基于区块链的可问责可验证外包分层属性加密方案

doi:10.19678/j.issn.1000-3428.0069378

计算机工程 ›› 2025, Vol. 51 ›› Issue (3): 24-33. doi: 10.19678/j.issn.1000-3428.0069378

基于区块链的可问责可验证外包分层属性加密方案

蒋淇淇¹^,², 张亮³, 彭凌祺⁴, 阚海斌¹^,²^,⁵^,*()

1. 复旦大学计算机科学技术学院上海市智能信息处理重点实验室, 上海 200433
2. 上海市区块链工程技术研究中心复旦-众安区块链与信息安全联合实验室, 上海 200433
3. 海南大学网络空间安全学院(密码学院), 海南海口 570228
4. 上海华虹计通智能系统股份有限公司, 上海 201206
5. 复旦大学义乌研究院, 浙江义乌 322000

收稿日期:2024-02-20 出版日期:2025-03-15 发布日期:2025-03-27
通讯作者: 阚海斌
基金资助:
国家重点研发计划(2019YFB2101703); 国家自然科学基金(62272107); 国家自然科学基金(62302129); 上海市科技创新行动计划(21511102200); 广东省重点领域研发计划(2020B0101090001); 海南省重点研发项目(ZDYF2024GXJS030)

Accountable and Verifiable Outsourced Hierarchical Attribute Encryption Scheme Based on Blockchain

JIANG Qiqi¹^,², ZHANG Liang³, PENG Lingqi⁴, KAN Haibin¹^,²^,⁵^,*()

1. Shanghai Key Laboratory of Intelligent Information Processing, School of Computer Science, Fudan University, Shanghai 200433, China
2. Fudan-Zhongan Joint Laboratory of Blockchain and Information Security, Shanghai Engineering Research Center of Blockchain, Shanghai 200433, China
3. School of Cyberspace Security (School of Cryptology), Hainan University, Haikou 570228, Hainan, China
4. Shanghai Huahong Jitong Smart System Co., Ltd., Shanghai 201206, China
5. Yiwu Research Institute, Fudan University, Yiwu 322000, Zhejiang, China

Received:2024-02-20 Online:2025-03-15 Published:2025-03-27
Contact: KAN Haibin

摘要/Abstract

摘要：

大数据时代的到来与信息种类的丰富对数据的受控共享提出了更加细粒度的要求, 基于属性的分布式加密(DABE)可以支持多个参与方之间的数据细粒度访问控制。时兴的物联网数据共享场景对于数据的跨域访问、透明可信度与可控性都有着更高需求, 传统的基于属性的加密(ABE)方案的计算开销对于资源有限的小型设备造成了一定的负担。为了解决上述问题, 提出一种基于区块链的可问责可验证外包分层属性加密方案。该方案支持数据跨域流通, 通过区块链技术保障数据流通的透明度与可信性, 引入可验证凭证(VC)概念解决用户身份认证问题, 借助外包思想将复杂的加解密过程造成的负担分散给外包计算节点, 最终利用分层思想实现更加细粒度的数据访问控制。安全性分析表明, 该方案可以抵抗选择明文攻击。通过使用Docker模拟算力有限的小型设备进行实验, 结果表明该方案相较现有方案具有更低的计算开销, 在属性个数为30时各个算法的计算开销不超过2.5 s, 平均开销为1 s, 适用于资源受限的应用场景。

关键词: 基于属性的加密, 区块链, 跨域访问, 外包解密, 可验证凭证

Abstract:

With the advent of the big data era, the proliferation of information types has increased the requirements for controlled data sharing. Decentralized Attribute-Based Encryption (DABE) has been widely studied in this context to enable fine-grained access control among multiple participants. However, the Internet of Things (IoT) data sharing scenario has become mainstream and requires more data features, such as cross-domain access, transparency, trustworthiness, and controllability, whereas traditional Attribute-Based Encryption (ABE) schemes pose a computational burden on resource-constrained IoT devices. To solve these problems, this study proposes an accountable and verifiable outsourced hierarchical attribute-based encryption scheme based on blockchain to support cross-domain data access and improve the transparency and trustworthiness of data sharing using blockchain. By introducing the concept of Verifiable Credential (VC), this scheme addresses the issue of user identity authentication and distributes the burden of complex encryption and decryption processes to outsourced computing nodes. Finally, using a hierarchical structure, fine-grained data access control is achieved. A security analysis has demonstrated that the proposed scheme can withstand chosen-plaintext attacks. Simulation results on small IoT devices with limited resources using Docker have shown that the proposed scheme has a lower computational overhead than existing schemes. For up to 30 attributes, the computation costs have not exceeded 2.5 s for any of the algorithms, and the average cost is approximately 1 s, making the scheme suitable for resource-constrained IoT devices.

Key words: Attribute-Based Encryption(ABE), blockchain, cross-domain access, outsourced decryption, Verifiable Credential (VC)

蒋淇淇, 张亮, 彭凌祺, 阚海斌. 基于区块链的可问责可验证外包分层属性加密方案[J]. 计算机工程, 2025, 51(3): 24-33.

JIANG Qiqi, ZHANG Liang, PENG Lingqi, KAN Haibin. Accountable and Verifiable Outsourced Hierarchical Attribute Encryption Scheme Based on Blockchain[J]. Computer Engineering, 2025, 51(3): 24-33.

https://www.ecice06.com/CN/Y2025/V51/I3/24

图/表 8

图1 方案通用流程

Fig.1 General process of the scheme

图2 本地加密算法运行开销

Fig.2 Running overhead of local encryption algorithm

图3 外包解密算法运行开销

Fig.3 Running overhead of outsourced decryption algorithm

图4 本文方案中各个算法的开销

Fig.4 Overhead of each algorithm in the proposed scheme

参考文献 24

1	FERRAIOLO D F, CUGINI J, KUHN D R. Role-Based Access Control (RBAC): features and motivations[C]//Proceedings of the 11th Annual Computer Security Application Conference. Washington D.C., USA: IEEE Press, 1995: 241-248.
2	KUHN D R , COYNE E J , WEIL T R . Adding attributes to role-based access control. Computer, 2010, 43 (6): 79- 81.
3	GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York, USA: ACM Press, 2006: 89-98.
4	JIANG R , KANG Y J , LIU Y S , et al. A trust transitivity model of small and medium-sized manufacturing enterprises under blockchain-based supply chain finance. International Journal of Production Economics, 2022, 247, 108469. doi: 10.1016/j.ijpe.2022.108469
5	DU M X , CHEN Q J , XIAO J , et al. Supply chain finance innovation using blockchain. IEEE Transactions on Engineering Management, 2020, 67 (4): 1045- 1058. doi: 10.1109/TEM.2020.2971858
6	CHEN Y W , MENG L H , ZHOU H , et al. A blockchain-based medical data sharing mechanism with attribute-based access control and privacy protection. Wireless Communications and Mobile Computing, 2021 (1): 1- 12.
7	QIAN H L , LI J G , ZHANG Y C , et al. Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. International Journal of Information Security, 2015, 14 (6): 487- 497. doi: 10.1007/s10207-014-0270-9
8	LI J G , ZHANG Y C , NING J T , et al. Attribute based encryption with privacy protection and accountability for CloudIoT. IEEE Transactions on Cloud Computing, 2022, 10 (2): 762- 773. doi: 10.1109/TCC.2020.2975184
9	YANG K , JIA X H . Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Transactions on Parallel and Distributed Systems, 2014, 25 (7): 1735- 1744. doi: 10.1109/TPDS.2013.253
10	CHEN Z N, ZHANG L G, ZHANG S, et al. Access control scheme on blockchain and decentralized attributed-based algorithm with identity[EB/OL]. [2024-01-16]. https://www.semanticscholar.org/paper/Cloud-Storage-Data-Access-Control-Scheme-Based-on-Yang-Chen/0083245cb5c3a830645863cc6a6d804414c2b496.
11	ZHANG L Y , REN J , MU Y , et al. Privacy-preserving multi-authority attribute-based data sharing framework for smart grid. IEEE Access, 2020, 8, 23294- 23307. doi: 10.1109/ACCESS.2020.2970272
12	SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2005: 457-473.
13	LEWKO A, WATERS B. Decentralizing attribute-based encryption[C]//Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin, Germany: Springer, 2011: 568-588.
14	LIU S H , YU J G , HU C Q , et al. Traceable multiauthority attribute-based encryption with outsourced decryption and hidden policy for CIoT. Wireless Communications and Mobile Computing, 2021 (1): 1- 16. URL
15	段亚红, 王峥, 赵涓涓, 等. 雾计算中支持解密外包的可验证属性加密方案. 计算机工程与科学, 2023, 45 (3): 443- 452. doi: 10.3969/j.issn.1007-130X.2023.03.009
	DUAN Y H , WANG Z , ZHAO J J , et al. A verifiable attribute encryption scheme supporting decryption outsourcing in fog computing. Computer Engineering & Science, 2023, 45 (3): 443- 452. doi: 10.3969/j.issn.1007-130X.2023.03.009
16	方子旋, 曹素珍, 闫俊鉴, 等. 智慧医疗环境下白盒可追溯的CP-ABE方案. 计算机工程, 2023, 49 (3): 142- 150. doi: 10.19678/j.issn.1000-3428.0065713
	FANG Z X , CAO S Z , YAN J J , et al. White-box traceable CP-ABE scheme in smart healthcare environment. Computer Engineering, 2023, 49 (3): 142- 150. doi: 10.19678/j.issn.1000-3428.0065713
17	ZIEGLER D, MARSALEK A, PALFINGER G. White-box traceable attribute-based encryption with hidden policies and outsourced decryption[C]//Proceedings of the IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Washington D.C., USA: IEEE Press, 2021: 331-338.
18	LI Y, ZHANG Q Y, CHENG J, et al. Attribute-based verifiable outsourcing decryption encryption scheme in IIoT[C]//Proceedings of the International Conference on Networking and Network Applications (NaNA). Washington D.C., USA: IEEE Press, 2023: 332-338.
19	郭瑞, 魏鑫, 陈丽. 工业物联网环境下可外包的策略隐藏属性基加密方案. 信息网络安全, 2023, 23 (3): 1- 12. URL
	GUO R , WEI X , CHEN L . An outsourceable and policy-hidden attribute-based encryption scheme in the IIoT system. Netinfo Security, 2023, 23 (3): 1- 12. URL
20	BODKHE U , TANWAR S , PAREKH K , et al. Blockchain for industry 4.0: a comprehensive review. IEEE Access, 2020, 8, 79764- 79800. doi: 10.1109/ACCESS.2020.2988579
21	SEDLMEIR J , SMETHURST R , RIEGER A , et al. Digital identities and verifiable credentials. Business & Information Systems Engineering, 2021, 63 (5): 603- 613. URL
22	BEIMEL A. Secure schemes for secret sharing and key distribution[EB/OL]. [2024-01-16]. http://www.researchgate.net/publication/274462830_Secure_schemes_for_secret_sharing_and_key_distribution_using_pell's_equation.
23	DAN B . The decision Diffie-Hellman problem. Berlin, Germany: Springer, 1998.
24	BONEH D , BOYEN X . Short signatures without random oracles and the SDH assumption in bilinear groups. Journal of Cryptology, 2008, 21 (2): 149- 177. doi: 10.1007/s00145-007-9005-7

[1]	陶静怡, 彭凌祺, 阚海斌. 支持黑名单的去中心化k次匿名属性认证[J]. 计算机工程, 2025, 51(2): 159-169.
[2]	鲁明, 陈慈发, 董方敏. 基于综合积分机制的权益证明共识算法改进研究[J]. 计算机工程, 2025, 51(1): 148-155.
[3]	王奕丰, 曾诚, 全擎宇, 王娇然, 何鹏. 基于多特征融合的智能合约缺陷检测方法[J]. 计算机工程, 2024, 50(8): 133-141.
[4]	郑清安, 董建成, 陈亮, 阮英清, 李锦松, 许林彬. 分布式可信数据管理与隐私保护技术研究[J]. 计算机工程, 2024, 50(7): 174-186.
[5]	刘寅昊, 蒋文保, 孙林昆, 王勇攀. 基于路径存储表的Hashgraph共识算法优化与实现[J]. 计算机工程, 2024, 50(6): 166-178.
[6]	旋逸昭, 赵红武, 金瑜. 一种基于双链的区块链共识机制[J]. 计算机工程, 2024, 50(5): 139-148.
[7]	王栋, 王合建, 玄佳兴, 郑尚卓, 陈炳聪. 面向电力调度指令的区块链隐私可追踪存证方案[J]. 计算机工程, 2024, 50(5): 158-166.
[8]	陈纪成, 包子健, 罗敏, 何德彪. 一种面向工业物联网的远程安全指令控制方案[J]. 计算机工程, 2024, 50(3): 28-35.
[9]	李宝莹, 李志淮, 王成爱, 杨锋. 自适应节点规模的区块链分片可扩展模型[J]. 计算机工程, 2024, 50(3): 137-147.
[10]	刘少杰, 文斌, 王泽旭. 基于联邦学习的多技术融合数据交易方法[J]. 计算机工程, 2024, 50(3): 182-190.
[11]	孙瑾, 苏文娟, 王璐, 叶克鑫. 基于联盟区块链和星际文件系统的安全租房方案[J]. 计算机工程, 2024, 50(11): 187-196.
[12]	马超, 宋琛. 计及电力数据安全的智能合约上链方法及防篡改技术研究[J]. 计算机工程, 2024, 50(10): 240-254.
[13]	倪雪莉, 马卓, 王群. 区块链矿池网络及典型攻击方式综述[J]. 计算机工程, 2024, 50(1): 17-29.
[14]	蔡梓越, 谭北海, 余荣, 黄旭民, 王思明. 面向6G物联网设备协同的区块链动态分片[J]. 计算机工程, 2024, 50(1): 50-59.
[15]	崔怀勇, 张绍华, 李超, 戴炳荣. 一种基于Schnorr签名的区块链预言机改进方案[J]. 计算机工程, 2024, 50(1): 166-173.

选择文件类型/文献管理软件名称

选择包含的内容

基于区块链的可问责可验证外包分层属性加密方案

Accountable and Verifiable Outsourced Hierarchical Attribute Encryption Scheme Based on Blockchain

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 24

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于区块链的可问责可验证外包分层属性加密方案

Accountable and Verifiable Outsourced Hierarchical Attribute Encryption Scheme Based on Blockchain

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 24

相关文章 15

编辑推荐

Metrics

本文评价