Enhancing Security and Flexibility in the Industrial Internet of Things: Blockchain-Based Data Sharing and Privacy Protection

To address the complexities, inflexibility, and security concerns in traditional data sharing models of the Industrial Internet of Things (IIoT), we propose a blockchain-based data sharing and privacy protection (BBDSPP) scheme for IIoT. Initially, we characterize and assign values to attributes, and employ a weighted threshold secret sharing scheme to refine the data sharing approach. This enables flexible combinations of permissions, ensuring the adaptability of data sharing. Subsequently, based on non-interactive zero-knowledge proof technology, we design a lightweight identity proof protocol using attribute values. This protocol pre-verifies the identity of data accessors, ensuring that only legitimate terminal members can access data within the system, while also protecting the privacy of the members. Finally, we utilize the InterPlanetary File System (IPFS) to store encrypted shared resources, effectively addressing the issue of low storage efficiency in traditional blockchain systems. Theoretical analysis and testing of the computational overhead of our scheme demonstrate that, while ensuring performance, our scheme has the smallest total computational load compared to the other five schemes. Experimental results indicate that our scheme effectively addresses the shortcomings of existing solutions in areas such as identity authentication, privacy protection, and flexible combination of permissions, demonstrating a good performance and strong feasibility.


Introduction
With the rapid advancement of computing, communication, and artificial intelligence technologies, a plethora of traditional internet technologies have been integrated into the Industrial Internet of Things (IIoT), significantly enhancing the rate of data transmission and sharing [1,2].The core operations in IIoT data transfer and sharing involve the interconnectivity of sensors, communication nodes, and control systems to gather, transmit, and analyze data.This data includes sensitive information about equipment status, production processes, and supply chains [3,4].However, as the IIoT increasingly merges with traditional information technologies, it faces a growing number of cybersecurity challenges [5].Due to limitations in resources and hardware, the IIoT cannot implement complex and precise security protections like traditional information systems.This makes it vulnerable to attacks during data transmission and sharing processes [6,7].
In the past year, there have been several reported incidents of data breaches involving the IIoT.For instance, the health management company Intellihartx confirmed that hackers stole the medical information and social security numbers of over half a million patients [8].The MOVEit file transfer tool (v.13.0.7,v. 13.1.5,v. 14.0.5, v. 14.1.6,v. 15.0.2) was attacked, leading to the leak of sensitive data from companies like wage service provider Zellis, British Airways, BBC, and Nova Scotia, which used the software [9].The American pharmaceutical giant PharMerica disclosed that unknown actors accessed its system in March and extracted the personal data of 5.8 million individuals [10].A ransomware Sensors 2024, 24, 1035 2 of 27 hacker group named BlackCat threatened to leak 80 GB of confidential data they claimed to have stolen from Reddit servers in February [11].According to a 2022 report by Waterfall Security Solutions, there were 57 cyber-attack incidents related to operational technology, impacting over 150 industrial operations [12].This suggests an escalation in industrial network security challenges, with projections indicating that upwards of 15,000 industrial sites may face operational cessation due to cyber incursions within the ensuing five-year period [13,14].In the event of a sustained increase in malicious attacks targeting the industrial internet, the fragility of such networks is expected to be severely threatened, potentially impacting the regular operations of the IIoT systems.[15,16].Hence, there is an urgent need to develop a convenient, flexible, and secure data sharing solution for the IIoT.
Blockchain technology, as a decentralized and secure distributed ledger system, offers a novel approach to resolving the challenges of secure data sharing within the IIoT.It provides a decentralized platform for data management and sharing, ensuring data security and privacy [17,18].The distributed and immutable nature of blockchain technology complicates hacking attempts and data tampering.Additionally, blockchain's consensus mechanism and data auditing capabilities increase the trustworthiness and transparency of data, allowing stakeholders to share and use reliable data [19,20].However, nodes in a blockchain are required to store and process all transaction data, which significantly increases the blockchain's storage and computational requirements as data volume grows [21].The inherent public and transparent nature of blockchain, where all transactions and data are accessible to participating nodes, poses challenges to protecting the privacy of the IIoT users and members [22].Although blockchain technology opens new possibilities for addressing IIoT data security sharing issues, due to these factors its direct application to the IIoT still faces some difficulties.
Addressing the outlined issues, this work combines weighted threshold secret sharing, zero-knowledge proof, and attribute-based encryption technologies to propose a blockchainbased data sharing and privacy protection (BBDSPP) scheme for the IIoT.This scheme utilizes the weighted threshold secret sharing method to characterize and assign values to attributes, achieving a flexible combination of permissions.This allows terminal members to access system data securely and flexibly.The scheme also incorporates a non-interactive zero-knowledge proof protocol to pre-authenticate data accessors, preventing unauthorized access and data leakage.Moreover, it employs the interplanetary file system (IPFS) for distributed storage of encrypted data, reducing the storage pressure on the blockchain.

Main Contributions
The main contributions of this paper can be summarized as follows: (1) Design of Data sharing Architecture: We have summarized the advantages and disadvantages of various existing data sharing schemes and analyzed the security risks associated with data sharing in the IIoT.We designed a data sharing system architecture suitable for the IIoT.This architecture comprehensively considers the flexibility, security, and scalability of data sharing.Based on blockchain technology, it achieves efficient, secure, and transparent data sharing in a decentralized manner, ensuring the confidentiality and integrity of critical data and providing a solution to the security needs of the IIoT; (2) Improvement of the Data Sharing Scheme: We assign values to attributes based on their characteristics and use a weighted threshold secret sharing scheme to improve the data sharing approach, creating a data sharing scheme with freely combinable permissions.This scheme allows terminal members to freely select the attributes for decryption.Access to specific data is granted once the attribute values meet the preset access threshold.Not only does this scheme ensure the flexibility of data sharing, but it also enhances the rigor of access control, achieving fine-grained access control in the system; (3) Implementation of Privacy Protection: Based on non-interactive zero-knowledge proof technology, we have designed a lightweight identity verification protocol to Sensors 2024, 24, 1035 3 of 27 pre-validate the identity of data accessors.This ensures that only authorized terminal members can access system data, preventing identity impersonation by unauthorized members and illegal access to sensitive data.Consequently, this secures the privacy of terminal members and the safety of data while also reducing the additional computational overhead caused by illegal access attempts; (4) Distributed Data Storage: We store a substantial amount of data on the IPFS, and only the corresponding storage addresses are recorded on the blockchain.This storage method not only ensures the security and integrity of the data but also significantly enhances data retrieval efficiency and the scalability of the system.This approach addresses the issue of insufficient storage space in traditional blockchain applications; (5) Performance Analysis and Validation: We conducted a thorough analysis of the proposed solution in terms of correctness and security, along with a comprehensive theoretical assessment of its functional characteristics and computational costs.Additionally, we validated the practical effectiveness of the solution through experimental design.The experimental results indicate that the scheme effectively overcomes the limitations found in existing data sharing approaches in critical areas such as identity authentication, privacy protection, flexible permission configuration, and off-chain storage, while also demonstrating superior performance and strong feasibility.

Organization
In Section 2, we describe the related work of this paper; in Section 3, we introduce the basic knowledge; in Section 4, we provide a detailed introduction to the BBDSPP scheme; in Section 5, we analyze the correctness and security of BBDSPP; in Section 6, we further analyze the performance of BBDSPP; and in Section 7, we summarize the content of the entire paper.

Related Work
In recent years, blockchain-based data sharing and privacy protection schemes for the IIoT have become a widely researched topic of international interest.Numerous scholars have delved into the exploration of data sharing and privacy protection [23], yielding a series of significant research achievements in these fields.Key developments in this area are outlined in Tables 1 and 2. The authors explored a unique access control scenario that enables multiple users with diverse attribute sets to acquire access permissions collaboratively.They proposed a new attribute-based access control scheme, which facilitates controlled collaborative access by designating transformation nodes within the access structure.This approach is intended to prevent collaborations not specified by the access policy and to avoid erroneous authorization of access requests.
Although the method proposed in the paper is innovative in terms of flexibility and fine-grained control, it still falls short in implementing collaborative access in multi-user environments.

2021
Han Liu et al. [26] Ciphertext-Policy Attribute-Based Encryption for the Internet of Things Information Center Based on Zero-Knowledge Proof The authors introduced a lightweight non-interactive zero-knowledge proof protocol to verify the existence of a user's private key.This protocol permits ciphertext transmission only after successful validation of the user's private key.This approach effectively addresses the issue of high bandwidth usage in traditional CP-ABE systems caused by unauthorized or invalid encryption data requests.
The protocol's flexibility is suboptimal in scenarios where encryption policies or user attributes are subject to frequent changes.Based on the attribute information of IIoT devices, the authors utilize the decentralized, immutable, and secure characteristics of the blockchain to implement access control for protocol participants.The scheme employs the blockchain to store device attribute information and utilizes smart contracts to execute access policies and manage rules, ensuring that only devices with specific attributes participate in the protocol.
Although blockchains provide security protection in this scheme, additional mechanisms are still needed to ensure data privacy and security.

2022
Chin-Ling Chen et al. [28] Blockchain-Based IIoT Enterprise Secure Data Transmission Scheme The authors store encrypted IIoT data on the IPFS network and create a keyword index table on Hyperledger Fabric for data sharing.This scheme utilizes Fabric's channels and custom chaincodes to achieve privacy protection and efficient data transmission, while employing elliptic curve digital signature algorithm (ECDSA) to ensure data integrity.
Although the scheme employs the ECDSA to ensure data security and integrity, it still has shortcomings when addressing security threats and privacy issues in large-scale distributed environments.

2022
Guangquan Xu et al. [29] Blockchain and Attribute Encryption-Based Medical Data Sharing Scheme The authors have proposed a blockchain-based scheme for medical data sharing, designed to address privacy breaches and system isolation issues prevalent in traditional medical systems.This scheme employs a blockchain-based authorization mechanism along with attribute-based encryption (ABE) technology to facilitate data sharing across various medical institutions, breaking the barriers of system boundaries.Moreover, it leverages ABE for scalable access control, enhancing the framework's overall security and efficiency.
Although the scheme employs advanced encryption and authorization mechanisms, further exploration is needed for effectively managing and maintaining these mechanisms in real-world medical environments to ensure data security and privacy protection.The authors have proposed a scheme for securing and preserving the privacy of data sharing in electronic health systems.This scheme includes two types of blockchains: a private blockchain for storing personal health information and a consortium blockchain for managing secure indices of this information.The scheme employs public key encryption algorithms to encrypt personal health data, keywords, and identity information, ensuring data security, access control, and privacy protection.
In the paper, the authors did not conduct an exhaustive evaluation of the proposed scheme's performance, leaving its feasibility in practical applications undetermined.

2019
Qikun Zhang et al. [31] Access Control Scheme Based on Encrypted Attribute Authentication and Threshold Policy The authors have proposed an IIoT access control scheme that is based on ciphertext-attribute authentication and threshold policies.In this scheme, identity information has been encrypted and stored on the blockchain, where it is verified through smart contracts and decentralized consensus algorithms.Furthermore, the scheme has utilized the anonymity and encryption capabilities of blockchain technology to protect personal information privacy during user authentication.
Although the authors utilized attribute-based encryption techniques in this scheme, they did not provide a detailed threat model or security analysis, nor did they thoroughly explore issues related to privacy protection.The authors have designed a blockchain signature scheme suitable for the IIoT.This scheme compresses signatures from different senders through aggregated signatures to save bandwidth, while maintaining the autonomous management capabilities of the IIoT.The scheme employs smart contracts to verify anonymous sources and shares encrypted information among entities.
Due to the use of aggregated signature technology in this scheme, the computational overhead is significant, and the practicality of the scheme remains to be enhanced.2020 Qi et al. [33] Cpds: Efficient and Privacy-Preserving Compressed Private Data Sharing Scheme The authors have proposed a compressed private data sharing (CPDS) framework for efficiently and securely managing product data in the IIoT on the blockchain.This framework employs two novel mechanisms for storing compressed product data and for policy enforcement, enabling multiple industrial participants to share product data efficiently in a distributed environment while achieving fine-grained access control.
Due to the limited storage space on the blockchain, this scheme exhibits deficiencies in storage performance when handling large volumes of data.
Sensors 2024, 24, 1035 5 of 27 The authors utilize the decentralized, immutable, and secure features of blockchain, based on the attribute information of IIoT devices, to implement access control for protocol participants.The scheme involves storing device attribute information on the blockchain and employing smart contracts to execute access policies and management rules, ensuring that only devices with specific attributes participate in the protocol.
Although the blockchain provides security protection in this scheme, additional mechanisms are still required to ensure the privacy and security of data.

2022
Yue Wang et al. [35] Blockchain-Based IIoT Privacy Information Secure Sharing Scheme The authors have proposed a blockchain-based scheme for the secure sharing of private information.This scheme has initially abstracted smart factories as edge nodes and has established a decentralized, distributed, and trusted blockchain network on simulated edge devices using the Ethereum client.Furthermore, the scheme has introduced an intelligent ECDSA to ensure the ownership of information shared among edge nodes and has designed an incentive mechanism based on information attributes to encourage sharing among these nodes.
Although the authors have abstracted smart factories as edge nodes and built a decentralized blockchain network based on the Ethereum client, the actual deployment of this scheme in IIoT may face more complex technical and operational challenges.
Based on the analysis of the aforementioned literature, numerous scholars have made significant contributions to research on blockchain technology's application in data sharing and privacy protection in the IIoT.These studies lay a solid foundation for the research approach of this paper.However, there are still several challenges in these research outcomes, including the complexity of data sharing algorithms, lack of flexibility, insufficient security, and relatively high computational costs.Moreover, these studies have not been closely integrated with the structural characteristics of the industrial internet, limiting their application in complex IIoT environments.Building upon current research, several critical issues need to be addressed, as analyzed below: (1) Achieving efficient data transmission and sharing without sacrificing algorithm performance; (2) Effectively managing and verifying the identities of a large number of devices and handling the vast amount of data generated; (3) Ensuring the integrity and security of data during its collection, transmission, and storage in environments with multiple stakeholders.
Therefore, it is imperative to investigate a data sharing and privacy protection scheme suitable for the IIoT which enables secure and efficient data sharing among terminal members while safeguarding their privacy information.For this purpose, we propose the BBDSPP scheme, which integrates cutting-edge technologies such as weighted threshold secret sharing, zero-knowledge proof, and attribute-based encryption.In this scheme, we assign characteristic values to attributes and optimize the data sharing process, thus implementing a flexible access control mechanism with combinational permissions.Subsequently, utilizing non-interactive zero-knowledge proof protocols, we pre-authenticate the identities of data accessors, effectively preventing unauthorized access.Moreover, we employ the IPFS distributed storage system to alleviate the storage burden on the blockchain, enhancing storage efficiency and system scalability.This approach provides a secure and trustworthy environment for data circulation in the IIoT.

Basic Concepts
In this section, we primarily introduce the fundamental mathematical concepts utilized in the BBDSPP scheme, including the three basic properties of bilinear mapping, the definition and three fundamental properties of weighted threshold secret sharing, and the basic principles of zero-knowledge proofs.The zero-knowledge proof protocols encompass both interactive and non-interactive types.In the authentication phase of the BBDSPP scheme, we employ a non-interactive zero-knowledge proof protocol.To facilitate a better understanding for the readers, in this section, we introduce and compare the principles of both interactive and non-interactive zero-knowledge proof protocols.In this scheme, we characterize and assign values to attributes to optimize the data sharing process, achieving a flexible access control mechanism with combinational permission settings.

Bilinear Mapping
Let G 1 , G 2 , and G T be cyclic groups of prime order p.A bilinear pairing is a map e : G 1 × G 2 → G T , where G T is also a cyclic group of the same order, satisfying the following properties [36]: (1) Bilinearity: For all u ∈ G 1 , v ∈ G 2 , and a, b ∈ Z * q , the map satisfies e(u a , v b ) = e(u, v) ab ; (2) Non-degeneracy: For all u ∈ G 1 and v ∈ G 2 , the map does not send every pair to the identity element of G T , that is e(u, v) ̸ = 1; (3) Computability: For all u ∈ G 1 and v ∈ G 2 , there exists an efficient algorithm to compute e(u, v).
Additionally, the bilinear map is required to have the following uniqueness property:

Weighted Threshold Secret Sharing
Weighted threshold secret sharing (WTSS) is an extension of the threshold secret sharing scheme originally proposed by Shamir in 1979.In traditional threshold secret sharing schemes, each participant is considered to have an equal contribution to the reconstruction of the secret.However, in practical applications, the status and role of participants often differ.To address this issue, researchers have introduced the WTSS mechanism.The core concept of this mechanism is to distribute a secret among a group of participants, where each participant is assigned a weight [37].This weight reflects the participant's importance or level of trust within the group.
Definition: In a WTSS scheme, a secret s is divided into n shares s 1 , s 2 , . . ., s n , and distributed to n participants.Each participant P i is assigned a weight w i .The secret s can be reconstructed only when the sum of the weights of the participants who combine their shares is greater than or equal to a predefined threshold W. Properties: (1) Flexibility: WTSS allows for a flexible and hierarchical structure of trust among participants by assigning different weights to each participant; (2) Security: The secret cannot be reconstructed unless the weighted shares sum up to at least the threshold, providing security against partial compromise; (3) Robustness: WTSS schemes are robust against the failure of some participants to provide their shares, as long as the threshold can still be reached with the available shares.
In summary, WTSS provides a means for securely distributing a secret in a manner that reflects the hierarchy and trust levels within a group, ensuring that only a weighted combination of participants can reconstruct the secret [38].

Zero-Knowledge Proofs
Zero-knowledge proofs can be categorized into interactive and non-interactive types.Interactive zero-knowledge proofs involve multiple rounds of information exchange between the prover and the verifier.In this method, the prover begins with a preliminary proof.Subsequently, the verifier poses a series of random challenges based on this proof, to which the prover must respond appropriately.This process is repeated until the verifier is convinced of the proof's validity.If the statement to be proven is true, an honest prover can convince the verifier of its truth without revealing any additional information.The Schnorr protocol is a classic example within this category of proofs, used to demonstrate knowledge of a discrete logarithm without disclosing its value [39].
Non-interactive zero-knowledge proofs, on the other hand, involve a one-way transmission of proof from the prover to the verifier without further interaction.The advantage of this method is that the prover can pre-generate a proof and reuse it across multiple scenarios, eliminating the need for ongoing interaction with the verifier.To achieve noninteractivity, techniques such as a "common reference string" or cryptographic tricks like the Fiat-Shamir heuristic are often employed to convert interactive protocols into a non-interactive format.Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) are a widely-used form of zero-knowledge proofs, particularly applied within blockchain technology and extensively used on platforms like Ethereum [40].A comparison between interactive and non-interactive zero-knowledge proofs is illustrated in Figure 1.
Schnorr protocol is a classic example within this category of proofs, used to demon knowledge of a discrete logarithm without disclosing its value [39].
Non-interactive zero-knowledge proofs, on the other hand, involve a one-way mission of proof from the prover to the verifier without further interaction.The adva of this method is that the prover can pre-generate a proof and reuse it across mu scenarios, eliminating the need for ongoing interaction with the verifier.To achieve interactivity, techniques such as a "common reference string" or cryptographic trick the Fiat-Shamir heuristic are often employed to convert interactive protocols into a interactive format.Zero-knowledge succinct non-interactive arguments of know (zk-SNARKs) are a widely-used form of zero-knowledge proofs, particularly ap within blockchain technology and extensively used on platforms like Ethereum [ comparison between interactive and non-interactive zero-knowledge proofs is illus in Figure 1.

Data Security Sharing Schemes
In this section, we provide a detailed introduction to the core components of the SPP scheme, which include the participating entities, the system model, and the exec process.Firstly, we systematically elucidate the functions and responsibilities of th ticipating entities to ensure that readers have a clear comprehension of each entity within the scheme.Following this, we present the framework of the system model, a to furnish readers with a comprehensive understanding of the system's operational anisms.Lastly, we describe the specific steps involved in the implementation scheme, covering the application of key technologies and the execution details o phase.The detailed introduction provided in this chapter aims to offer readers an inand systematic understanding of the BBDSPP scheme.

Scheme Entities
In this paper, we propose the BBDSPP scheme, which is centered around th idea of assigning values to attributes based on their characteristics.This is ach through the utilization of a weighted threshold secret sharing scheme which improv data sharing process, facilitating a flexible and secure data sharing access control m nism that allows IIoT end members access to data in the system both flexibly and sec Moreover, the scheme employs a non-interactive zero-knowledge proof protocol fo authenticating the identities of data accessors, preventing the impersonation by una ized members, theft of sensitive data, and unnecessary computational overhead.tionally, the scheme leverages the IPFS distributed storage system to store encr shared resources, recording only the storage addresses on the blockchain, signifi alleviating the blockchain's storage burden.

Data Security Sharing Schemes
In this section, we provide a detailed introduction to the core components of the BBDSPP scheme, which include the participating entities, the system model, and the execution process.Firstly, we systematically elucidate the functions and responsibilities of the participating entities to ensure that readers have a clear comprehension of each entity's role within the scheme.Following this, we present the framework of the system model, aiming to furnish readers with a comprehensive understanding of the system's operational mechanisms.Lastly, we describe the specific steps involved in the implementation of the scheme, covering the application of key technologies and the execution details of each phase.The detailed introduction provided in this chapter aims to offer readers an in-depth and systematic understanding of the BBDSPP scheme.

Scheme Entities
In this paper, we propose the BBDSPP scheme, which is centered around the core idea of assigning values to attributes based on their characteristics.This is achieved through the utilization of a weighted threshold secret sharing scheme which improves the data sharing process, facilitating a flexible and secure data sharing access control mechanism that allows IIoT end members access to data in the system both flexibly and securely.Moreover, the scheme employs a non-interactive zero-knowledge proof protocol for pre-authenticating the identities of data accessors, preventing the impersonation by unauthorized members, theft of sensitive data, and unnecessary computational overhead.Additionally, the scheme leverages the IPFS distributed storage system to store encrypted shared resources, recording only the storage addresses on the blockchain, significantly alleviating the blockchain's storage burden.
In this scheme, entities involved in data sharing include: certificate authority (CA), attribute authority (AA), regulatory node (RN), end members, and the interplanetary file system (IPFS).The specific roles are described as follows: (1) Certificate Authority (CA): As a trusted third party, the CA's main function is to generate the system's public parameters and the public keys for end members.It also generates signatures for end members based on the zero-knowledge proof protocol, which are used for identity authentication during data access; (2) Attribute Authority (AA): The AA is responsible for assigning attributes to end members, associating these attributes with the unique identity identifier id i of the end members, and registering them.Additionally, the AA categorizes attributes within the system; (3) Regulatory Node (RN): The RN, a set of pre-selected nodes within a consortium blockchain, is tasked with monitoring and recording a series of data transactions of end members.The characters used in this scheme and their meanings are shown in Table 3.

System Model
The BBDSPP scheme's system model primarily ensures the privacy protection and secure sharing of data information through aspects such as identity authentication, encrypted storage, and access control.The scheme comprises five parts: the initialization phase, registration phase, encryption phase, authentication phase, and decryption phase, and is executed by five participating entities: CA, AA, RN, end members, and IPFS.
The system model of the BBDSPP scheme is depicted in Figure 2.
During the initialization phase, the CA generates public and private keys for end members based on their identity identifiers.The private key is securely stored and the public key is combined with other parameters to form the system's public parameters.In the registration phase, the AA first assigns attributes to end members.Then, end members submit their attribute values and public keys to the CA.The CA authenticates end members using a non-interactive zero-knowledge proof protocol, which facilitates anonymous authentication during data access and protects the privacy of data requesters.
In the encryption phase, the DO uses a symmetric encryption algorithm to encrypt the information M to be shared and stores the encrypted ciphertext on the IPFS.The symmetric key is then encrypted using a ciphertext-policy attribute-based encryption method with weighted attributes, yielding the ciphertext and storage address.Subsequently, the RN records the information on the blockchain according to its storage structure and forms a public ledger through a secure consensus algorithm.
In the authentication phase, the DV first locates the storage address of the desired information on the IPFS in the blockchain and submits their zero-knowledge proof to the DO.After the DO verifies the identity of the data requester, they send the data storage address to the data requester.During the initialization phase, the CA generates public and private keys for end members based on their identity identifiers.The private key is securely stored and the public key is combined with other parameters to form the system's public parameters.In the registration phase, the AA first assigns attributes to end members.Then, end members submit their attribute values and public keys to the CA.The CA authenticates end members using a non-interactive zero-knowledge proof protocol, which facilitates anonymous authentication during data access and protects the privacy of data requesters.
In the encryption phase, the DO uses a symmetric encryption algorithm to encrypt the information M to be shared and stores the encrypted ciphertext on the IPFS.The symmetric key is then encrypted using a ciphertext-policy attribute-based encryption method with weighted attributes, yielding the ciphertext and storage address.Subsequently, the RN records the information on the blockchain according to its storage structure and forms a public ledger through a secure consensus algorithm.
In the authentication phase, the DV first locates the storage address of the desired information on the IPFS in the blockchain and submits their zero-knowledge proof to the DO.After the DO verifies the identity of the data requester, they send the data storage address to the data requester.In the decryption phase, the DV locates and downloads the ciphertext of the desired data from the addressed location.The data is then decrypted using a generated decryption key.Successful decryption and data access occurs only if the attribute weights held by the DV meet the threshold access value; otherwise, decryption is not possible.
Blockchains use a chained structure to store and organize data where each block consists of a block header and a block body.The block header contains information such as the ID of the previous block, version number, and Merkle root, while the block body includes hash operations and transaction information.Blocks are connected to each other through hash pointers.The data storage structure of the blockchain is illustrated as shown in Figure 3.
In this scheme, end members effectively integrate and store the multi-dimensional information and related attributes of data in a blockchain, providing the DV with a more convenient and efficient method for data querying and retrieval.The data information in the blocks includes attribute classification (Classification), encrypted information of the symmetric key (Ciphertext), and storage address (Address), among others.In this scheme, "Classification" provides precise categorization information of accessible attributes, allowing the DV to quickly locate the required data based on their attributes."Ciphertext" provides encrypted information of the symmetric key encrypted using attribute-based encryption.The DV can access the desired data only after decrypting to obtain the symmetric key."Address" gives the storage location of the ciphertext in the IPFS, enabling the DV to find and download the ciphertext of the data they wish to access.
In the decryption phase, the DV locates and downloads the ciphertext of the desired data from the addressed location.The data is then decrypted using a generated decryption key.Successful decryption and data access occurs only if the attribute weights held by the DV meet the threshold access value; otherwise, decryption is not possible.
Blockchains use a chained structure to store and organize data where each block consists of a block header and a block body.The block header contains information such as the ID of the previous block, version number, and Merkle root, while the block body includes hash operations and transaction information.Blocks are connected to each other through hash pointers.The data storage structure of the blockchain is illustrated as shown in Figure 3.In this scheme, end members effectively integrate and store the multi-dimensional information and related attributes of data in a blockchain, providing the DV with a more convenient and efficient method for data querying and retrieval.The data information in the blocks includes attribute classification (Classification), encrypted information of the symmetric key (Ciphertext), and storage address (Address), among others.In this scheme, "Classification" provides precise categorization information of accessible attributes, allowing the DV to quickly locate the required data based on their attributes."Ciphertext" provides encrypted information of the symmetric key encrypted using attribute-based encryption.The DV can access the desired data only after decrypting to obtain the symmetric key."Address" gives the storage location of the ciphertext in the IPFS, enabling the DV to find and download the ciphertext of the data they wish to access.

BBDSPP Scheme
Assuming that there are n terminal devices in the entire system, and these n terminal devices are regarded as n end members, then represents the set of these n end members.The corresponding set of identity identifiers is , where 1 i n ≤ ≤ .Next, we define an ordered set of attributes as (1)

BBDSPP Scheme
Assuming that there are n terminal devices in the entire system, and these n terminal devices are regarded as n end members, then U = {u i |i = 1, 2, . . ., n} represents the set of these n end members.
The corresponding set of identity identifiers is ID = {id i |i = 1, 2, . . ., n}, where 1 ≤ i ≤ n.Next, we define an ordered set of attributes as A = {a 1 , a 2 , . . . ,a r }, with corresponding attribute values V = {v 1 , v 2 , . . . ,v r }, and cor- responding attribute weights W = {w 1 , w 2 , . . . ,w r }, where r ∈ N * , indicating the total number of attributes.The BBDSPP scheme consists of five algorithms: initialization, registration, encryption, key generation, and decryption.Below are detailed explanations of the five steps.
(1) Setup(id i ) → {Q U , pp} Initialization Algorithm This algorithm is carried out by the CA institution.It takes as input the identity identifier id i of the end members and outputs the public key Q U of the end member u i and the public parameters pp of the system.The specific process is as follows: i. Randomly select large prime numbers p and q, choose a bilinear group G 1 of prime order p, and a cyclic group G 2 of prime order q, with g 1 as the generator of G 1 , and g 2 as the generator of G 2 .ii. Define a bilinear pairing operation e : iii.Choose three hash functions H 1 and H 2 , where H 1 : {0, 1} * → G 1 , and and compute the public key of the end member u i as: iv. Select a random number α ∈ Z * p , and compute the private key of the end member based on Q U as follows: v. Then compute u = e(g 1 , g 1 ) α , hence the public parameters pp are: The process of the initialization algorithm is as follows (Algorithm 1): The algorithm is jointly completed by the CA and the AA.The inputs to the algorithm are the attribute value V i and the public key Q U .The outputs are the signature σ and the registration information table.The specific process is as follows: The end member first submits their unique identity identifier to the AA.Upon receiving the application, the AA will assign attributes to the end member, including the name of the attribute, its value, and the corresponding weight value, and categorize these attributes before securely transmitting them to the end member.Let us assume that for the end member u i , the corresponding unique identity identifier is id i , the possessed attribute set is A i = a i 1 , a i 2 , . . ., a i r , the corresponding attribute values are V i = v i 1 , v i 2 , . . ., v i r , and the corresponding attribute weights are W i = w i 1 , w i 2 , . . ., w i r , where i, r ∈ N * , with i denoting the sequence number of the end member and r representing the number of attributes possessed by the i-th end member.Then, the AA registers the assigned attributes in association with the unique identity identifier id i of the end member.To prevent impersonation by unauthorized individuals, this process is only conducted once.
After receiving the attribute information, the end member sends the attribute information and the unique identity identifier id i to the CA.Upon receiving the information, the CA registers it and generates a zero-knowledge proof of the private key for the end member using a non-interactive zero-knowledge proof protocol, which serves as identity verification prior to the data access process.The detailed process is as follows: i. Compute T based on p and q from the public parameters: ii. Input the attribute values V i = v i 1 , v i 2 , . . ., v i r and the private key S U , then compute the following formula: Finally, the proof EV = {T, F} is obtained and sent to the end member through a secure channel, along with the relevant parameters.
The process of the registration algorithm is as follows (Algorithm 2): // Square each l j to get f j 10: // Add f j to the set F 12: F = F union f j 13: // Construct the proof EV 14: EV = {T, F} 15: return EV endfunction Based on the above process, the CA and AA complete the registration of all end members u i and establish a registry of end member information for easy querying of member details.The specific contents are shown in Table 4.
This algorithm is executed by the DO, who is an end member.The algorithm takes a message M as input and the attribute corresponding weight values W DO , and outputs the ciphertext CT.The specific process is as follows: The DO first selects a random number δ from the group G T to be used as the symmetric encryption key.Let the symmetric encryption algorithm be denoted by E, the DO encrypts the message M to be shared by calculating E δ (M) = E(δ, M), resulting in the symmetric encrypted ciphertext E δ (M).The DO stores the ciphertext E δ (M) in IPFS, obtaining the data storage address Address(E δ (M)), and then encrypts the symmetric key δ.The specific encryption process is as follows: Then, the output ciphertext is: The DO utilizes the regulatory node to store the ciphertext CT on the blockchain, simultaneously providing a brief description of the ciphertext.This is then associated with the relevant attribute categories and the data storage address.
The process of the encryption algorithm is as follows (Algorithm 3): This algorithm is jointly executed by the DO and DV within the terminal member environment.The DV inputs their zero-knowledge proof EV DV , and the output is the authentication result and the data storage address Address(E δ (M)).The specific process is as follows: When a DV wishes to access the data M, they need to obtain the access address of this data in the IPFS storage system.At this point, the DV needs to submit their zero-knowledge proof EV DV to the DO, proving their identity.Once verified, the DO then sends the data storage address Address(E δ (M)) to the DV.The detailed process is as follows: i. Based on the zero-knowledge proof EV DV 's parameter T, the DV generates a random parameter σ within the range (0, T) and then calculates a based on σ.The calculation formula is as follows: a ≡ σ 2 mod T ii.The DO generates a random sequence E and initiates an identity verification challenge to the DV.E = {e 1 , e 2 , . . . ,e r }, e j ∈ {0, 1} iii.Upon receiving the challenge, the DV calculates the response parameter Res using their private key S U and sends it to the DO.The specific formula for calculating Res is as follows: iv.The DO verifies using the zero-knowledge proof EV DV and response parameters Res, with the calculation formula as follows: When the equation Res 2 ≡ aγ mod T holds true, the identity verification of the DV is successful.The DO sends the data storage address, Address(E δ (M)), to the DV and calculates the attribute permission parameters based on the DV's weight values.If the equation does not hold, all operations are terminated.v. Once the DV's authentication is successful, the DO calculates the attribute permission parameters based on DVs weight values.The specific calculation formula is as follows: In the formula, b j represents the product of any distinct w j primes chosen from b 0 , b 1 , . . ., b W .After calculating the attribute permission parameter R i , it is sent to the DV along with the data storage address Address(E δ (M)).
The process of the authentication algorithm is as follows (Algorithm 4): for j from 1 to r ′ do: 23: r j = µ mod b j 24: R i = r 1 , r 2 , . . ., r j 25: send Permission Parameters (R i , Address(E δ (M))) // Send attribute permission parameters R i and Address(E δ (M))  This algorithm is performed by the DV among end members.It takes the ciphertext CT and the data storage address Address(E δ (M)) as input, and outputs the plaintext M. The specific process is as follows: Based on the brief description of encrypted information by the DO in the blockchain, the DV quickly locates the ciphertext CT of the desired data in the blockchain.Then, using the obtained attribute permission parameters R i , the DV decrypts the ciphertext.
i.The following formula is computed based on the attribute permission parameter: . . .x ≡ r j mod b j (15) Using the standard Chinese remainder theorem, a unique solution can be calculated: where After obtaining µ, the value of β can be solved as β = µ − Ab 0 .ii. Locate the symmetrically encrypted data E δ (M) using the data storage address Address(E δ (M)) and download it.Then, compute the following formula: Finally, the desired data M is obtained.The process of the decryption algorithm is as follows (Algorithm 5):

Blockchain Network Creation and Smart Contract Definition
Considering the target application within the IIoT, where the information stored in the terminal devices is typically highly confidential, we have opted for Hyperledger Fabric, tailored for IioT scenarios, as the development platform.Within this framework, we have designed and deployed two types of smart contracts on the blockchain: static smart contracts and dynamic smart contracts.The static smart contracts primarily take charge of managing pertinent information within the system following the initiation of data sharing requests by members.This encompasses operations such as information querying, updating, and uploading.On the other hand, dynamic smart contracts are responsible for real-time monitoring of members' operational behaviors and access privileges.This ensures that the data sharing process adheres to the predetermined rule policies, including the enactment and revocation of access permissions.
During node deployment, we positioned the CA node on an isolated host, disconnected from the external internet, thereby effectively shielding the system from unauthorized external access and enhancing the system's security and trustworthiness.Concurrently, we deployed peer nodes on physical nodes with internet connectivity, ensuring not only the continuity and reliability of external services but also enabling the peer nodes to store smart contract codes and process data access requests.This setup fosters effective interaction between the external environment and the blockchain network.Additionally, we distributed orderer nodes across multiple physical nodes.Together with the other modules of Hyperledger Fabric, these nodes form a highly secure, reliable, and high-performance blockchain network.The core modules of Fabric are detailed in Table 5.The specific process of creating a blockchain network is shown in Figure 4.

Scheme Analysis
In this section, we provide a detailed analysis of the correctness and security of the scheme.Initially, we verify the correctness of the scheme from both theoretical and practical application standpoints, ensuring its stable functionality under various conditions.Subsequently, we explore the security of the scheme, focusing on its privacy protection performance and potential security threats.

Correctness Analysis
The correctness of this scheme can be demonstrated through the following theorem.
Theorem 1.Any legitimate end member u in the system can prove their legitimacy and down-

Scheme Analysis
In this section, we provide a detailed analysis of the correctness and security of the scheme.Initially, we verify the correctness of the scheme from both theoretical and practical application standpoints, ensuring its stable functionality under various conditions.Subsequently, we explore the security of the scheme, focusing on its privacy protection performance and potential security threats.

Correctness Analysis
The correctness of this scheme can be demonstrated through the following theorem.Theorem 1.Any legitimate end member u i in the system can prove their legitimacy and download the data resources they wish to access.
Proof of Theorem 1.In the registration phase of the scheme, each end member u i is provided with zero-knowledge proof evidence EV.When a DV applies to a DO for data access, the DO, based on the pre-reserved evidence EV from the zero-knowledge proof, generates a random sequence E and initiates a challenge.Upon receiving this challenge, the DV uses their private key S DV to generate a response parameter Res and replies accordingly.Since the DV's private key S DV is kept secret, only the DV can generate the correct response parameter Res and provide valid proof of their identity.□ Assuming the DV possesses an attribute set A DV = {a DV1 , a DV2 , . . . ,a DVr } with corresponding attribute values V DV = {v DV1 , v DV2 , . . . ,v DVr }, then according to the non- interactive zero-knowledge proof protocol, the identity verification challenge posed by the DO expands from one bit to r bits for each session, assuming the challenge process is repeated for k rounds.In a one-bit challenge, the probability of the DV correctly guessing is 1 /2.Therefore, at the end of the challenge, the probability of an impostor DV successfully deceiving the DO is only Pr = 2 −kr .When kr is sufficiently large, Pr approaches zero.
Therefore, any legitimate end member u i in the system can prove their legitimacy based on the zero-knowledge proof pre-evidence and private key generated for them by the CA institution during the registration process.Once the identity of the DV is verified, the DO sends them the data storage address Address(E δ (M)) and calculates the attribute permission parameters based on the weight values of the DV.The DV can then locate the ciphertext of the data resource they wish to access in the IPFS storage system using the storage address Address(E δ (M)) and compute the decryption key based on the attribute permission parameters, ultimately obtaining access to the desired data resource.Theorem 2. In the system, any end member u i whose sum of attribute permission values is greater than or equal to the threshold value set during encryption can calculate the decryption key and access the corresponding ciphertext resource.
Proof of Theorem 2. After the identity of the DV is verified, the DO calculates the attribute permission parameter R based on the DV's weight values.The DV then uses the attribute permission parameter R to calculate the decryption key during the decryption phase.When the sum of the attribute permission values possessed by the DV reaches the threshold, b 1 b 2 . . .b j ≥ b 1 b 2 . . .b t , the system of Equation ( 13) satisfies the congruence r i ≡ r j mod b i , b j , i ̸ = j.According to the generalized Chinese remainder theorem, Equation ( 11) has a unique solution x within the range 0, b 1 b 2 . . .b j , which is µ.Thus, β = µ − Ab 0 can be solved.□ Therefore, in the system, any end member u i whose sum of attribute permission values is greater than or equal to the threshold value set during encryption can calculate the unique solution x, that is, µ, based on the attribute permission parameter R generated during the authentication phase, and subsequently solve for β.Then, using the ciphertext C = δu β , the symmetric encryption/decryption key δ can be calculated as δ = C u.e(g 1 ,g 1 ) β .Following this, the desired data M can be computed using the decryption algorithm D δ .

Security Analysis
Theorem 3. Any legitimate end member u i in the system can anonymously access data resources without revealing their identity.
Proof of Theorem 3.During the registration phase, the CA institution generates zeroknowledge proof evidence EV based on the private key S U of the end member u i .In the authentication phase, the DV only needs to present the evidence EV, allowing the DO to generate a random sequence E = {e 1 , e 2 , . . . ,e r } based on the parameter T in the proof and initiate an identity verification challenge to the DV.Upon receiving the challenge, the DV merely needs to compute the response parameter Res using their private key S U and reply to the DO.The DO can then determine whether the DV possesses the corresponding private key S DV by checking if the equation Res 2 ≡ aγ mod T holds true based on the zeroknowledge proof evidence EV and the response parameter Res.Throughout this process, the DV does not need to disclose their real identity while still being able to verify their legitimacy.At the same time, impostor members without the correct private key cannot compute the correct response parameter Res.Since solving Res 2 ≡ aγ mod T is equivalent to factoring T → p.q , and large integer factorization is a known difficult problem, it is unlikely to be feasible.□ Therefore, any legitimate end member u i in the system can securely prove the legitimacy of their identity without revealing their own identity, using the non-interactive zero-knowledge proof protocol.They can anonymously access the data resources in the system, ensuring the privacy of their identity with good anonymity.Theorem 4. In the system, when the sum of the attribute permission values possessed by the DV is less than the threshold value set by the DO during encryption, the DV cannot access the data resources shared by the DO.
Proof of Theorem 4. After the identity of the DV is verified, the DO calculates the attribute permission parameter R based on the data visitor's weight values.The DV then computes the decryption key during the decryption phase using the attribute permission parameter R they possess.When the sum of the attribute permission values held by the DV is less than the threshold value, b 1 b 2 . . .b j < b 1 b 2 . . .b t holds.According to the generalized Chinese remainder theorem, the solution derived from Equation ( 16) is uniformly distributed across all congruence classes modulo b 0 , meaning that although Equation ( 16) has solutions, they are not unique, and the solution x cannot be determined.Even if the congruence r i ≡ r j mod b i , b j , i ̸ = j is satisfied, there isn't enough information to determine the value of x, and no secret information can be obtained.□ Therefore, in the system, any end member u i whose sum of attribute permission values is less than the threshold value set during encryption cannot calculate the unique solution x, that is, µ, based on the attribute permission parameter R generated during the authentication phase, and subsequently, they cannot solve for β.As a result, they also cannot compute the symmetric encryption/decryption key δ using the ciphertext C.Even if they obtain the data storage address Address(E δ (M)), they cannot calculate the data M they wish to access.

Performance Analysis
In this section, we conduct a comprehensive evaluation of the proposed scheme's performance, encompassing both theoretical and experimental aspects.The theoretical analysis primarily involves a comparative study of several relevant algorithms and a deep analysis of computational costs.Building on this, we designed and implemented a series of experiments to further validate the accuracy of the theoretical analysis and the practical performance of the scheme.This combination of theoretical and experimental approaches makes our analysis more comprehensive, ensuring the effectiveness and advancement of the scheme.

Theoretical Analysis 6.1.1. Algorithm Characteristics Comparison
The data sharing scheme presented in this paper has been compared with the schemes in references [25,26,[29][30][31] in terms of blockchain structure, identity authentication, privacy protection, combinational permission, and off-chain storage.The results of this comparison are shown in Table 6.Furthermore, the aforementioned schemes do not incorporate searchable capabilities, presenting limitations in retrieving and quickly locating specific data stored within the system.In response to the issues identified in existing data sharing schemes, our solution employs weighted threshold secret sharing technology to improve the data sharing mechanism, enhancing the flexibility and autonomy in permission configuration, making the data sharing process in the IIoT more adaptable.Additionally, the scheme utilizes non-interactive zero-knowledge proof protocols for preliminary authentication of data accessors, effectively preventing unauthorized user intrusion.Moreover, our solution adopts the IPFS distributed storage system to store encrypted resources, recording only storage addresses on the blockchain, significantly reducing the storage load.In summary, our solution addresses the deficiencies of existing schemes in several key areas, including blockchain architecture, identity authentication, privacy protection, flexible combination of permissions, off-chain storage, and fine-grained access control.

Computational Cost Analysis
In data sharing schemes, the computationally intensive operations include hash function computations, bilinear pairing computations, and exponentiation operations, while the computational costs of simple addition and multiplication operations can be negligible.To understand the computational complexity of the aforementioned schemes more clearly, a comparison of computational costs in the key generation phase, authentication phase, encryption phase, and decryption phase between our scheme and five other schemes is made, providing a theoretical basis for further analyzing the computational overhead.Assuming that there are n end members participating in the data sharing process in the system, T h represents the computational cost of hash function operations, T b represents the computational cost of bilinear pairing operations, and T e represents the computational cost of exponentiation or modular exponentiation operations.r s represents the average number of attributes owned by end members and r d represents the average number of attributes used by DVs for decrypting ciphertext.The comparison of computational costs in the key generation phase, authentication phase, encryption phase, and decryption phase between our scheme and the other five schemes is shown in Table 7, where the key generation phase includes the initialization and registration stages of our scheme and the other schemes.(5 + r s )Te+ As indicated in Table 6, during the key generation phase the computational requirements of BSPP, ABCCACS, AC-CAATP, and ZK-CP-ABE are significantly greater than those of the proposed method.Furthermore, their computational demands increase linearly with the number of attributes held by end members.During the authentication phase, the computational demand of the proposed scheme is minimal when dealing with a small number of attribute values.As the attribute values increase, the computational requirements of this scheme show a linear growth and exceed that of other schemes.This is because the scheme employs a non-interactive zero-knowledge proof protocol.This protocol is used to generate zero-knowledge proofs of private keys for end members, thus ensuring their privacy is maintained throughout the authentication process.During the encryption and decryption phases, the proposed scheme requires the least computational resources when dealing with a small number of attribute values.As the number of attributes increases, the computational demand of this scheme becomes slightly higher than that of ZK-CP-ABE but remains lower than the other four methods.This is because the scheme, by characterizing and assigning values to attributes, achieves a flexible combination of permissions.This allows end members to access system data both flexibly and securely, a feature not realized by the ZK-CP-ABE approach.

Computational Analysis of Blockchain Operations
To evaluate the blockchain performance utilized in this study, we employed Caliper to test the write and read capabilities of the blockchain.The write operation refers to the DO writing data to the blockchain, which was conducted across four sets of tests.Each set simulated 1500 executions, varying the transaction submission rate.The submission speeds were set at 60 TPS (transactions per second), 90 TPS, 120 TPS, and 150 TPS, respectively.The read operation involves the DV reading data from the blockchain, repeating the procedure.The results of the blockchain system's write and read throughput tests are presented in Tables 8 and 9, respectively.Based on the test results, the following conclusions are drawn: (1) The blockchain is capable of processing transactions with a 100% success rate for both write and read operations.(2) The throughput for write operations approximates the sending rate when it is below 90 TPS.When the sending rate exceeds 90 TPS, the throughput reaches its peak and latency increases sharply, indicating that the limiting sending rate for write operations is 90 TPS.(3) The throughput for read operations approximates the sending rate when it is below 120 TPS.When the sending rate exceeds 120 TPS, the throughput peaks and latency increases sharply, suggesting that the limiting sending rate for read operations is 120 TPS.(4) Overall, the average latency for write operations is significantly greater than for read operations, with write operations also exhibiting a higher average delay compared to read operations.

Computational Analysis of the BBDSPP Scheme
To further substantiate the theoretical analysis of each scheme, we conducted simulation tests using a laptop equipped with an i7 7500 u 3.0 GHz processor, 16 GB RAM, and 256 GB storage (Intel, Santa Clara, CA, USA), within a Python 3.12 software environment.
To ensure the same level of security strength, the order p of the bilinear group G 1 is chosen as a 512-bit large prime number, and the order q of the bilinear group G 2 is selected as a 256-bit large prime number.Multiple operations are conducted, and the average values are taken as the final results.The average time for one hash function operation T h is approximately 0.00052 ms.The average time for one bilinear pairing operation T b is about 5.4005 ms, and the average time for one exponentiation or modular exponentiation operation T e is 2.1875 ms.Four different sets of attribute numbers r s possessed by end members are set, namely 5, 10, 15, and 20, to compare the time consumption in the four phases of key generation, authentication, encryption, and decryption.The specific time consumption comparison charts are shown in Figures 5-8 and the specific values are detailed in Tables 10-13.
To ensure the same level of security strength, the order p of the bilinear group 1  G is chosen as a 512-bit large prime number, and the order q of the bilinear group   During the key generation phase, the computational requirements of BSPP, ABCCACS, AC-CAATP, ZK-CP-ABE, and PPMDS significantly exceed those of our scheme.Moreover, as the number of attributes possessed by terminal members increases, their computational demands increase linearly.This indicates that in terms of key generation, our scheme has an advantage in efficiency, especially when the terminal members have a large number of attributes, resulting in lower computational overhead compared to other schemes.During the authentication phase, AB-CCACS and ZK-CP-ABE lack an authentication process, resulting in a computational load of zero.When the number of attributes exceeds 10, the computational load of the scheme proposed in this paper is higher than that of the other four schemes.This is attributed to the fact that, in the authentication phase, our During the authentication phase, AB-CCACS and ZK-CP-ABE lack an authentication process, resulting in a computational load of zero.When the number of attributes exceeds 10, the computational load of the scheme proposed in this paper is higher than that of the other four schemes.This is attributed to the fact that, in the authentication phase, our scheme generates a zero-knowledge proof for terminal members using attribute values, a process that leads to increased computational overhead with a larger number of attributes.During the encryption phase, the computational load of the scheme presented in this paper is the lowest when the number of attributes is less than 10.However, when the number of attributes exceeds 10, the computational load of our scheme is only higher than that of AC-CAATP.This indicates that the scheme proposed in this paper is more efficient when dealing with a smaller number of attributes.During the decryption phase, the computational load of the scheme proposed in this paper is slightly higher than that of AC-CAATP and ZK-CP-ABE.However, the increase in computational load is relatively small as the number of attributes possessed by the terminal members grows.This suggests that when dealing with a larger number of at-tributes, our scheme maintains a certain level of computational efficiency in processing decryption operations, being only marginally higher than certain other schemes.
To facilitate a more direct and visual comparison of the computational costs of our scheme against others, we calculated the total time across all stages for attribute values of 5, 10, 15, and 20, and conducted a comparative analysis.The specific comparison of time consumption is depicted in the line chart in Figure 9, with detailed numerical values pro-   During the key generation phase, the computational requirements of BSPP, ABCCACS, AC-CAATP, ZK-CP-ABE, and PPMDS significantly exceed those of our scheme.Moreover, as the number of attributes possessed by terminal members increases, their computational demands increase linearly.This indicates that in terms of key generation, our scheme has an advantage in efficiency, especially when the terminal members have a large number of attributes, resulting in lower computational overhead compared to other schemes.
During the authentication phase, AB-CCACS and ZK-CP-ABE lack an authentication process, resulting in a computational load of zero.When the number of attributes exceeds 10, the computational load of the scheme proposed in this paper is higher than that of the other four schemes.This is attributed to the fact that, in the authentication phase, our scheme generates a zero-knowledge proof for terminal members using attribute values, a process that leads to increased computational overhead with a larger number of attributes.
During the encryption phase, the computational load of the scheme presented in this paper is the lowest when the number of attributes is less than 10.However, when the number of attributes exceeds 10, the computational load of our scheme is only higher than that of AC-CAATP.This indicates that the scheme proposed in this paper is more efficient when dealing with a smaller number of attributes.
During the decryption phase, the computational load of the scheme proposed in this paper is slightly higher than that of AC-CAATP and ZK-CP-ABE.However, the increase in computational load is relatively small as the number of attributes possessed by the terminal members grows.This suggests that when dealing with a larger number of at-tributes, our scheme maintains a certain level of computational efficiency in processing decryption operations, being only marginally higher than certain other schemes.
To facilitate a more direct and visual comparison of the computational costs of our scheme against others, we calculated the total time across all stages for attribute values of 5, 10, 15, and 20, and conducted a comparative analysis.The specific comparison of time consumption is depicted in the line chart in Figure 9, with detailed numerical values provided in Table 14.From the above charts, it is evident that the total computational load of the BBDSPP scheme is consistently lower than that of ABCCACS, AC-CAATP, and PPMDS.It is slightly higher than ZK-CP-ABE when the attribute value exceeds 10.This is because our scheme employs a non-interactive zero-knowledge proof protocol to generate zero-knowledge proofs of private keys for terminal members and characterizes attribute values to realize flexible combination of permissions.This enables terminal members to access system data flexibly and securely.ZK-CP-ABE does not implement this feature.Since the BSPP lacks an identity authentication function, its total computation time is always lower than that of the BBDSPP scheme.In summary, by comparing the computational consumption of various schemes through simulation experiments, it is evident that the scheme proposed in this paper not only addresses the deficiencies of existing schemes but also demonstrates comparable or superior performance in terms of computational consumption, further validating the feasibility of our scheme.

Conclusions
In response to the issues of complex communication processes, poor flexibility, and low security in traditional data sharing models of the IIoT, we propose the BBDSPP scheme.Initially, we assign values to attributes based on their characteristics and utilize a weighted threshold secret sharing scheme to improve the data sharing process.This approach facilitates a data sharing access control mechanism that allows for the free combination of permissions.Terminal members can freely choose the attributes to decrypt.As long as the attribute values meet the preset access threshold, they can decrypt and access specific data.This not only ensures the flexibility of data sharing but also guarantees stringent control over data access.
Additionally, we employ non-interactive zero-knowledge proof protocols to preauthenticate the identities of data accessors, preventing illegal members from impersonating and stealing sensitive data.This not only protects the privacy of terminal members but also avoids the extra computational burden caused by illegal access.It ensures that only legitimate and authorized terminal members can access data in the system, effectively preventing unauthorized access and leakage of sensitive information.
Furthermore, we utilize the IPFS distributed storage system to store encrypted shared resources.By storing a large amount of data on IPFS and only keeping corresponding storage addresses on the blockchain, we effectively resolve the storage efficiency issues prevalent in traditional blockchain applications.This approach not only ensures the security and integrity of data but also significantly enhances the efficiency of data retrieval and the scalability of the system.
Finally, we analyzed the correctness and security of the proposed solution, conducted a theoretical analysis of the solution's functional characteristics and computational costs, and designed experiments for validation.The results show that the BBDSPP scheme can address the deficiencies in existing solutions in several key areas such as identity authentication, privacy protection, flexible combination of permissions, and off-chain storage, while also maintaining good performance and demonstrating strong feasibility.
However, the BBDSPP scheme still has some potential limitations and areas for improvement.For instance, scalability for large-scale IIoT systems and feasibility of practical deployment require further study.Additionally, performance metrics of the BBDSPP scheme in terms of privacy protection and data security need further optimization.Therefore, future work will focus on addressing these issues and further refining and improving the BBDSPP scheme.

Figure 1 .
Figure 1.Comparison between Interactive zero-knowledge proofs and Non-interactive knowledge proofs.

Figure 1 .
Figure 1.Comparison between Interactive zero-knowledge proofs and Non-interactive zeroknowledge proofs.
the total number of attributes.The BBDSPP scheme consists of five algorithms: initialization, registration, encryption, key generation, and decryption.Below are detailed explanations of the five steps.
i.The weight corresponding to the attribute set is W DO = w DO 1 , w DO 2 , . . ., w DO r , with the total weight denoted as W = r ∑ j=1 w DO j .Randomly select W + 1 prime numbers b 0 , b 1 , . . ., b W , which satisfy the relation b 1 b 2 . . .b t > b 0 b W−t+2 b W−t+3 . . .b W .Let B = (b 0 , b 1 , . . . ,b W ), then choose a random number β in GF(b 0 ), and compute the following formula: C = δu β (6) ii.Set the attribute weight threshold value as t, where 0 < t ≤ W. Let Y = b 1 b 2 . . .b t , and select an integer A such that 0 ≤ A ≤ Y b 0 − 1, then compute the following formula:

Figure 5 .
Figure 5. Comparative analysis of computational time in the key generation phase.

Figure 5 .
Figure 5. Comparative analysis of computational time in the key generation phase.Sensors 2024, 24, x FOR PEER REVIEW 27 of 32

Figure 6 .
Figure 6.Comparative analysis of computational time in the authentication phase.

Figure 6 .
Figure 6.Comparative analysis of computational time in the authentication phase.

Figure 7 .Figure 7 .
Figure 7. Comparative analysis of computational time in the encryption phase.

Figure 8 .
Figure 8. Comparative analysis of computational time in the decryption phase.

Figure 8 .
Figure 8. Comparative analysis of computational time in the decryption phase.

Sensors 2024 , 32 Figure 9 .
Figure 9. Comparative analysis of total calculation time for each scheme.

Figure 9 .
Figure 9. Comparative analysis of total calculation time for each scheme.

Table 1 .
Research achievements in data sharing.

Table 2 .
Research achievements in the field of privacy protection.
It forms a public ledger through a secure consensus algorithm; (4) End Members: End members are smart terminal devices in the IIoT, including data owners (DOs) and data visitors (DVs).DOs are end members that offer data for sharing, primarily focusing on customizing data access policies, encrypting data, and publishing data.DVs are end members that request access to data, mainly submitting data access applications, downloading ciphertext, and decrypting it.The roles of DOs and DVs are interchangeable.A DO can also act as a DV for data querying and access, and vice versa; (5) Interplanetary File System (IPFS): As a distributed storage platform, IPFS securely stores encrypted shared resources uploaded by DO and returns storage addresses.These addresses serve as clues for DV to download shared resources.

Table 3 .
Notations and Their Meanings Used in the Scheme.

Table 4 .
End member registration information table.

Table 5 .
Core modules of fabric.

Table 5 .
Core modules of fabric.

Table 6 .
Comparison of characteristics of various data sharing schemes.

Table 7 .
Comparison of computational costs between our scheme and four others.

Table 8 .
Results of the write operation performance tests in the blockchain system.

Table 9 .
Results of the read operation performance tests in the blockchain system.
2 G is se- lected as a 256-bit large prime number.Multiple operations are conducted, and the average values are taken as the final results.The average time for one hash function operation h T is approximately 0.00052 ms.The average time for one bilinear pairing operation b T is about 5.4005 ms, and the average time for one exponentiation or modular exponentiation operation e T is 2.1875 ms.Four different sets of attribute numbers s r possessed by end members are set, namely 5, 10, 15, and 20, to compare the time consumption in the four phases of key generation, authentication, encryption, and decryption.The specific time consumption comparison charts are shown in Figures 5-8 and the specific values are detailed in Tables 10-13.

Table 10 .
Calculation time result of key generation stage.

Table 11 .
Calculation time result of authentication phase.

Table 12 .
Calculation time result of encryption phase.

Table 13 .
Calculation time result of decryption phase.

Table 10 .
Calculation time result of key generation stage.

Table 11 .
Calculation time result of authentication phase.

Table 12 .
Calculation time result of encryption phase.

Table 13 .
Calculation time result of decryption phase.

Table 14 .
Calculation time result of total calculation time for each scheme.

Table 14 .
Calculation time result of total calculation time for each scheme.