结合区块链和可追踪CP-ABE的数据存储与共享研究

Research on Data Storage and Sharing Combining Blockchain and Traceable CP-ABE

传统密文策略属性基加密(CP-ABE)方案为资源受限的用户在云端安全存储与共享数据时,存在计算开销大和无法追踪恶意泄露密钥的用户问题,以及中心化的云存储容易造成信任和安全问题.针对上述问题,本文提出一种结合区块链和可追踪CP-ABE的数据存储与共享方案(BTABEDSS).数据所有者将数据密文存储在IPFS上,区块链上仅存储数据的唯一标识、数据的哈希值和数据密文在IPFS检索的内容哈希值等元数据信息,既保证了数据安全可信存储与访问,又缓解了区块链的存储压力.利用智能合约和CP-ABE协同实现数据的细粒度访问控制,只有满足访问控制策略的非恶意用户才能访问共享数据.使用椭圆曲线上的标量乘运算和表达性、计算性更优的有序二元决策图(OBDD)访问结构,有效降低了系统的计算和存储开销.使用概率加密方案将用户身份信息随机化处理后嵌入用户密钥,从而实现对恶意泄露密钥的用户进行高效追踪并撤销其访问权限.安全性与实验分析表明该方案安全可行,与对比方案相比,降低了系统运行成本和开销,提升了系统操作效率.

When the traditional ciphertext policy attribute-based encryption(CP-ABE)scheme is used for resource-constrained users to safely store and share data in the cloud,there are problems such as high computational cost,inability to track malicious users who leak keys,and trust and security problems caused by centralized cloud storage.To address the above problems,this paper proposes a data storage and sharing scheme combining blockchain and traceable CP-ABE(BTABEDSS).The data owner stores the data ciphertext on IPFS,and only stores the unique identifier of the data,the hash value of the data,the content hash value of the data ciphertext retrieved on IPFS and other metadata information on blockchain,which ensures secure and trusted storage and access of data and eases the pressure on blockchain storage.Using smart contracts and CP-ABE to cooperate to achieve fine-grained access control of data,only non-malicious users who meet the access control policy can access shared data.Using the scalar multiplication operation on the elliptic curve and the more expressive and computationally better ordered binary decision diagram(OBDD)access structure,which effectively reduces the computational and storage overhead of the system.The user identity information is randomized and embedded in the user key using a probabilistic encryption scheme,so as to realize efficient tracking and revocation of access rights of the users who maliciously leak keys.Security analysis and experiment results show that the scheme is safe and feasible.Compared with the related scheme,the proposed scheme lowers the system operation cost and overhead and improves the system operation efficiency.