基于区块链与属性密码体制的匿名数据共享访问控制

Anonymous Data Sharing and Access Control Based on Blockchain and Attribute-Based Cryptography

信息安全和隐私保护是大数据时代的重要需求。基于身份的公钥密码体制解决了传统公钥基础设施体制的密钥管理问题,但会泄漏签名者的身份信息。传统基于属性的访问控制方案实现了主体的动态扩展和对客体的细粒度访问,但存在中心化的授权机构。为了解决上述问题,提出一种基于区块链与去中心化属性密码体制的匿名数据共享访问控制方案。利用属性签名的匿名性,在存储数据前无须已知用户身份信息即可验证数据来源的可靠性,通过属性加密实现细粒度的访问控制。采用分布式属性密码体制,使用户合作构建属性授权机构,当且仅当超过指定阈值的机构用户同意时才可进行机构创建和密钥分发。实验结果表明,该方案能抵抗合谋和重放攻击,在并发请求数为1 000~5 000和属性数为10~30的条件下,系统总响应时间不超过120 ms,最大吞吐量可达62 T/s,满足实际应用需求。

Information security and privacy protection are critical requirements in the era of big data.Identity-based cryptography is a type of public-key cryptography that solves the main management problem of the traditional public key infrastructure.However,it will leak the identity information of the signer.The traditional attribute-based access control schemes achieve the dynamic expansion of subjects and fine-grained access to objects,but a centralized authority exists.This study proposes an anonymous data sharing and access control scheme based on blockchain and Attribute-Based Cryptography(ABC)to solve the above problems.Using the anonymity of Attribute-Based Signature(ABS),the reliability of data sources can be verified without knowing the user identity information before storing the data,and fine-grained access control is achieved through Attribute-Based Encryption(ABE).The distributed ABC system is used to enable users to cooperate in building an attribute authority.Authority creation and key distribution can only be performed when the users exceed a specified threshold.The experimental results show that the scheme can resist collusion and replay attacks.Under the condition that the number of concurrent requests is 1000-5000 and the number of attributes is 10-30,the total response time of the system does not exceed 120 ms,and the maximum throughput can reach 62 T/s,which satisfy the requirements of the actual environment.