Blockchain-based decentralized attribute-based encryption scheme for revocable attributes

doi:10.11772/j.issn.1001-9081.2023020138

Abstract

Abstract:

For the problems of existing Attribute-Based Encryption （ABE） schemes， such as low efficiency of attribute revocation and difficulty in coordinating the distribution and revocation of user attribute keys， a Blockchain-based Decentralized Attribute-Based Encryption for Revocable attributes （BRDABE） scheme was proposed. Firstly， the consensus-driven blockchain architecture was used to map the trust issue of key distribution from the attribute authority to the distributed ledger， and smart contracts were used to record the status of user attributes and data sharing and assist the attribute authority to realize the user attribute revocation. When revoking a user’s attribute， the smart contracts were used by the attribute authority to automatically screen out the involved data owners and non-revoked authorized users and computed the ciphertext update key and key update key related to the revoked attribute， and the off-chain ciphertext and key update was realized. Then， the version key and the user’s global identity were embedded in the attribute private key， so that the identities in the session key ciphertext and the user’s attribute private key were able to cancel each other out when the user decrypted. Based on reasonable assumptions， BRDABE scheme was proved to resist the collusion attack of users and satisfy the forward and backward security of user attribute revocation. Experimental results show that with the increase of the number of user attributes， the time of user key generation， encryption and decryption and attribute revocation increase linearly. In the case of the same number of attributes， compared with DABE （Decentralizing Attribute-Based Encryption） scheme BRDABE scheme has the decryption time reduced by 94.06% to 94.75%， and compared with EDAC-MCSS （Effective Data Access Control for Multiauthority Cloud Storage Systems） scheme， BRDABE scheme has the attribute revocation time reduced by 92.19% to 92.27%. Therefore， BRDABE scheme not only improves the efficiency of attribute revocation， but also guarantees the forward and backward security of shared data.

Key words: Attribute-Based Encryption (ABE), attribute revocation, access control, outsourced computing, blockchain

摘要：

针对现有属性基加密（ABE）方案存在的属性撤销效率低以及用户属性密钥的分发和撤销难以协调等问题，提出一种基于区块链可撤销属性的去中心化属性基加密（BRDABE）方案。首先，利用共识驱动的区块链构架将密钥分发的信任问题从属性权威映射到分布式账本上，并利用智能合约记录用户属性和数据共享的状态以及协助属性权威实现用户属性的撤销。当撤销用户的属性时，属性权威利用智能合约自动筛选出所涉及的数据所有者和未撤销授权的用户，并生成与撤销属性相关的密文更新钥和密钥更新钥，链下进行密文和密钥更新。其次，将版本钥和用户全局身份嵌入属性私钥，在用户解密时，使会话密钥密文和用户属性私钥中的身份能够相互抵消。基于合理假设，证明BRDABE方案能抵抗用户的合谋攻击，且满足用户属性撤销的前向和后向安全性。实验结果表明，随着用户属性个数的增加，用户密钥生成、加密解密和属性撤销的时间呈线性增长。当属性个数相同时，与DABE（Decentralizing Attribute-Based Encryption）相比，BRDABE的解密时间缩短了94.06%~94.75%；与EDAC-MCSS（Effective Data Access Control for Multiauthority Cloud Storage Systems）相比，BRDABE的属性撤销时间缩短了92.19%~92.27%。因此，BRDABE方案不仅提高了属性撤销的效率，而且保障了共享数据的前向和后向安全性。

关键词: 属性基加密, 属性撤销, 访问控制, 外包计算, 区块链

CLC Number:

TP309

Haiying MA, Jinzhou LI, Jikun YANG. Blockchain-based decentralized attribute-based encryption scheme for revocable attributes[J]. Journal of Computer Applications, 2023, 43(9): 2789-2797.

马海英, 李金舟, 杨及坤. 基于区块链可撤销属性的去中心化属性基加密方案[J]. 《计算机应用》唯一官方网站, 2023, 43(9): 2789-2797.

Figures/Tables 7

Fig. 1 Structure of model

Tab. 1 Storage overhead comparison of different schemes

实体	EDAC-MCSS	SEM-ACSIT	BRDABE
AA _k	$(n k + 3) G$	$(n k + 2) G$	$(n k + 2) G$
AAM	—	$2 N A + ∑ k = 1 N A n k G$	—
Owner	$3 N A + 1 + ∑ k = 1 N A n k G$	\|G\|	\|G\|
User	$3 N A + 1 + ∑ k = 1 N A n k, j G$	$N A + 1 + ∑ k = 1 N A n k, j G$	$N A + 1 + ∑ k = 1 N A n k, j G$
CServer	$(3 t c + 2 + N A) G$	$(3 t c + 2 + L u) G$	$(3 t c + 2 + N A) G$

Tab. 1 Storage overhead comparison of different schemes

实体	EDAC-MCSS	SEM-ACSIT	BRDABE
AA _k	$(n k + 3) G$	$(n k + 2) G$	$(n k + 2) G$
AAM	—	$2 N A + ∑ k = 1 N A n k G$	—
Owner	$3 N A + 1 + ∑ k = 1 N A n k G$	\|G\|	\|G\|
User	$3 N A + 1 + ∑ k = 1 N A n k, j G$	$N A + 1 + ∑ k = 1 N A n k, j G$	$N A + 1 + ∑ k = 1 N A n k, j G$
CServer	$(3 t c + 2 + N A) G$	$(3 t c + 2 + L u) G$	$(3 t c + 2 + N A) G$

Tab. 2 Computating overhead comparison of different schemes

方案	密钥生成	加密	解密	属性撤销
方案	密钥生成	加密	解密	密钥更新	密文更新
DABE	E+m	A_E（2m+2p+3E）	A_E（2m+2p+E）	—	—
BDABE	5E	A_E（p+4E）	m+A_E（m+p）	—	—
DAC-MCSS	3E+2m	A_E（p+3E+2m）	m+E	E+2m	A_E（E+m）
SEM-ACSIT	2E+2m	A_E（p+3E+2m）	m+E	2E+2m	A_E（E+m）
BRDABE	3E+2m	2A_E（p+E+m）	m+E	m	A_E（m）

Tab. 3 Comparison of key generation time of different schemes

AA管理的属性数	不同方案的密钥生成时间/s
AA管理的属性数	DABE	BDABE	BRDABE
10	2.92	10.62	5.58
15	4.39	16.75	7.73
20	5.84	21.38	9.76

Tab. 4 Comparison of encryption time of different schemes

加密时的属性数	不同方案的加密时间/s
加密时的属性数	DABE	BRDABE
10	13.57	13.26
15	20.64	20.49
20	27.38	26.84

Tab. 5 Comparison of decryption time of different schemes

密文中的属性数	不同方案的解密时间/s
密文中的属性数	DABE	BDABE	BRDABE
10	5.56	0.97	0.33
15	8.60	1.20	0.46
20	11.63	1.68	0.61

Tab. 6 Comparison of attribute revocation time of different schemes

撤销的属性数	不同方案的撤销时间/s
撤销的属性数	SEM-ACSIT	EDAC-MCSS	BRDABE
10	312.15	263.04	20.33
15	405.56	382.34	30.11
20	534.67	514.38	40.15

References 19

1	LEWKO A， WATERS B. Decentralizing attribute-based encryption［C］// Proceedings of the 2011 Annual International Conference on the Theory and Applications of Cryptographic Techniques， LNCS 6632. Berlin： Springer， 2011： 568-588.
2	马海英，曾国荪. 可追踪并撤销叛徒的属性基加密方案［J］. 计算机学报， 2012， 35（9）：1845-1855. 10.3724/sp.j.1016.2012.01845
	MA H Y， ZENG G S. An attribute-based encryption scheme for traitor tracing and revocation together［J］. Chinese Journal of Computers， 2012， 35（9）： 1845-1855. 10.3724/sp.j.1016.2012.01845
3	WATERS B. Ciphertext-policy attribute-based encryption： an expressive， efficient， and provably secure realization［C］// Proceedings of the 2011 International Workshop on Public Key Cryptography， LNCS 6571. Berlin： Springer， 2011： 53-70.
4	WANG Z J， MA H Y， WANG J H. Attribute-based online/offline encryption with outsourcing decryption［J］. Journal of Information Science and Engineering， 2016， 32（6）： 1595-1611.
5	YANG K， JIA X H， REN K， ZHANG B， et al. DAC-MACS： effective data access control for multiauthority cloud storage systems［J］. IEEE Transactions on Information Forensics and Security， 2013， 8（11）： 1790-1801. 10.1109/tifs.2013.2279531
6	HONG J N， XUE K P， LI W. Comments on "DAC-MACS： effective data access control for multiauthority cloud storage systems"/security analysis of attribute revocation in multiauthority data access control for cloud storage systems［J］. IEEE Transactions on Information Forensics and Security， 2015， 10（6）： 1315-1317. 10.1109/tifs.2015.2407327
7	XIONG S M， NI Q， WANG L M， et al. SEM-ACSIT： secure and efficient multiauthority access control for IoT cloud storage［J］. IEEE Internet of Things Journal， 2020， 7（4）： 2914-2927. 10.1109/jiot.2020.2963899
8	DENG H， QIN Z， WU Q H， et al. Revocable attribute-based data storage in mobile clouds［J］. IEEE Transactions on Services Computing， 2022， 15（2）： 1130-1142. 10.1109/tsc.2020.2984757
9	GREEN M， HOHENBERGER S， WATERS B. Outsourcing the decryption of ABE ciphertexts［C］// Proceedings of the 20th USENIX Security Symposium. Berkeley： USENIX Association， 2011： No.34. 10.1109/ms.2011.67
10	MING Y， HE B K， WANG C H. Efficient revocable multi-authority attribute-based encryption for cloud storage［J］. IEEE Access， 2021， 9： 42593-42603. 10.1109/access.2021.3066212
11	GE C P， SUSILO W， BAEK J， et al. Revocable attribute-based encryption with data integrity in clouds［J］. IEEE Transactions on Dependable and Secure Computing， 2022， 19（5）： 2864-2872. 10.1109/tdsc.2021.3065999
12	ALI M， SADEGHI M R， LIU X M. Lightweight revocable hierarchical attribute-based encryption for Internet of Things［J］. IEEE Access， 2020， 8： 23951-23964. 10.1109/access.2020.2969957
13	李燕，马海英，王占君. 区块链关键技术的研究进展［J］. 计算机工程与应用， 2019， 55（20）：13-23， 100. 10.3778/j.issn.1002-8331.1906-0013
	LI Y， MA H Y， WANG Z J. Research progress on key technologies of blockchain［J］. Computer Engineering and Applications， 2019， 55（20）： 13-23， 100. 10.3778/j.issn.1002-8331.1906-0013
14	XU J， XUE K P， TIAN H Y， et al. An identity management and authentication scheme based on redactable blockchain for mobile networks［J］. IEEE Transactions on Vehicular Technology， 2020， 69（6）： 6688-6698. 10.1109/tvt.2020.2986041
15	LUO X Y， XUE K P， XU J， et al. Blockchain based secure data aggregation and distributed power dispatching for microgrids［J］. IEEE Transactions on Smart Grid， 2021， 12（6）： 5268-5279. 10.1109/tsg.2021.3099347
16	SUN J F， XIONG H， ZHANG S F， et al. A secure flexible and tampering-resistant data sharing system for vehicular social networks［J］. IEEE Transactions on Vehicular Technology， 2020， 69（11）： 12938-12950. 10.1109/tvt.2020.3015916
17	HUANG H P， ZHU P， XIAO F， et al. A blockchain-based scheme for privacy-preserving and secure sharing of medical data［J］. Computers and Security， 2020， 99： No.102010. 10.1016/j.cose.2020.102010
18	MA H Y， HUANG E X， LAM K Y. Blockchain-based mechanism for fine-grained authorization in data crowdsourcing［J］. Future Generation Computer Systems， 2020， 106： 121-134. 10.1016/j.future.2019.12.037
19	BRAMM G， GALL M， SCHÜTTE J. Blockchain-based distributed attribute-based encryption［C］// Proceedings of the 15th International Joint Conference on e-Business and Telecommunications. Setúbal： SciTePress， 2018： 99-110. 10.5220/0006852602650276

[1]	Wanzhen CHEN, En ZHANG, Leiyong QIN, Shuangxi HONG. Privacy-preserving federated learning algorithm based on blockchain in edge computing [J]. Journal of Computer Applications, 2023, 43(7): 2209-2216.
[2]	Luyu CHEN, Xiaofeng MA, Jing HE, Shengzhi GONG, Jian GAO. Blockchain smart contract privacy authorization method based on TrustZone [J]. Journal of Computer Applications, 2023, 43(6): 1969-1978.
[3]	Meng CAO, Sunjie YU, Hui ZENG, Hongzhou SHI. Hierarchical access control and sharing system of medical data based on blockchain [J]. Journal of Computer Applications, 2023, 43(5): 1518-1526.
[4]	Yihan WANG, Chen TANG, Lan ZHANG. Anti-fraud and anti-tampering online trading mechanism for bulk stock [J]. Journal of Computer Applications, 2023, 43(4): 1309-1317.
[5]	Juncheng TONG, Bo ZHAO. Review on blockchain smart contract vulnerability detection and automatic repair [J]. Journal of Computer Applications, 2023, 43(3): 785-793.
[6]	Dong SUN, Biao WANG, Yun XU. Design and implementation of block transmission mechanism based on remote direct memory access [J]. Journal of Computer Applications, 2023, 43(2): 484-489.
[7]	Shumin TANG, Yu JIN. Consensus mechanism of voting scheme in blockchain based on Chinese remainder theorem [J]. Journal of Computer Applications, 2023, 43(2): 458-466.
[8]	PANG Xiaoqiong, WANG Yunting, CHEN Wenjun, JIANG Pan, GAO Yanan. Fair and verifiable multi-keyword ranked search over encrypted data based on blockchain [J]. Journal of Computer Applications, 2023, 43(1): 130-139.
[9]	WANG Jindong, LI Qiang. Improved practical Byzantine fault tolerance consensus algorithm based on Raft algorithm [J]. Journal of Computer Applications, 2023, 43(1): 122-129.
[10]	Yangnan GUO, Wenbao JIANG, Shuai YE. Supervisable blockchain anonymous transaction system model [J]. Journal of Computer Applications, 2022, 42(9): 2757-2764.
[11]	Wei LIU, Cong ZHANG, Wei SHE, Xuan SONG, Zhao TIAN. Data trusted traceability method based on Merkle mountain range [J]. Journal of Computer Applications, 2022, 42(9): 2765-2771.
[12]	Hongliang TIAN, Jiayue WANG, Chenxi LI. Data storage scheme based on hybrid algorithm blockchain and node identity authentication [J]. Journal of Computer Applications, 2022, 42(8): 2481-2486.
[13]	Xu WANG, Yumin SHEN, Xiaoyun XIONG, Peng LI, Jinlong WANG. Data management method for building internet of things based on Hashgraph [J]. Journal of Computer Applications, 2022, 42(8): 2471-2480.
[14]	Jingyu SUN, Jiayu ZHU, Ziqiang TIAN, Guozhen SHI, Chuanjiang GUAN. Attribute based encryption scheme based on elliptic curve cryptography and supporting revocation [J]. Journal of Computer Applications, 2022, 42(7): 2094-2103.
[15]	Jie ZHANG, Shanshan XU, Lingyun YUAN. Internet of things access control model based on blockchain and edge computing [J]. Journal of Computer Applications, 2022, 42(7): 2104-2111.