scheme based on blockchain. This solution used ciphertext-policy attribute-based encryption technology to ensure the confidentiality of shared data in the electronic medical record system and achieve fine-grained access control of private data. At the same time, a user revocation algorithm was designed using the chameleon hash function so that unauthorized users cannot continue to access shared data. In addition, a result verification algorithm was designed using a cryptographic accumulator, which was executed by a smart contract deployed on the blockchain to ensure the correctness and integrity of the data returned to the user by the cloud server. In terms of security, it is proved that the ciphertext information of this scheme was indistinguishable under a chosen plaintext attack. Finally, the JPBC cryptographic library and Hyperledger Fabric blockchain platform were used to simulate the scheme proposed in this article and similar schemes. The results show that this scheme has high computational efficiency in the key generation, encryption, decryption and user revocation stages.

Key words: blockchain, attribute-based encryption, data sharing, outsourced decryption, user revocation

中图分类号: