Data-Sharing System with Attribute-Based Encryption in Blockchain and Privacy Computing †
Abstract
1. Introduction
- Combined with blockchain technology and privacy computing technology, we propose a data-sharing system in the blockchain network. We design a resource catalog to formulate data usage rules to data users, where data catalog registration means that the data provider will provide a metadata description, which is a comprehensive description of their data owner; note that this refers only to metadata, data description, and data structure, and not actual data or real business data. Calculation model catalog refers to the registration and publication of privacy computing models, which is the logic of calculation. Computing resource registration refers to the registration and publication of computing server resources, such as private computing, a trusted execution environment, and security multi-party computing.
- All data sharing is in blockchain networks. Compared with traditional access control, attribute-based encryption access control is more flexible and more secure. Attribute-based access control combines attribute sets to implement the data access. Blockchain technology ensures all data are recorded and traceable. Data owners have fine-grained, one-to-many access control through a cipher-policy attribute-based encryption (CP-ABE) algorithm, and the design access policy, in our system, distributes private keys to data users, which eliminates direct interaction between data owners and users, reducing the data-sharing burden on data owners.
- We propose a novel privacy-enhancing on-chain Boolean search approach that facilitates efficient data retrieval before accessing plaintext information. This scheme allows a semi-trusted server to perform search operations directly over encrypted data without necessitating decryption, thereby ensuring robust protection of data privacy.
2. Related Work
3. Preliminaries
3.1. Bilinear Pairing
- Bilinear: for all .
- Non-degenerate: .
- Computable: It is efficient to compute for all .
3.2. Hardness Assumptions
3.2.1. DDH Assumption
3.2.2. Strong RSA Problem
3.3. Pseudo-Random Functions
3.4. Access Policy in Attribute-Based Encryption
4. Our Proposed Mechanism
4.1. Threat Model
- In a data-sharing system, attackers may intercept and analyze transactions or data exchanges within the blockchain network to infer sensitive information. Even though data are encrypted, adversaries can attempt to deduce valuable information by observing data distribution patterns, metadata, or query requests. Data leakage attacks pose a significant threat to user privacy, particularly in decentralized data sharing environments.
- Since encryption relies heavily on the security of key management, any vulnerability in the key distribution, storage, or update process can allow attackers to bypass encryption protections and access sensitive data. Key leakage can lead to the compromise of a large volume of data, making robust key management strategies critical for ensuring data security.
- In attribute-based encryption (ABE) systems, users may collude by sharing their decryption keys to collectively gain unauthorized access to encrypted data. Collusion attacks enable multiple users to bypass access control policies by combining their attributes to decrypt sensitive information. This is a significant risk in systems where access control is implemented through attribute-based encryption.
4.2. System Model
- Organization management domain: The organization represents a member in the blockchain network, such as a company, enterprise, or department. Organizations develop a set of data usage rules and data access policies, and are able to collect actual data, transfer data, and execute data.
- Blockchain: We choose a permission blockchain where anyone can participate and access anonymously. The blockchain consists of a series of linked data blocks, added through consensus among peer nodes. Each link between blocks is created using cryptographic hash functions, ensuring the immutability of transaction data and the integrity of the block chain. Smart contracts are executed autonomously based on predefined logic, eliminating the need for a central authority, with the outcomes securely recorded on the blockchain.
- Data Owners (DOs): In one organization, DOs collect actual data in the local database and provide the environment of computation via a resource catalog. They convert actual data into metadata and provide the the best privacy computing strategy based on data features and usage scenarios in the resource catalog.
- Data Users (DUs): In other organizations, DUs query-encrypted data information from the data catalog is published on the blockchain. When DUs access the resource catalog, they convert the search keywords into a search token using the authorized keyword key independently. The smart contract needs to verify whether the user’s attributes satisfy the attribute values specified in the access control list.
- Computing Node: The network nodes participating in privacy computing can be located in different management domains in the business flow, and can represent software, computers, virtual computers, or clusters.
- Privacy Computing Module: There are three main modules in the CPCP, consisting of multi-party computing, federated learning, and a trusted execution environment. This module performs calculation and analysis on encrypted data or in an opaque state. Using privacy computing models to compute actual data guarantees the data privacy and security.
- Database: The database stores a number of actual data. This module is a precondition for data sharing and data distribution.
4.3. Catalog Structure and Management
- Data catalog information: The data owner inverts actual data into metadata to provide data catalog information. When DOs use data in a computing model from the data catalog, executing the computing process needs to be mapped onto the actual data. Data catalog information consists of data classification information, data field information, and data access permission information. A standard catalog pattern is used. Before a data catalog is recorded on the blockchain, the DOs have to fill the data information as the standard catalog pattern. Table 2 describes the standard data catalog form on the blockchain as follows. We use 18 classes to describe data information in detail. All of these classes are helpful for data users searching for their needed source data. In real-world applications, dictionaries in a dictionary is a possible data structure for maintaining massive attributes.
- Computation model information: Besides the data catalog information, computing model catalog information consists of an algorithm model, disk resource, the environment of computing, the data field of model usage, and the model description. The algorithm model includes federated learning, security multi-party computing, privacy set interaction, and a trusted environment extension. The data field of model usage refers to the usage function of actual data, such as multi-party average and multi-party aggregation. The model description represents the algorithm model of the usage algorithm model. The computing party uses privacy set interaction to choose if they need data, and utilizes a proper algorithm model to finish the computing process. The computing results are saved in the CPC system.
4.4. CP-ABE Algorithm
| Algorithm 1: Setup | 
| Input: security parameter Output: Secret Key, Public Key and Authority Key 
 | 
| Algorithm 2: Encryption | 
| Input: Plaintext message M, access control(R,) Output: The ciphertext message CT 
 | 
| Algorithm 3: KenGeneration | 
| Input: Global identities GID, attribute i, Sercet Key SK Output: Authority key 
 | 
| Algorithm 4: Decryption | 
| Input: Ciphertext message CT, authority key Output: Plaintext message M 
 | 
4.5. Boolean Search Algorithm
- EDindex (encrypted DB index) is an encrypted mapping from keywords to all corresponding file IDs.
- BSindex (Boolean search index) is a file-keyword mapping where the key denotes the file’s association with the keyword, and the value indicates whether this association exists.
- PTindex (partial token map index) is used to generate search tokens (as discussed in Section 6.1), eliminating the need for a trusted server as detailed in [16].
5. Security Analysis
5.1. Security of Data Sharing
5.2. Security of CPC-CP-ABE
5.3. Security of Result Storage
6. Experiment
6.1. Experimental Settings
6.2. Result
7. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Epiphaniou, G.; Pillai, P.; Bottarelli, M.; Al-Khateeb, H.; Hammoudesh, M.; Maple, C. Electronic Regulation of Data Sharing and Processing Using Smart Ledger Technologies for Supply-Chain Security. IEEE Trans. Eng. Manag. 2020, 67, 1059–1073. [Google Scholar] [CrossRef]
- Wang, Z.; Chen, Q.; Liu, L. Permissioned Blockchain-Based Secure and Privacy-Preserving Data Sharing Protocol. IEEE Internet Things J. 2023, 10, 10698–10707. [Google Scholar] [CrossRef]
- Li, H.; Yang, Y.; Dai, Y.; Bai, J.; Yu, S.; Xiang, Y. Achieving Secure and Efficient Dynamic Searchable Symmetric Encryption over Medical Cloud Data. IEEE Trans. Cloud Comput. 2017, 8, 484–494. [Google Scholar] [CrossRef]
- Xu, L.; Sun, S.; Yuan, X.; Liu, J.K.; Zuo, C.; Xu, C. Enabling Authorized Encrypted Search for Multi-Authority Medical Databases. IEEE Trans. Emerg. Top. Comput. 2019, 9, 534–546. [Google Scholar] [CrossRef]
- Wang, M.; Guo, Y.; Zhang, C.; Wang, C.; Huang, H.; Jia, X. MedShare: A Privacy-Preserving Medical Data Sharing System by Using Blockchain. IEEE Trans. Serv. Comput. 2021, 16, 438–451. [Google Scholar] [CrossRef]
- Zheng, Q.; Guo, B.; Hu, Y.; Li, Z. A Secure and Trusted Data Sharing Scheme Based on Blockchain for Government Data. In Proceedings of the 2022 IEEE 24th Int Conf on High Performance Computing & Communications; 8th Int Conf on Data Science & Systems; 20th Int Conf on Smart City; 8th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys), Hainan, China, 18–20 December 2022; pp. 936–942. [Google Scholar] [CrossRef]
- Ma, X.; Wang, C.; Wang, L. The Data Sharing Scheme based on Blockchain. In Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI ’20), Taipei, Taiwan, 6 October 2020; Association for Computing Machinery: New York, NY, USA, 2020; pp. 96–105. [Google Scholar] [CrossRef]
- Li, S.; Li, R.; Zhang, Y.; Huang, Y. CBI: A Data Access Control System Based on Cloud and Blockchain Integration. In Proceedings of the 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Yanuca Island, Cuvu, Fiji, 14–16 December 2020; pp. 715–721. [Google Scholar] [CrossRef]
- Dai, W.; Lu, Z.; Xie, X.; Wang, D.; Jin, H. Diabetes Mellitus Type 2 Data Sharing System Based on Blockchain and Attribute-Encryption. In Proceedings of the 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Wuhan, China, 9–11 December 2022; pp. 498–505. [Google Scholar] [CrossRef]
- Huang, J.; Kong, L.; Wang, J.; Chen, G.; Gao, J.; Huang, G.; Khan, M.K. Secure Data Sharing over Vehicular Networks Based on Multi-sharding Blockchain. ACM Trans. Sens. Netw. 2024, 20, 1–23. [Google Scholar] [CrossRef]
- Xu, H.; Qi, S.; Qi, Y.; Wei, W.; Xiong, N. Secure and Lightweight Blockchain-based Truthful Data Trading for Real-Time Vehicular Crowdsensing. ACM Trans. Embed. Comput. Syst. 2024, 23, 1–31. [Google Scholar] [CrossRef]
- Yuan, M.; Xu, Y.; Zhang, C.; Tan, Y.; Wang, Y.; Ren, J.; Zhang, Y. TRUCON: Blockchain-Based Trusted Data Sharing With Congestion Control in Internet of Vehicles. IEEE Trans. Intell. Transp. Syst. 2022, 24, 3489–3500. [Google Scholar] [CrossRef]
- Chen, Y.; Li, J.; Wang, F.; Yue, K.; Li, Y.; Xing, B.; Zhang, L.; Chen, L. DS2PM: A Data-Sharing Privacy Protection Model Based on Blockchain and Federated Learning. IEEE Internet Things J. 2021, 10, 12112–12125. [Google Scholar] [CrossRef]
- Hao, K.; Xin, J.; Wang, Z.; Yao, Z.; Wang, G. Efficient and Secure Data Sharing Scheme on Interoperable Blockchain Database. IEEE Trans. Big Data 2023, 9, 1171–1185. [Google Scholar] [CrossRef]
- Shen, J.; Zhou, T.; He, D.; Zhang, Y.; Sun, X.; Xiang, Y. Block Design-Based Key Agreement for Group Data Sharing in Cloud Computing. IEEE Trans. Dependable Secur. Comput. 2017, 16, 996–1010. [Google Scholar] [CrossRef]
- Zhou, Z.; Tian, Y.; Xiong, J.; Ma, J.; Peng, C. Blockchain-Enabled Secure and Trusted Federated Data Sharing in IIoT. IEEE Trans. Ind. Inform. 2022, 19, 6669–6681. [Google Scholar] [CrossRef]
- Mei, Q.; Yang, M.; Chen, J.; Wang, L.; Xiong, H. Expressive Data Sharing and Self-Controlled Fine-Grained Data Deletion in Cloud-Assisted IoT. IEEE Trans. Dependable Secur. Comput. 2022, 20, 2625–2640. [Google Scholar] [CrossRef]
- Han, D.; Chen, J.; Zhang, L.; Shen, Y.; Wang, X.; Gao, Y. Access control of blockchain based on dual-policy attribute-based encryption. In Proceedings of the 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Yanuca Island, Cuvu, Fiji, 14–16 December 2020; pp. 1282–1290. [Google Scholar] [CrossRef]
- Yan, L.; Ge, L.; Xu, J. Research on data access scheme based on attribute-based encryption in blockchain environment. In Proceedings of the 2023 11th International Conference on Communications and Broadband Networking (ICCBN ’23), Xi’an, China, 24–26 February 2023; Association for Computing Machinery: New York, NY, USA, 2023; pp. 8–12. [Google Scholar] [CrossRef]
- Shen, Y.; Song, W.; Zhao, C.; Peng, Z. Secure Access Control for eHealth Data in Emergency Rescue Case based on Traceable Attribute-Based Encryption. In Proceedings of the 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Wuhan, China, 9–11 December 2022; pp. 201–208. [Google Scholar] [CrossRef]
- Rao, Y.S.; Prasad, S.; Bera, S.; Das, A.K.; Susilo, W. Boolean Searchable Attribute-Based Signcryption With Search Results Self-Verifiability Mechanism for Data Storage and Retrieval in Clouds. IEEE Trans. Serv. Comput. 2024, 17, 1382–1399. [Google Scholar] [CrossRef]
- Zhang, K.; Zhang, Y.; Li, Y.; Liu, X.; Lu, L. A Blockchain-Based Anonymous Attribute-Based Searchable Encryption Scheme for Data Sharing. IEEE Internet Things J. 2023, 11, 1685–1697. [Google Scholar] [CrossRef]
- Huang, Q.; Yan, G.; Wei, Q. Attribute-Based Expressive and Ranked Keyword Search Over Encrypted Documents in Cloud Computing. IEEE Trans. Serv. Comput. 2023, 16, 957–968. [Google Scholar] [CrossRef]
- Lewko, A.; Waters, B. Decentralizing attribute-based encryption. In Advances in Cryptology—EUROCRYPT 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 568–588. [Google Scholar]





| Scheme | Data Leakage | Secure Attribute Management | Security Searchable Encryption | 
|---|---|---|---|
| Scheme [11] | × | ✓ | ✓ | 
| Scheme [13] | ✓ | ✓ | × | 
| Scheme [15] | × | ✓ | ✓ | 
| Scheme [18] | × | × | ✓ | 
| Our CPC | ✓ | ✓ | ✓ | 
| Data Name | Data Abstract | Data Starting Time | 
| Data Updating Time | Data Format | Field Names | 
| Data Type and Length | Major Key (Yes/No) | is Null (Yes/No) | 
| Field Description | Value Range | Data Examples | 
| Sharing Type | Sharing Condition | Data Size | 
| Data Owner Organization | Data Level | Other Comments | 
| Data Volume (w) | Times (ns) | CPU Usage | TPS | |
|---|---|---|---|---|
| integer multiplication | 1 | 9.929 | 428 | 1505.91 | 
| integer comparison | 1 | 8.044 | 386 | 2061.01 | 
| floating-point multiplication | 1 | 10.852 | 412 | 1434.36 | 
| floating-point comparison | 1 | 10.495 | 390 | 1563.49 | 
| Data Volume (w) | Times (ns) | CPU Usage | TPS | |
|---|---|---|---|---|
| integer multiplication | 1 | 18.741 | 200.6 | 2269.76 | 
| integer comparison | 1 | 32.082 | 200.6 | 1325.94 | 
| floating-point multiplication | 1 | 19.623 | 208 | 2090.67 | 
| floating-point comparison | 1 | 35.505 | 208.6 | 1152.43 | 
| Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. | 
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Wu, H.; Liu, Y.; Zhu, K.; Zhang, L. Data-Sharing System with Attribute-Based Encryption in Blockchain and Privacy Computing. Symmetry 2024, 16, 1550. https://doi.org/10.3390/sym16111550
Wu H, Liu Y, Zhu K, Zhang L. Data-Sharing System with Attribute-Based Encryption in Blockchain and Privacy Computing. Symmetry. 2024; 16(11):1550. https://doi.org/10.3390/sym16111550
Chicago/Turabian StyleWu, Hao, Yu Liu, Konglin Zhu, and Lin Zhang. 2024. "Data-Sharing System with Attribute-Based Encryption in Blockchain and Privacy Computing" Symmetry 16, no. 11: 1550. https://doi.org/10.3390/sym16111550
APA StyleWu, H., Liu, Y., Zhu, K., & Zhang, L. (2024). Data-Sharing System with Attribute-Based Encryption in Blockchain and Privacy Computing. Symmetry, 16(11), 1550. https://doi.org/10.3390/sym16111550
 
        

 
       