信息网络安全 ›› 2023, Vol. 23 ›› Issue (9): 37-46.doi: 10.3969/j.issn.1671-1122.2023.09.004

• 技术研究 • 上一篇    下一篇

基于SM9的属性加密的区块链访问控制方案

周权1(), 陈民辉2, 卫凯俊2, 郑玉龙1   

  1. 1.广州大学数学与信息科学学院,广州 510006
    2.广州大学计算机科学与网络工程学院,广州 510006
  • 收稿日期:2023-02-08 出版日期:2023-09-10 发布日期:2023-09-18
  • 通讯作者: 周权 E-mail:zhouqq@gzhu.edu.cn
  • 作者简介:周权(1971—),男,四川,副教授,博士,主要研究方向为可信计算、传感器网络安全和云计算安全|陈民辉(1998—),男,广东,硕士研究生,主要研究方向为密码学、访问控制和区块链|卫凯俊(1999—),男,广东,硕士研究生,主要研究方向为密码学、访问控制和区块链|郑玉龙(2000—),男,安徽,硕士研究生,主要研究方向为密码学、区块链和信息安全
  • 基金资助:
    国家重点研发计划(2021YFA1000600)

Blockchain Access Control Scheme with SM9-Based Attribute Encryption

ZHOU Quan1(), CHEN Minhui2, WEI Kaijun2, ZHENG Yulong1   

  1. 1. School of Mathematics and Information Science, Guangzhou University, Guangzhou 510006, China
    2. School of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou 510006, China
  • Received:2023-02-08 Online:2023-09-10 Published:2023-09-18
  • Contact: ZHOU Quan E-mail:zhouqq@gzhu.edu.cn

摘要:

信息化社会中数据的安全共享问题已引起人们的广泛关注。数据安全共享的关键是通过密码技术对数据的访问和使用加以控制,然而传统的访问控制或者公钥加密体制都已经暴露出其在数据共享上的不足,例如访问控制策略的数量易随用户规模的增大而增多,不易管理;传统的公钥加密体制需要获取每个用户的公钥信息,并需要一对一地发送密文,通信成本高;依赖第三方服务商存储数据有单点故障的风险等。为解决上述问题,文章首先引入分布式技术区块链和星际文件系统(IPFS),提出一种基于SM9的属性加密的区块链访问控制方案,实现了安全高效的一对多数据共享和细粒度的访问控制;然后,利用区块链技术使得用户数据不被纂改,实现了数据的安全存储且可审计;最后通过判定性q-PBDHE假设证明了所提方案的安全性。

关键词: SM9算法, 属性加密, 访问控制, 区块链

Abstract:

The issue of secure sharing of data in the information society has attracted a lot of attention. The key to secure data sharing is to control the access or use of data through cryptography. However, traditional access control or public key encryption systems have gradually revealed their shortcomings in data sharing, such as the number of access control policies tends to increase with the size of users, which is not easy to manage; the traditional public key encryption system needs to obtain the public key information of each user and send the cipher text one-to-one, which is costly to communicate; relying on third-party service providers to store data carries the risk of a single point of failure, etc. To solve the above problems, the paper introduced distributed technology blockchain and Interplanetary File System (IPFS), and proposed a blockchain access control scheme with SM9-based attribute encryption, which achieved secure and efficient one-to-many data sharing and fine-grained access control, while the blockchain made user data uncompiled and achieved secure storage and auditable data. Finally, the safety of the proposed scheme is proved by the deterministic q-parallel BDHE assumption.

Key words: SM9 algorithm, attribute-based encryption, access control, blockchain

中图分类号: