Journal of Computer Applications ›› 2023, Vol. 43 ›› Issue (9): 2789-2797.DOI: 10.11772/j.issn.1001-9081.2023020138

• Cyber security • Previous Articles     Next Articles

Blockchain-based decentralized attribute-based encryption scheme for revocable attributes

Haiying MA(), Jinzhou LI, Jikun YANG   

  1. School of Information Science and Technology,Nantong University,Nantong Jiangsu 226019,China
  • Received:2023-02-22 Revised:2023-05-04 Accepted:2023-05-08 Online:2023-09-10 Published:2023-09-10
  • Contact: Haiying MA
  • About author:LI Jinzhou, born in 1997, M. S. candidate. His research interests include information security, attribute-based encryption.
    YANG Jikun, born in 2000, M. S. candidate. His research interests include blockchain, attribute-based encryption.
  • Supported by:
    National Natural Science Foundation of China(62072259);Nantong Basic Science Research Project(JC2021128)


马海英(), 李金舟, 杨及坤   

  1. 南通大学 信息科学技术学院,江苏 南通 226019
  • 通讯作者: 马海英
  • 作者简介:李金舟(1997—),男,江苏徐州人,硕士研究生,主要研究方向:信息安全、属性基加密
  • 基金资助:


For the problems of existing Attribute-Based Encryption (ABE) schemes, such as low efficiency of attribute revocation and difficulty in coordinating the distribution and revocation of user attribute keys, a Blockchain-based Decentralized Attribute-Based Encryption for Revocable attributes (BRDABE) scheme was proposed. Firstly, the consensus-driven blockchain architecture was used to map the trust issue of key distribution from the attribute authority to the distributed ledger, and smart contracts were used to record the status of user attributes and data sharing and assist the attribute authority to realize the user attribute revocation. When revoking a user’s attribute, the smart contracts were used by the attribute authority to automatically screen out the involved data owners and non-revoked authorized users and computed the ciphertext update key and key update key related to the revoked attribute, and the off-chain ciphertext and key update was realized. Then, the version key and the user’s global identity were embedded in the attribute private key, so that the identities in the session key ciphertext and the user’s attribute private key were able to cancel each other out when the user decrypted. Based on reasonable assumptions, BRDABE scheme was proved to resist the collusion attack of users and satisfy the forward and backward security of user attribute revocation. Experimental results show that with the increase of the number of user attributes, the time of user key generation, encryption and decryption and attribute revocation increase linearly. In the case of the same number of attributes, compared with DABE (Decentralizing Attribute-Based Encryption) scheme BRDABE scheme has the decryption time reduced by 94.06% to 94.75%, and compared with EDAC-MCSS (Effective Data Access Control for Multiauthority Cloud Storage Systems) scheme, BRDABE scheme has the attribute revocation time reduced by 92.19% to 92.27%. Therefore, BRDABE scheme not only improves the efficiency of attribute revocation, but also guarantees the forward and backward security of shared data.

Key words: Attribute-Based Encryption (ABE), attribute revocation, access control, outsourced computing, blockchain


针对现有属性基加密(ABE)方案存在的属性撤销效率低以及用户属性密钥的分发和撤销难以协调等问题,提出一种基于区块链可撤销属性的去中心化属性基加密(BRDABE)方案。首先,利用共识驱动的区块链构架将密钥分发的信任问题从属性权威映射到分布式账本上,并利用智能合约记录用户属性和数据共享的状态以及协助属性权威实现用户属性的撤销。当撤销用户的属性时,属性权威利用智能合约自动筛选出所涉及的数据所有者和未撤销授权的用户,并生成与撤销属性相关的密文更新钥和密钥更新钥,链下进行密文和密钥更新。其次,将版本钥和用户全局身份嵌入属性私钥,在用户解密时,使会话密钥密文和用户属性私钥中的身份能够相互抵消。基于合理假设,证明BRDABE方案能抵抗用户的合谋攻击,且满足用户属性撤销的前向和后向安全性。实验结果表明,随着用户属性个数的增加,用户密钥生成、加密解密和属性撤销的时间呈线性增长。当属性个数相同时,与DABE(Decentralizing Attribute-Based Encryption)相比,BRDABE的解密时间缩短了94.06%~94.75%;与EDAC-MCSS(Effective Data Access Control for Multiauthority Cloud Storage Systems)相比,BRDABE的属性撤销时间缩短了92.19%~92.27%。因此,BRDABE方案不仅提高了属性撤销的效率,而且保障了共享数据的前向和后向安全性。

关键词: 属性基加密, 属性撤销, 访问控制, 外包计算, 区块链

CLC Number: