Research on Data Ownership and Controllable Sharing Schemes in the Process of Logistics Data Flow

Abstract

The secure and effective dissemination of logistics data is frequently obstructed by issues pertaining to ownership verification and unwanted access during data exchange. This study introduces an innovative strategy for data ownership verification and regulated sharing based on the notion of “three rights separation”, which delineates data ownership into control rights, usage rights, and management rights. The proposed approach incorporates chameleon signatures and blockchain technology to facilitate dynamic, non-falsifiable ownership marking and verification. Additionally, it utilizes searchable encryption and proxy re-encryption methods to guarantee that data are viewed solely under allowed circumstances, thereby averting misuse by third-party data administrators. Security analysis verifies resilience against adaptive chosen-message assaults and keyword-guessing threats, while simulation studies illustrate the scheme’s robustness, efficiency, and practical applicability in real-world logistical settings. This framework offers a scalable and safe solution for multi-party data sharing with explicitly defined ownership control.

1. Introduction

The logistics sector is experiencing significant transformation due to the rapid increase in data volume and the growing interconnectivity among supply chain stakeholders [1]. Logistics data, encompassing real-time tracking, inventory records, contract details, and transactional logs, have emerged as a vital strategic asset [2]. They enable enterprises to enhance operations, elevate customer service, and facilitate collaborative decision-making within scattered ecosystems. This increase in data flow presents significant issues in maintaining secure, transparent, and manageable data exchange, particularly in situations with several independent stakeholders [3]. A fundamental problem hindering the seamless sharing of logistics data is the ambiguity and lack of enforceability over data ownership [4]. In numerous logistics contexts, data are inherently non-competitive and non-exclusive, indicating that various entities may require access to identical data for diverse objectives [5]. This communal resource, however advantageous for collaboration, prompts apprehensions over unlawful access, data exploitation, and uncertainty in accountability. Conventional data governance methods, characterized by inflexible and centralized control systems, are inadequate for managing the dynamic and context-dependent flow of logistics data.

Current research has sought to tackle ownership-related issues by employing frameworks that delineate data rights and utilize technologies like blockchain for safe audit trails [6,7]. Nevertheless, these models generally regard data ownership as a fixed characteristic, inadequately accommodating dynamic alterations or precise delegation of rights when data transition between various entities [8]. Furthermore, these models rarely differentiate among the several dimensions of ownership—specifically control, usage, and management—which are essential for facilitating adaptable and context-sensitive data exchanges [9]. In light of these constraints, the notion of “three rights separation” has arisen as a viable paradigm [10]. This paradigm delineates data ownership into three different rights: control rights (the authority to establish access restrictions), usage rights (the license to access and utilize the data), and management rights (the ability to maintain and supervise data availability and integrity). Formalizing this distinction enables the establishment of adaptive, multi-party data governance frameworks that are secure and operationally feasible.

The current research presents an innovative logistics data-sharing scheme that integrates chameleon signatures, blockchain technology, proxy re-encryption, and searchable encryption, based on the established theoretical framework. Chameleon signatures [11] enable data proprietors to create immutable and non-transferable ownership marks that can be dynamically modified. Blockchain [12] functions as a decentralized, immutable ledger for the storage of these markers, facilitating transparent and verifiable proof of ownership. The solution utilizes “one authorization, one access” architecture with proxy re-encryption to ensure safe access, preventing data managers from going beyond their assigned permissions. Moreover, searchable encryption is incorporated to facilitate regulated keyword-based inquiries without revealing sensitive data. Security assessments utilizing EUF-CMA and IND-KGA frameworks indicate that the proposed scheme is resilient against forgery and keyword-guessing attacks. Simulation investigations further validate the framework’s computational and communication efficiency, establishing it as a resilient solution for real-world logistics situations that require both flexibility and security in data exchange. This method, unlike previous systems that are overly inflexible or inadequately secure, facilitates dynamic ownership transfers, public verifiability, and enforceable access control, thereby fostering a more intelligent and accountable logistics data ecosystem.

The primary objective of this project is to provide a secure, adaptable, and verifiable logistics data-sharing architecture founded on the “three rights separation” paradigm. The defined aims are as follows:

(1)

To develop a dynamic and secure data ownership verification system: this encompasses the implementation of chameleon signature methods within blockchain technology to facilitate publicly verifiable, non-transferable, and dynamically updatable ownership labels.

(2)

To create a manageable and safe data-sharing infrastructure: the suggested architecture utilizes proxy re-encryption and searchable encryption to guarantee that data are accessible solely to authorized individuals under specified ownership conditions, facilitating precise and revocable access control.

(3)

To furnish official security assurances: the technique is assessed using stringent cryptographic models, namely, Existential Unforgeability under Chosen Message Attack (EUF-CMA) and Indistinguishability under Keyword Guessing Attack (IND-KGA) to confirm its robustness against common adversarial tactics.

(4)

To illustrate practical applicability and efficacy: the proposed system is evaluated for computational and communication efficiency by performance analysis and simulation testing, confirming its appropriateness for implementation in intricate, large-scale logistics networks.

2. Related Work

The increasing digitalization of supply chains and logistics has rendered data an essential asset for operational optimization, real-time coordination, and strategic decision-making. Nonetheless, the generation, exchange, and use of logistics data by various parties have introduced new difficulties concerning data security, trust, ownership, and regulatory compliance. A substantial body of research has developed to tackle two essential facets of data governance in this context: (1) the precise verification and management of data rights, and (2) the secure and regulated sharing of data once rights have been established. Although blockchain, cryptographic primitives, and access control methods have improved data governance capabilities, challenges remain, especially in managing dynamic, multi-party data situations. The subsequent sections analyze the existing literature in these two fundamental domains, highlighting recent advancements, deficiencies, and their implications for the rationale underlying the proposed method.

2.1. Data Rights Confirmation

Establishing and validating data ownership is essential for secure and legal data transmission, particularly in logistics ecosystems with several independent entities. Conventional methods for validating data rights generally depend on fixed, centralized frameworks in which data ownership is established once and presumed to be unchanging. Nevertheless, these models are inadequate for the dynamic and collaborative characteristics of contemporary logistics systems. Given the incessant generation, alteration, and retrieval of data by various entities frequently transcending jurisdictional and organizational boundaries, there is a necessity for more adaptable and secure ownership verification techniques.

A notable theoretical paradigm for this issue is the “three rights separation” model introduced by Xu et al. [10], which delineates data ownership into control rights, usage rights, and management rights. This division enables stakeholders to possess varying degrees of control over the same dataset, hence more effectively mirroring real-world logistics operations compared with conventional single-owner models. The model provides a detailed representation of data ownership, establishing a basis for more flexible and enforced data governance. Nonetheless, despite its theoretical robustness, the model is deficient in the requisite technical infrastructure to provide real-time verification and enforcement of these rights during data transactions.

To augment legitimacy and traceability in ownership assertions, some researchers have adopted blockchain technology. Yang et al. [13] suggested a secure data provenance paradigm that incorporates asymmetric watermarking, homomorphic encryption, and digital signatures. This system guarantees data traceability and repudiation resistance; nevertheless, it lacks the capability to facilitate real-time ownership modifications or manage transitions in multi-party collaborations. Huang et al. [14] proposed a certificateless cloud storage auditing approach that facilitates ownership transfer via identity verifier conversion. This diminishes dependence on external certificate authorities and streamlines ownership delegation; nonetheless, it remains closely linked to a singular verification authority and lacks public verifiability in dispersed systems.

Zhao et al. [15] investigated the application of smart contracts to automate the verification of data assets, facilitating the automatic enforcement of ownership regulations in blockchain-based data transactions. Nonetheless, their approach fails to verify the legitimacy of transaction participants, potentially allowing unauthorized entities to exploit weaknesses in access protocols. These methodologies, however innovative, inadequately address the requirements for dynamic ownership modification, particularly in off-chain contexts where ownership must be safely and verifiably integrated across platforms.

A significant deficiency in existing models is the inadequate focus on public verification techniques. Most current systems either depend on private key-based verification, limiting validation of ownership to certain parties, or incorporate ownership metadata in manners that are not readily traceable or auditable by external entities. This deficiency in transparency constrains the scalability and interoperability of existing systems. Furthermore, the incapacity to oversee multi-party ownership verification and the on-chain synchronization of off-chain ownership data results in discrepancies within shared data settings. In conclusion, although significant advancements have been achieved in the conceptualization and partial implementation of data rights confirmation, existing methodologies do not completely correspond with the actual reality of logistics systems. An effective and safe ownership verification methodology must facilitate flexible, multi-party collaboration, ensure public verifiability, and permit dynamic alteration of data rights. This study proposes the integration of chameleon signatures with blockchain and searchable encryption to tackle these difficulties by facilitating tamper-proof, real-time, and customizable ownership verification techniques.

2.2. Controllable Sharing Based on Data Rights Confirmation

Alongside establishing data ownership, it is imperative to ascertain the modalities of data sharing, the stipulations governing it, and the parties involved. Controllable data sharing denotes the capacity of the data proprietor to govern access protocols in a safe, revocable, and context-sensitive manner. In the logistics sector, where sensitive operational data are frequently shared across manufacturers, suppliers, carriers, and third-party platforms, strong data access control systems are crucial for sustaining competitive advantage and ensuring regulatory compliance. Nonetheless, despite the increasing interest in privacy-preserving data sharing models, numerous existing frameworks continue to demonstrate significant inadequacies, particularly in aligning access rights with dynamic ownership arrangements.

A prominent technique in this field is proxy re-encryption, enabling a proxy (such as a data sharing platform) to re-encrypt data for approved receivers without disclosing the original plaintext. Shao et al. [16] introduced a searchable proxy re-encryption system that facilitates privacy-preserving data queries. This method facilitates secure keyword-based access to encrypted data, although it permits perpetual access once re-encryption is sanctioned. Consequently, data proprietors are unable to rescind permits or implement temporal usage constraints—both of which are essential for sensitive and private logistical information. Zhao and Su [17] devised a time-constrained ownership delegation model utilizing a prefix tree structure alongside Paillier encryption to rectify this deficiency. This facilitates precise access control according to temporal policies and permits the data owner to stipulate the length of time data are accessible in advance. Nonetheless, although effective in specific instances, the system lacks real-time adaptability and fails to interact with comprehensive multi-party collaboration frameworks where ownership roles may fluctuate dynamically.

Wang et al. [18] proposed a right-confirmable data-sharing model (RCDS) utilizing symbolic mapping and blockchain oversight. Their model highlights the capacity to verify and assert data ownership irrespective of the data’s substance. Although this enhances traceability and reduces tampering, it fails to support dynamic delegation or intricate conditional sharing logic necessary for multi-tenant logistics platforms. Wang [19] introduced a blockchain-based dynamic access control system for collaborative emergency response that modifies sharing regulations according to scenario demands. This method fails to account for post-sharing ownership verification, resulting in potential vulnerabilities that allow data to stay accessible despite changes in ownership or authorization. Amanat et al. [20] sought to enhance ownership tracing by integrating blockchain technology with digital signatures, so guaranteeing the integrity of ownership labels. Nonetheless, they failed to tackle the problem of signature propagation, wherein digital ownership labels are replicated without proper association to the original owner. This may lead to inappropriate or unclear usage, particularly in systems where data are duplicated between platforms.

The above-stated studies clearly indicate that current controllable sharing approaches do not incorporate dynamic ownership tracking. They frequently implement access using static, one-time policies and neglect the ownership lifetime across data utilization. Moreover, most frameworks lack mutual enforcement of ownership and access rights, resulting in the potential sharing of data under obsolete or invalid authorizations. This poses significant challenges in logistics, because real-time alterations in partnerships, responsibilities, and operational roles require simultaneous modifications in data rights. Thus, the current research proposes a cohesive and ownership-conscious regulated sharing system to address these deficiencies. By integrating proxy re-encryption with searchable encryption and incorporating ownership tokens into access protocols, the system guarantees that only legitimate, permitted requests reflecting current ownership statuses can access and utilize the data. This method not only improves security and privacy but also equips data proprietors with the means to implement context-sensitive access controls, such as revocation, delegation, and time-restricted control.

3. Methods

The current section introduces the chameleon signature, proxy re-encryption, and searchable encryption in the proposed scheme.

3.1. Chameleon Signature

The chameleon signature [21] is a special type of digital signature proposed by Krawczyk and Rabin. It allows the signer, who possesses a trapdoor, to modify the message content after signing and still maintain the validity of the signature. The scheme in this paper is based on the chameleon signature scheme proposed by Yang et al. [22] as follows:

• $Setup\left(\lambda \right)\to Param$: initialization, input security parameter $\lambda$, output public verification parameter $Param$.
• $CH\_Gen\left(Param\right)\to (pk,sk)$: key generation algorithm, by inputting $Param$, outputs the chameleon hash public-private key pair $(pk,sk)$.
• $CH\_Hash(pk,M)\to (H,R)$: chameleon hash algorithm, by inputting chameleon hash public key $pk$, and data M, outputs the chameleon hash and verification parameters $(H,R)$.
• $CH\_Check(H,R,M,pk)\to x\in \{0,1\}$: chameleon hash verification algorithm, by inputting chameleon hash H, verification parameters R, data M, and public key $pk$, outputs the verification result x.
• $CH\_Sign(H,R,sk,M,M^{\prime })\to R^{\prime }$: chameleon signature algorithm, by inputting chameleon hash H, verification parameters R, private key $sk$, data M, and signed message $M^{\prime }$, outputs the verification parameter $R^{\prime }$.
• $CH\_Verify(H,pk,M,M^{\prime },R,R^{\prime })\to y\in \{0,1\}$: chameleon signature verification algorithm, by inputting chameleon hash H, public key $pk$, data M, signed message $M^{\prime }$, verification parameters R and $R^{\prime }$, outputs the verification result y.

3.2. Proxy Re-Encryption

Proxy re-encryption (PRE) is a cryptographic technique proposed by Blaze et al. [23]. It allows a third-party proxy to re-encrypt data encrypted by the data owner using a re-encryption key, while ensuring data confidentiality. This enables the data recipient to decrypt the data with their own private key. During this process, the third-party proxy cannot obtain any useful information. The proxy re-encryption model is shown in Figure 1.

3.3. Searchable Encryption

Searchable encryption [24], as a cryptographic primitive, was proposed to allow users to search encrypted data without decrypting them. Boneh et al. [25] first designed a public-key-based searchable encryption scheme, which avoids the risks associated with shared keys. By introducing an indexing mechanism into the public-key encryption system, users can search for encrypted data without revealing the query content, ensuring the security and privacy of the data. The searchable encryption model is shown in Figure 2.

4. System Framework

This section introduces the system model, security threats, and security model of the controllable sharing scheme based on data ownership confirmation.

4.1. System Model

The current study examines the challenges associated with verifying data ownership and their secure distribution within the framework of the “three rights separation” concept. A plan for the regulated dissemination of data is proposed to attain this objective. This system would provide precise ownership verification and controlled access. In the data storage phase, the data owner creates control and management tags using a chameleon hash private key. These tags are subsequently integrated into the data. In the third phase, the data are encrypted prior to their upload to the Interplanetary File System (IPFS) for decentralized storage. Subsequently, the index produced by the IPFS is encrypted utilizing searchable encryption with the public key linked to the data manager. To provide transparency and tamper-resistance, control tags, management tags, public verification parameters, and the encrypted index are collectively published on the blockchain.

In the “data request” phase, the data sharing platform will solicit the data of interest to their users. A unique ownership tag is generated by the data owner in response to the request and subsequently stored on the blockchain. A re-encryption key is generated using the requester’s public key. A one-time ownership token is generated, incorporating the requester’s identity and ownership characteristics. The data sharing platform acquires these credentials post-transmission. The platform uses its private key to create a trapdoor for secure querying by amalgamating the ownership token and search terms using the platform. Through engagement with the smart contract, the platform can retrieve the encrypted index and access the corresponding data from their designated IPFS storage sites. Subsequently, the ciphertext undergoes re-encryption using the re-encryption key, yielding a ciphertext that is both secure and access controlled. In the data retrieval phase, the requester must obtain the ownership tag from the data sharing platform and verify that the blockchain holds the corresponding ownership record. Upon successful completion of the verification process, the requester is issued an access token. This token facilitates the secure retrieval of the re-encrypted data from the platform, ensuring that data access is authorized and traceable.

The system consists of six entities: Data Owner (DO), data sharing platform (DSP), Data Requester (DR), blockchain (BC) and Interplanetary File System (IPFS). The main parameters used in this scheme and their meanings are shown in

Table 1. Parameter symbols and their meanings.

Parameter	Meaning
$P{k}_i,S{k}_i$	The public key and private key of user i
$p{k}_i,s{k}_i$	The chameleon hash public key and private key of user i
$Rk$	Re-encryption key
$Csh$	Chameleon hash
$u,v$	Chameleon signature
$Para{m}_i$	Public verification parameters
$TL$	Searchable encryption trapdoor
$Q,QK$	Data ownership and ownership tokens
$IH$	The address hash value returned by IPFS
r	Chameleon signature verification parameter
$OS,O{S}^{\prime },O{S}^{″}$	Data control rights, data management rights, data usage rights

. The system model is illustrated Figure 3.

(1)

Data Owner: the data owner is responsible for generating tags for data control rights, management rights, and usage rights. They also create searchable encryption schemes and ownership tokens. The owner stores the data in the IPFS and records ownership tags on the blockchain. When data sharing is required, the data owner dynamically adjusts the ownership based on user needs, ensuring complete control over the data.

(2)

Data sharing platform: this facilitates data sharing between owners and requesters. The platform verifies its ownership and generates searchable encryption trapdoors to access ciphertext. It also manages the data that the owner intends to share and generates re-encrypted ciphertext for secure transmission.

(3)

Data Requester: they browse the data catalog provided by the data sharing platform and submit a data sharing request. By querying the ownership parameters stored on the blockchain, they verify the legitimacy of the data’s origin. Once the verification is successful, they use the validated ownership to obtain the requested data from the data sharing platform.

(4)

IPFS: this stores the data provided by the data owner and submits the storage index back to the data owner.

(5)

Blockchain: this stores the encrypted keywords, ownership information, and related public parameters uploaded by the data owner. It also verifies ownership validity and performs keyword matching.

4.2. Security Threats

In the data ownership-controllable sharing scheme based on the “three rights separation” model, it is essential to ensure the unforgeability of the chameleon signature ownership tags during the sharing process. This guarantees the legitimate rights and interests of all participants. On this basis, the security of ciphertexts generated by searchable encryption must also be considered. This ensures that data will not be misused when managed by a semi-trusted third party. Therefore, this section defines two security models for data sharing.

(1)

Forged chameleon signature: malicious users may attempt to forge data ownership. They can generate fake ownership signature verification parameters based on the forged data ownership, thus gaining control over the data.

(2)

Keyword Guessing Attack and Indistinguishability: malicious users might try to bypass encryption protections. By querying and analyzing the encrypted index multiple times, they may infer keyword information and gain access to the data.

4.3. Security Model

4.3.1. Non-Forgeability of Chameleon Signature

Adversary A can use their own chameleon public key to generate the corresponding ownership label for any given ownership information, m. The forged ownership label can pass the $CH\_Verify$ verification. Therefore, suppose there is a challenger, C. If A, after querying C, can forge a chameleon signature and pass the verification, it means A has successfully forged the ownership label. Otherwise, A cannot forge the ownership label. The game process between adversary A and challenger C is as follows:

(1)

Initialization phase: Challenger C selects $H_1:{\{0,1\}}^{\ast }\to Z_q^{\ast }$, and $H_2:{\{0,1\}}^{\ast }\to G$ as random oracles. Then, it generates the corresponding chameleon public-private key pair $(p{k}_i,s{k}_i)$ and $(p{k}_j,s{k}_j)$.

(2)

Query phase: A uses message m to make a signing query. Challenger C generates the chameleon hash $Csh$, the signature u, and the verification parameter r. C then returns $(u,Csh,r)$ to A.

(3)

Forgery phase: Adversary A outputs a forged signature and verification parameter $(u^{\prime },Cs{h}^{\prime },r^{\prime })$. A has not previously queried $(u^{\prime },Cs{h}^{\prime },r^{\prime })$. Then, C uses the verification algorithm $CH\_Verify$ to verify it. If the result is 1, A’s attack is successful; otherwise, it fails.

The probability of the attacker successfully forging is $ϵ$, and $ϵ$ is negligible. This shows that the chameleon signature algorithm proposed in this paper satisfies EUF-CMA security in the random oracle model.

4.3.2. Keyword Guessing Attack Indistinguishability

The adversary guesses the keyword w and forges the ownership token $QK$ to generate a search trapdoor. If the trapdoor passes the Test search, the adversary succeeds. Therefore, assume there exists a challenger, C. After A queries C, if A can guess the keyword w and forge the ownership token $QK$ to generate a search trapdoor that passes verification, it means A has successfully attacked; otherwise, the attack fails. The game process between adversary A and challenger C is as follows:

(1)

Initialization phase: challenger C generates the public $(p{k}_i,s{k}_i)$ and private $(p{k}_l,s{k}_l)$ key pairs for the data owner and the data management platform. Random values $a,b,c\in Z_q^{\ast }$, and the DDH hard parameters $(g,g^a,g^b,g^c)\in G_1$ are provided.

(2)

Query phase: adversary A uses the data owner $DO$’s public key, $P{k}_i$, and the data sharing platform $DSP$’s public key, $P{k}_j$, along with the forged ownership Q, to send an ownership token query to challenger C. Challenger C generates the ownership token $QK$ in response and returns it to A. A then uses the ownership token $QK$, along with the public keys of the data owner $DO$, $P{k}_i$, and the data sharing platform $DSP$, $P{k}_j$, to send a trapdoor query to challenger C. Challenger C generates the trapdoor $TL$ and returns it to A.

(3)

Challenge phase: adversary A outputs $(P{k}_i,P{k}_j,w_1,w_2,Q{K}^{\prime })$, where it is not the same as the trapdoor queried in the previous phase. Challenger C generates the corresponding trapdoor, and uses the Test algorithm for search. If the output is 1, A succeeds in the attack; otherwise, it fails.

The probability of the attacker successfully forging is $ϵ$. Since $ϵ$ is non-negligible, challenger C can break the DDH problem with a non-negligible advantage. This contradicts the known hardness of the DDH problem. Therefore, the assumption is invalid, and the proposed scheme satisfies IND-KGA security.

5. Scheme Design

The current section proposes a data sharing scheme with controllable ownership, combining blockchain, for scenarios where clear data ownership sharing is required. The specific sharing solution is shown in Figure 4.

Scheme Algorithm Definition

$CH\_Gen\left(1^{\lambda }\right)\to (p{k}_i,s{k}_i,Para{m}_1)$: chameleon hash key generation algorithm. Input the system security parameter $\lambda$, where two prime numbers, p and q, satisfy $p=2q+1$. Let $\gamma$ be the generator of the group $Z_q^{\ast }$, and G and $G_T$ be multiplicative cyclic groups of order q. Define the collision-resistant hash functions $H_1:{0,1}^{\ast }\to Z_q^{\ast }$, and $H_2:{0,1}^{\ast }\to G$. The public verification parameters are $Param=\{q,p,e,G,G_T,\delta \}$ and the key pair $(p{k}_i,s{k}_i)$.

$$\begin{array}{cc}\hfill x_i& \in Z_q^{\ast }\hfill \end{array}$$

(1)

$$\begin{array}{cc}\hfill s{k}_i& =x_i\hfill \end{array}$$

(2)

$$\begin{array}{cc}\hfill p{k}_i& ={\delta }^{s{k}_i}modp\hfill \end{array}$$

(3)

$Setup\left(N\right)\to \left(Para{m}_2\right)$: initialization algorithm. Select the security parameter N as input and generate the system parameters $Para{m}_2$ for different users. $Sig$ is the secure one-time signature algorithm and “length” refers to the length of the verification key in $Sig$. $G_1$ and $G_T$ are multiplicative cyclic groups of order q,with g being the generator of $G_1$ and d a random element of the group $G_1$. Define hash functions as follows: $H_1:{\{0,1\}}^{\ast }\to Z_q^{\ast }$, $H_2:{\{0,1\}}^{\ast }\to G_1$, $H_3:{\{0,1\}}^{\le length}\to G_1$ and $H_4:{\{0,1\}}^{\le length}\to G_1$. The public parameters $Para{m}_2$ are defined as $\{q,g,e,h,G_1,G_T\}$.

$KeyGen\left(Para{m}_2\right)\to (P{k}_i,S{k}_i)$: key pair generation algorithm. Generate a public–private key pair $(P{k}_i,S{k}_i)$ using $Para{m}_2$.

$$\begin{array}{cc}\hfill x_i& \in Z_q^{\ast }\hfill \end{array}$$

(4)

$$\begin{array}{cc}\hfill S{k}_i& =x_i\hfill \end{array}$$

(5)

$$\begin{array}{cc}\hfill P{k}_i& =g^{x_i}\hfill \end{array}$$

(6)

$Encryption(P{k}_{DO},m)\to \left(C_m\right)$: ciphertext generation algorithm. Input the data owner’s public key $P{k}_{DO}$, data m, and output the ciphertext $C_m$.

$$\begin{array}{cc}\hfill r& \in Z_q^{\ast }\hfill \end{array}$$

(7)

$$\begin{array}{cc}\hfill \zeta & =(ssk,svk),i=svk\hfill \end{array}$$

(8)

$$\begin{array}{cc}\hfill C_1=e{(H_3\left(i\right),g)}^r·m,C_2& =d^r,C_3={\left(H_4\left(i\right)\right)}^r,C_4=P{k}_{DO}^r\hfill \end{array}$$

(9)

$$\begin{array}{cc}\hfill C_m& =(C_1,C_2,C_3,C_4)\hfill \end{array}$$

(10)

$CH\_Hash(p{k}_{DO},M)\to (Csh,r,\alpha ,\beta ,\gamma )$: chameleon hash generation algorithm. Input the data owner’s public key $p{k}_{DO}$ and ownership data M, and output the verification parameters $r,\alpha ,\beta ,\gamma$, and the chameleon hash value $Csh$.

$$\alpha \in Z_q^{\ast },\beta \in Z_q^{\ast },\gamma \in Z_q^{\ast },r\in Z_q^{\ast }$$

(11)

$$Csh=(g^{M+\alpha }·p{k}_{DO}^{r+\beta }·H_1{(g^M,p{k}_{DO}^R)}^{\gamma })modp$$

(12)

$CH\_Sign(p{k}_{DSP},s{k}_{DO},M,Csh)\to \left(u\right)$: chameleon signature generation algorithm. Input the ownership data M, chameleon hash value $Csh$, the data owner’s private key $s{k}_{DO}$ and the data sharing platform’s public key $p{k}_{DSP}$, and output the chameleon hash signature u.

$SeEncryption(P{k}_{DSP},w)\to \left(C_S\right)$: keyword encryption algorithm. Input the data sharing platform’s public key $P{k}_{DSP}$ and the encrypted keyword w, and output the ciphertext $C_S$.

$$\begin{array}{cc}\hfill r& \in Z_q^{\ast }\hfill \end{array}$$

(13)

$$c_1=P{k}_{DSP}^r,c_2=e{(g,H_2\left(w\right))}^r$$

(14)

$$C_S=(c_1,c_2)$$

(15)

$RekeyGen(S{k}_{DO},P{k}_{DP})\to R{k}_{DO\to DP}$: re-encryption key generation algorithm. Input the data requester’s public key $P{k}_{DP}$ and the data owner’s private key $S{k}_{DO}$, and output the re-encryption key $R{k}_{DO\to DP}$.

$$\begin{array}{c}\hfill R{k}_{DO\to DP}=P{k}_{DP}^{1/S{k}_{DO}}\end{array}$$

(16)

$QToke(Q,S{k}_{DO},P{k}_{DO},P{k}_{DSP},Para{m}_2)\to QK$: ownership token generation algorithm. Input ownership Q, the data owner’s private key $S{k}_{DO}$, public key $P{k}_{DO}$, data sharing platform’s public key $P{k}_{DSP}$, and system parameter $Para{m}_2$, and output the token $QK$.

$$q\in Z_q^{\ast }$$

(17)

$$q{k}_1=H_1(Q,P{k}_{DO}),q{k}_2=(P{k}_{DSP}·g^q{)}^{(1/(S{k}_{DO}+H_1(Q,P{k}_{DO}))},q{k}_3=q$$

(18)

$$QK=(q{k}_1,q{k}_2,q{k}_3)$$

(19)

$CH\_ModSig(s{k}_{DO},p{k}_{DP},M,M^{\prime },\alpha ,\beta ,\gamma ,Csh,r)\to (r_1,v)$: chameleon signature update algorithm. Input the data owner’s private key $s{k}_{DO}$, the data requester’s public key $p{k}_{DP}$, ownership message M, updated ownership message $M^{\prime }$, and verification parameters $r,\alpha ,\beta ,\gamma$, and output the chameleon hash signature v and verification parameter $r_1$.

$$\begin{array}{cc}\hfill r_1& =\left(M-M^{\prime }+s{k}_{DO}·(r-\beta )\right)·s{k}_{DO}^{-1}modq\hfill \end{array}$$

(20)

$CH\_Verify(p{k}_{DO},s{k}_{DSP},Csh,M^{\prime },r_1,u,\alpha ,\beta ,\gamma )\to (0,1)$: ownership verification algorithm. Input the data owner’s public key $p{k}_{DO}$, the data sharing platform’s private key $s{k}_{DSP}$, the chameleon hash value $Csh$, the chameleon signature u, verification parameters $r_1,\alpha ,\beta ,\gamma$, and ownership information $M^{\prime }$, and output the verification result.

$$Csh=\left(g^{M^{\prime }+\alpha }·p{k}_{DO}^{r_1+\beta }·H_1{(g^M,p{k}_{DO}^R)}^{\gamma }\right)modp$$

(21)

$TrapdoorGen(S{k}_{DSP},w,QK)\to \left(TL\right)$: trapdoor generation algorithm. Input the data sharing platform’s private key $S{k}_{DSP}$, the keyword w, and the ownership token $QK$, and output the search trapdoor $TL$.

$$k\in Z_q^{\ast }$$

(22)

$$t{l}_1=H_2{\left(w\right)}^{1/s{k}_{DSP}},t{l}_2=g^k,t{l}_3=q{k}_2^{s{k}_{DSP}},t{l}_4=q{k}_3$$

(23)

$$TL=(t{l}_1,t{l}_2,t{l}_3,t{l}_4)$$

(24)

$Test(P{k}_{DSP},QK,TL,C_S)\to (0,1)$: keyword matching algorithm. Input the data sharing platform’s public key $P{k}_{DSP}$, the ownership token $QK$, the search trapdoor $TL$, and the ciphertext $C_S$, and output the verification result.

$$v\in Z_q^{\ast }$$

(25)

$$c_2·e(P{k}_{DSP}^{\nu }·g^{\nu ·r},P{k}_{DSP})=e(q{k}_3,{\displaystyle \frac{t{l}_1}{t{l}_2}})·e(t{l}_3,g^{\nu ·q{k}_1})$$

(26)

$ReEncryption(R{k}_{DO\to DP},C_m)\to \left(C_m^{\prime }\right)$: proxy re-encryption algorithm. Input the re-encryption key $R{k}_{DO\to DP}$ and output the re-encrypted ciphertext $C_m^{\prime }$.

$$C_1^{\prime }=C_1,C_2^{\prime }=C_2,C_3^{\prime }=C_3,C_4^{\prime }=C_4^{R{k}_{DO\to DP}}$$

(27)

$$C_m^{\prime }=(C_1^{\prime },C_2^{\prime },C_3^{\prime },C_4^{\prime })$$

(28)

$Decrypt(S{k}_{DP},C_m^{\prime })\to \left(m\right)$: decryption algorithm. Input the data requester’s private key $S{k}_{DP}$ and the re-encrypted ciphertext $C_m^{\prime }$, and output the plaintext m.

$$\begin{array}{c}\hfill m=C_1^{\prime }/e{(C_4^{\prime },H_3\left(i\right))}^{(1/S{k}_{DP})}\end{array}$$

(29)

6. Scheme Analysis

6.1. Scheme Analysis

The current section analyzes the correctness and security of the proposed solution.

Correctness Analysis

In this experiment, during the keyword matching test, the search keyword and ownership token from the data sharing platform are compared with the keyword and ownership set by the Data Owner. If they match, the verification is successful, and the ciphertext is retrieved.

$$c_2=e\left(P{k}_{DSP}^{\nu }·g^{\nu ·r},P{k}_{DSP}\right)=e\left(q{k}_3,{\displaystyle \frac{t{l}_1}{t{l}_2}}\right)·e\left(t{l}_3,g^{\nu ·q{k}_1}\right)$$

After the $DSP$ successfully matches the keyword on the consortium blockchain, it uses the ciphertext $C_m$ retrieved from the IPFS, and the re-encryption key $R{k}_{DO\to DP}$ to perform re-encryption, generating the re-encrypted ciphertext $C_m^{\prime }$.

$$ReEncryption(R{k}_{DO\to DP},C_m)\to \left(C_m^{\prime }\right)$$

For the data requester $DP$, it uses the private key $S{k}_{DP}$ to decrypt the re-encrypted ciphertext $C_m^{\prime }$. The message m is calculated as $m=C_1^{\prime }/e{(C_4^{\prime },H_3\left(i\right))}^{(1/S{k}_{DP})}$. The calculation process is as follows:

$${\displaystyle \frac{C_1^{\prime }}{e{(C_4^{\prime },H_3\left(i\right))}^{1/S{k}_{DP}}}}={\displaystyle \frac{e{(H_3\left(i\right),g)}^r·m}{e{(C_4^{\prime },H_3\left(i\right))}^{1/S{k}_{DP}}}}=m$$

6.2. Security Analysis

In the suggested ownership-based controllable data sharing framework, data ownership rights for participants are securely delineated and administered by the data owner utilizing chameleon signatures. Ownership labels can be dynamically modified by chameleon hash functions, facilitating adaptable yet verifiable management of data rights. The approach assures the unforgeability of ownership labels inside the EUF-CMA (Existential Unforgeability under Chosen Message Attack) security model, ensuring that an adversary, although being able to select arbitrary messages and acquire their signatures, cannot produce a valid signature. This safeguards the integrity, authenticity, and non-repudiation of data ownership. Moreover, to avert unwanted access by data managers or intermediaries, the method integrates searchable encryption and mitigates the risk of keyword guessing attacks via the IND-KGA (Indistinguishability under Keyword Guessing Attack) security model. This model guarantees that, even when trapdoors are created for keyword searches, adversaries are unable to infer or deduce sensitive keywords through repeated requests or analysis. The approach successfully reduces risks of privilege escalation, information leakage, and illegal data disclosure, hence strengthening ownership control and access secrecy.

6.2.1. Chameleon Signature Unforgeability

Theorem 1.

Let $H_1$ be a random oracle on the group $Z_q^{\ast }$. If the DL assumption holds, the chameleon signature algorithm proposed in this paper satisfies EUF-CMA security under the random oracle model.

Proof. 

Suppose there exists an adversary, A, that can solve the IND-KGA problem with non-negligible probability $ϵ$ in polynomial time under the random oracle model $H_1$. To prove that the adversary’s success probability is limited under the DL assumption, we construct a challenger, C. The challenger and the adversary simulate the following game to demonstrate the security of the scheme. The game process is as follows.

Initialization phase: challenger C selects $H_1:{\{0,1\}}^{\ast }\to Z_q^{\ast }$ and $H_2:{\{0,1\}}^{\ast }\to G$ as random oracles. It then inputs the system security parameter $\lambda$ and selects two prime numbers, p and q, where $p=2q+1$. Next, it chooses a random number, ${\alpha }_i\in Z_q^{\ast }$, and computes the private key as $s{k}_i={\alpha }_i$ and the public key as $p{k}_i=g^{{\alpha }_i}$. Similarly, it selects a random number, ${\alpha }_j\in Z_q^{\ast }$, and computes the private key as $s{k}_j={\alpha }_j$, and the public key as $p{k}_j=g^{{\alpha }_j}$.

Stage 1: adversary A initiates queries.

Chameleon hash signature generation: adversary A uses the chameleon hash public keys $p{k}_i,p{k}_j$, and data M to challenge the challenger, C. Then, based on A’s request, the challenger generates random perturbation parameters $\alpha \in Z_q^{\ast },\beta \in Z_q^{\ast }$, and $\gamma \in Z_q^{\ast }$. The challenger computes $Csh=(g^{M+\alpha }·p{k}_{DO}^{r+\beta }·H_1{(g^M,p{k}_{DO}^R)}^{\gamma })modp$, and generates the signature u using the signing algorithm $C{H}_{Signs}$. Finally, the challenger sends $(u^{\prime },Cs{h}^{\prime },r^{\prime })$ to adversary A.

Challenge: adversary A uses the chameleon hash public keys $p{k}_i$ and $p{k}_j$, along with data $M^{\prime }$. It is required that $M^{\prime }$ is not equal to M, and $(p{k}_i,p{k}_j,M^{\prime },\alpha ,\beta ,\gamma )$ has not been queried in Phase 1. Adversary A initiates a challenge to challenger C, generating $(u^{\prime },Cs{h}^{\prime },r^{\prime })$. Finally, the resulting tuple is sent to adversary A.

Stage 2: adversary A attempts to forge a signature.

Adversary A outputs a forged signature and verification parameters $(u^{\prime },Cs{h}^{\prime },r^{\prime })$. It uses the verification algorithm $CH\_Verify(p{k}_{DO},s{k}_{DSP},Csh,M^{\prime },r_1,u,\alpha ,\beta ,\gamma )\to (0,1)$, if the output is 1, and A has not previously queried the forged signature and verification parameters $(u^{\prime },Cs{h}^{\prime },r^{\prime })$, then the attack by A is successful. Otherwise, the attack fails.

Analysis: suppose adversary A successfully completes the attack with a non-negligible probability $ϵ$ in the random oracle model. The forged signature output by A satisfies:

$C\_sh=\left(g^{M^{\prime }+\alpha }·p{k}_{DO}^{R^{\prime }+\beta }·H_1{\left(g^{M^{\prime }},p{k}_{DO}^{R^{\prime }}\right)}^{\gamma }\right)modp$ The signature from Stage 1 satisfies:

$C_{sh}=\left(g^{M+\alpha }·p{k}_{DO}^{R+\beta }·H_1{\left(g^M,p{k}_{DO}^R\right)}^{\gamma }\right)modp$

By subtracting the two expressions, the random perturbation terms cancel out. We ultimately obtain a linear equation in x: $g^{M-M^{\prime }}·p{k}_{DO}^{R-R^{\prime }}·{\left({\displaystyle \frac{H_1\left(g^M,p{k}_{DO}^R\right)}{H_1\left(g^{M^{\prime }},p{k}_{DO}^{R^{\prime }}\right)}}\right)}^{\gamma }=1(modp)$ Through multiple forged signatures, the adversary can generate enough independent linear equations to solve for x.

Based on the description above, we have completed the simulation process for this scheme. The probability of the adversary successfully forging a signature is $ϵ$. The probability that challenger C successfully solves the DL problem is ${ϵ}_C={\displaystyle \frac{ϵ}{q_{hash}+q_{sign}}}$, where $q_{hash}$ and $q_{sign}$ represent the adversary’s number of hash queries and signature verification attempts, respectively. Since the DL assumption holds, the adversary’s success probability $ϵ$ is negligible. Therefore, the chameleon signature algorithm proposed in this paper satisfies EUF-CMA security in the random oracle model. □

6.2.2. Indistinguishability of Keyword Guessing Attacks

Theorem 2.

Assuming the DDH hardness problem holds, the ownership-based searchable scheme is IND-KGA secure in the standard model.

Proof. 

Assume there exists an adversary, A, that can solve the IND-KGA problem with a non-negligible advantage $ϵ$ in polynomial time. We will show that the success probability of this attacker is limited under the DDH assumption by constructing a challenger, C. Challenger C and the adversary will simulate the following game to prove the security of the scheme. The game process is as follows.

Initialization phase: challenger C selects a random number ${\alpha }_i\in Z_q^{\ast }$, computes the data owner $DO$’s private key as $S{k}_i={\alpha }_i$ and public key as $P{k}_i=g^{{\alpha }_i}$. Then, C selects a random number, ${\alpha }_l\in Z_q^{\ast }$, and computes the data management platform $DSP$’s private key as $S{k}_l={\alpha }_l$ and public key as $P{k}_l=g^{{\alpha }_l}$. Next, C randomly generates $a,b,c\in Z_q^{\ast }$, and provides the DDH difficulty parameters $(g,g^a,g^b,g^c)\in G_1$.

Stage 1: adversary $\mathbf{A}$ initiates a query.

Ownership token query: adversary A initiates a challenge to challenger C using the data owner $DO$’s public key, $P{k}_i$, the data sharing platform $DSP$’s public key, $P{k}_l$, and the ownership Q. Challenger C generates $q\in Z_q^{\ast }$, then computes

$$q{k}_1=H_1(Q,P{k}_i),q{k}_2={(P{k}_l·g^q)}^{1/(S{k}_i+H_1(Q,P{k}_i))},q{k}_3=q.$$

The challenger sends $QK=(q{k}_1,q{k}_2,q{k}_3)$ to adversary A.

Trapdoor query: adversary A, holding the ownership token $QK$ and the data owner $DO$’s public key, $P{k}_i$ and the data sharing platform $DSP$’s public key, $P{k}_l$, initiates another challenge to challenger C. Challenger C generates a random number, $k\in Z_q^{\ast }$, based on adversary A’s request, then computes

$$t{l}_1=H_2{\left(w\right)}^{1/S{k}_l},t{l}_2=g^k,t{l}_3=q{k}_2^{S{k}_l},t{l}_4=q{k}_3.$$

The challenger sends $TL=(t{l}_1,t{l}_2,t{l}_3,t{l}_4)$ to adversary A.

Challenge: adversary A generates two challenge keywords and an ownership token $Q{K}^{\prime }$, ensuring that $(P{k}_i,P{k}_l,w_1,w_2,Q{K}^{\prime })$ is not the same as the trapdoor queried in the previous stage. Challenger C generates a random number, $r^{\prime }\in Z_q^{\ast }$, then computes

$$q{k}_1^{\prime }=H_1(Q,P{k}_i),q{k}_2^{\prime }={(P{k}_l·g^{r^{\prime }})}^{1/(S{k}_i+H_1(Q,P{k}_i))},q{k}_3^{\prime }=r^{\prime }.$$

Then, a random choice of $b\in \{0,1\}$ is made, and

$$t{l}_1^{\prime }=H_2{\left(w\right)}^{1/S{k}_l},t{l}_2^{\prime }={\left(g^b\right)}^{1/{\alpha }_i},t{l}_3^{\prime }=q{k}_2^{S{k}_l}·g^c,t{l}_4^{\prime }=q{k}_3.$$

Finally, C sends the trapdoor $TL=(t{l}_1^{\prime },t{l}_2^{\prime },t{l}_3^{\prime },t{l}_4^{\prime })$ to adversary A.

Stage 2: the adversary continues to execute the time token and keyword queries from Stage 1, but cannot query $w_1,w_2$, and the ownership Q.

Guess: the adversary outputs a guessed parameter $b^{\prime }\in \{0,1\}$. If $b=b^{\prime }$, then challenger C outputs 1, indicating that $c=ab$ holds. Otherwise, it implies that $c\ne ab$.

Through the above description, we have completed the simulation process of this scheme. When $c=ab$ and assuming adversary A can win the game with a non-negligible advantage $ϵ$, challenger C’s advantage in solving the DDH hard problem is ${\displaystyle \frac{1}{2}}+ϵ$. On the other hand, when $c\ne ab$, challenger C’s advantage in solving the DDH hard problem is ${\displaystyle \frac{1}{2}}$. Therefore, the overall advantage of challenger C in solving the DDH hard problem is

$$V={\displaystyle \frac{1}{2}}·\left({\displaystyle \frac{1}{2}}+ϵ\right)+{\displaystyle \frac{1}{2}}·{\displaystyle \frac{1}{2}}-{\displaystyle \frac{1}{2}}={\displaystyle \frac{ϵ}{2}}.$$

Since $ϵ$ is non-negligible, challenger C can break the DDH hard problem with a non-negligible advantage, which contradicts the known DDH hard problem. Therefore, the assumption does not hold, and this scheme satisfies IND-KGA security. □

6.3. Performance Analysis

This section analyzes the performance of the proposed solution through functionality and efficiency analysis.

6.3.1. Functionality Analysis

Based on the requirements for data ownership and controllable sharing in the logistics process, this paper compares the functionality of the proposed scheme with other data ownership and controllable sharing schemes. The comparison focuses on features such as data ownership, multi-party ownership, dynamic changes, public verification, and controllable data sharing. As shown in

Table 2. Comparison of scheme functions.

Scheme	Data Ownership	Ownership Authorization	Dynamic Ownership Change	Permission Control	Public Verification
Reference [7]	✓	✓	×	×	✓
Reference [17]	✓	×	×	✓	✓
Reference [19]	✓	✓	×	×	×
Reference [20]	✓	×	✓	×	✓
Ours	✓	✓	✓	✓	✓

In the table, the symbol ‘×’ denotes that the function is not available, whereas ‘✓’ denotes that it is available.

, the proposed scheme can not only ensure public data ownership verification but also support dynamic changes in ownership and controllable sharing based on ownership. This guarantees multi-party data ownership and controllable sharing, with the data remaining under the control of the data owner.

6.3.2. Efficiency Analysis

The simulation experiments in this paper were conducted on a host with an Intel(R) Core(TM) i9-13500HX 2.20 GHz processor, 16 GB RAM, and a Windows 11 system. The cryptographic operations involved in the proposed scheme were simulated using the jpbc-2.0.0 library and compiled in the IDEA 2021 development environment.

6.3.3. Chameleon Signature

Let $T_p,T_{H1},T_{H2},T_{ex1},T_{ex2},T_{sm}$, and $T_{inv}$ represent the time for one bilinear pairing operation, the hash function computation time for $Z_q^{\ast }$, the hash function computation time for G, the modular exponentiation time for $Z_q^{\ast }$, the modular exponentiation time for G, the modular multiplication time for $Z_q^{\ast }$, and the modular inversion time, respectively. The sizes of $\left|G\right|$ and $|Z_p^{\ast }|$ are used to represent the subsequent communication overhead.

From a computational overhead perspective, the chameleon signature algorithm used in this scheme focuses on three aspects: signature generation, verification, and modification, as shown in

Table 3. Comparison of computational costs.

Algorithm	Reference [22]	Ours
$CH\_Sign$	$T_{ex2}+T_{inv}+T_{H2}$	$T_{ex1}+T_{H2}$
$CH\_Verify$	$4T_p+2T_{H2}+2T_{inv}$	$2T_p+2T_{ex1}+T_{H2}$
$CH\_ModSig$	-	$2T_{sm1}+T_{H2}+T_{inv}+T_{ex1}$

. Compared with the signature scheme in [22], the computational overhead of both the signature generation and verification algorithms in this scheme is slightly lower. Based on this, the scheme also enables the modification of chameleon signatures, addressing the issue of dynamically changing ownership during data sharing. In summary, this scheme achieves data ownership confirmation while ensuring the security and verification efficiency of data ownership.

From a communication overhead perspective, the chameleon signature algorithm used in this scheme is compared in terms of ownership registration and verification, as shown in

Table 4. Comparison of scheme communication costs.

Algorithm	Reference [22]	Ours
$Sign$	$\left|G\right|$	$\left|G\right|$
$CH\_Sign$	$\left|G\right|$	$3|Z_p^{\ast }|$

. The communication overhead of the original signature algorithm in [22] is $\left|G\right|=1024$ bit, which is the same as the communication overhead of the original signature in this scheme. For the communication overhead of chameleon signatures, the overhead of the algorithm used in this paper is $3|Z_p^{\ast }|=480$ bit, which is smaller than the communication overhead $\left|G\right|$ used in [22]. This indicates that this scheme has certain advantages in terms of communication. Therefore, the chameleon algorithm used in this paper can meet the multi-party ownership confirmation requirements during data sharing.

In terms of computational efficiency, the algorithm proposed in this paper was analyzed by taking data ranging from $200$ B to $800$ B. The experimental results are shown in Figure 5. As can be seen from the figure, the time overhead for generating the chameleon hash, chameleon signature, chameleon signature verification, and chameleon signature modification do not change significantly as the data size increases. Therefore, the data ownership confirmation scheme proposed in this paper is suitable for multi-party ownership generation and verification in data sharing, ensuring that the rights holders of the data are legally confirmed.

6.3.4. Ownership-Based Searchable Proxy Re-Encryption

We define $T_p,T_{m1},T_{m2},T_{e1}$, and $T_{e2}$ to represent the time for one bilinear pairing operation, the point multiplication time in $|G_1|$, the point multiplication time in $G_2$, the exponentiation time in $G_1$, and the exponentiation time in $G_2$, respectively. We also define $|G_1|$, $|G_2|$, and $\left|M\right|$ to represent the element lengths in $|G_1|$, the element lengths in $|G_2|$, and the plaintext bit length, respectively.

From a computational overhead perspective, the proxy re-encryption algorithm based on searchable ownership used in this scheme mainly focuses on generating ownership tokens, generating search traps, searching, and decrypting, as shown in

Table 5. Comparison of computational costs scheme.

Algorithm	Reference [16]	Ours
$QToken$	-	$2T_{e1}+T_p+T_{m1}$
$Trapdoor$	$T_{e1}$	$2T_{e1}+T_{e2}+T_{m1}$
$Test$	$5T_p+2T_{e1}+2T_{m1}+T_{m2}$	$4T_p+2T_{e1}+T_{m1}+T_{m2}$
$Dec$	$5T_p+2T_{e1}+2T_{m2}$	$2T_p+3T_{e1}+2T_{m2}$

. Compared with the overhead of the scheme in [16], this scheme implements the generation of ownership tokens, which allows data owners to effectively control the data that data managers can manage. The computational overhead during the testing and decryption phases of this scheme is slightly lower than that of the scheme in the referenced paper. However, the overhead during the trapdoor generation phase is slightly higher, as data managers need to compute the authorization of the ownership token. In conclusion, this scheme enables controllable data sharing while ensuring that data ownership remains manageable.

Table 6. Comparison of scheme communication costs.

Algorithm	Reference [16]	Ours
$ReEnc$	$3|G_1|+3|G_2|$	$3|G_1|+2|G_2|$
$Qtoken$	-	$|G_1|+|Z_p^{\ast }|$
$Trapdoor$	$|G_1|$	$2|G_1|+|Z_p^{\ast }|$

shows the comparison of communication overheads. The communication overhead of this scheme is slightly lower than that of the scheme in [16] during the re-encryption phase. However, the communication overhead during the trapdoor generation phase is slightly higher than that of the referenced scheme. Despite this, the proposed scheme achieves effective ownership control, which the referenced scheme does not. While additional communication overhead is introduced, the scheme enables an ownership-based authorization mechanism and satisfies IND-KGA security. Therefore, with reasonable communication overhead, this scheme can meet the needs of large-scale data sharing.

Figure 6 presents the keyword trapdoor generation phase under different keyword quantities, with the results mainly influenced by the number of keywords. As seen in Figure 6, the keyword trapdoor generation time increases linearly with the number of keywords for all schemes. Although this scheme uses dot multiplication, which slightly increases the time overhead, it provides better resistance against IND-KGA attacks. Furthermore, the actual overhead remains within an acceptable range.

Figure 7 presents the computational time overhead of each phase in the ownership-searchable proxy re-encryption algorithm used in this scheme. While ensuring data security and user privacy, the computational time overhead for each phase remains within an acceptable range. Therefore, the data sharing scheme proposed in this paper ensures that data are accessed only under legal authorization, enabling controllable sharing during the logistics circulation process.

7. Discussion & Conclusions

7.1. Discussion

The findings of this study offer a significant progression in secure logistics data governance by tackling the enduring issues of data ownership verification and manageable sharing in multi-party contexts. The suggested scheme, based on the theoretical framework of “three rights separation”, which categorizes data ownership into control, usage, and management rights, presents a technically viable and practically applicable architecture for data management among various stakeholders. The architecture provides a precise, dynamic, and verifiable method for ownership and access control through the combination of blockchain, chameleon signatures, searchable encryption, and proxy re-encryption.

This work’s significant contribution is the utilization of chameleon signatures for logistics data rights tagging. In contrast to static digital signature approaches, the chameleon signature mechanism allows data owners to securely alter ownership tags while preserving cryptographic integrity. This dynamic feature resolves a significant issue in current ownership models, which frequently do not adapt to alterations in access conditions or stakeholder roles over time. The approach, enhanced by blockchain’s immutability and transparency, guarantees real-time, tamper-proof verification of ownership updates, a crucial feature for distributed supply chains involving several entities that interact asynchronously.

A notable advancement is seen in the design of the “one authorization, one access” concept facilitated by proxy re-encryption and searchable encryption. This method guarantees that data are accessed solely under valid, user-specific circumstances, thereby mitigating the risk of unauthorized reuse or privilege escalation. Proxy re-encryption separates the functions of data proprietors and users, enabling third-party platforms to re-encrypt data without revealing the plaintext or jeopardizing the secrecy of the original information. Simultaneously, searchable encryption facilitates safe query operations, enabling data administrators to obtain pertinent records without disclosing sensitive information or access intentions. Collectively, these methods provide an equilibrium between data utility and privacy, a balance frequently challenging to attain in practical applications.

The security assessments utilizing EUF-CMA and IND-KGA models validate the cryptographic integrity of the proposed system. The scheme withstands existential forgery under chosen message attacks and mitigates keyword inference attacks, which are two prevalent threats in data sharing systems. These formal assurances not only affirm the framework’s robustness under adversarial conditions but also instill confidence in its implementation in semi-trusted or decentralized environments, such as public logistics platforms and consortium blockchains.

The simulation experiments demonstrate encouraging performance outcomes. The approach exhibits minimal computing overhead in signature generation, ownership modification, and encryption/decryption processes. Communication expenses are optimized, especially via the implementation of compact chameleon signatures and effective trapdoor mechanisms. In comparison with other prominent models cited in the literature, the suggested framework facilitates supplementary functions, including dynamic ownership transfer and public verifiability, without markedly diminishing system efficiency. This indicates that the method is both theoretically robust and capable of economical scalability for extensive logistics implementations.

Furthermore, our research contributes to the broader discourse on data sovereignty and decentralized governance, aligning with growing needs in Industry 4.0 and Web3.0 paradigms. By granting data proprietors meticulous control over access and utilization, and by providing clear verification processes, the system fosters enhanced yet secure collaboration across logistical participants. It facilitates adherence to privacy and data protection regulations (e.g., GDPR or China’s Personal Information Protection Law), which increasingly require verifiable control and accountability in data processing operations. However, the proposed scheme has certain limitations. The existing implementation assumes a dependable public key infrastructure and uniform participation from all stakeholders, which may not be assured in practical logistics networks. Furthermore, although the system accommodates dynamic updates, its real-time performance during high-frequency ownership alterations and data access requests need further enhancement. Integrating machine learning models to support predictive access control and policy automation could further enhance the intelligence and responsiveness of the system [26]. The suggested method constitutes a substantial advancement in secure logistics data sharing, establishing a solid framework for controlling ownership and enforcing access rights within a decentralized, collaborative setting. Future research may advance the current research by improving interoperability with external data governance systems [27], broadening support for cross-industry data exchange and investigating.

7.2. Conclusions

In the transforming logistics sector, data have become an essential asset, enhancing operational efficiency, strategic decision-making, and collaborative innovation. Nonetheless, the intrinsic difficulties of guaranteeing secure and dependable data sharing—particularly in multi-party contexts—have considerably obstructed the uninterrupted exchange of logistics information. The issues generally stem from ambiguity around data ownership, insufficient dynamic control mechanisms, and poor protections against unwanted access. This study proposes an innovative approach for data ownership verification and regulated sharing, based on the “three rights separation” paradigm, which distinctly defines the rights of data control, consumption, and management. The suggested approach presents a comprehensive framework that combines chameleon signatures with blockchain technology to incorporate ownership markers into data and facilitate their dynamic alteration by data owners. Chameleon signatures guarantee that ownership cannot be falsified or indiscriminately transferred, but blockchain offers an immutable and visible ledger for the real-time validation of ownership status. This combination allows the data owner to maintain control over data sharing and ownership throughout the data lifecycle, even within intricate and distributed logistical networks. The technique employs proxy re-encryption and searchable encryption technologies to enhance access control. These cryptographic methods enable data managers to handle encrypted information without direct access, guaranteeing that data are available solely under genuine and verifiable authorization. The “one authorization, one access” policy establishes stringent usage limitations, successfully reducing hazards related to over-sharing, identity impersonation, and privilege escalation.

Comprehensive security evaluations were performed, incorporating models to assess resilience against adaptive chosen-message attacks and keyword-guessing attacks. The findings indicate that the proposed approach meets EUF-CMA and IND-KGA security criteria, providing robust defense against forgery and inference attacks. Moreover, modeling testing confirmed the scheme’s feasibility, demonstrating advantageous computing and communication efficiency. These studies demonstrate the system’s scalability and adaptability in extensive logistics data contexts, rendering it appropriate for real-world implementation. In comparison with current methodologies, the proposed technique attains some notable improvements. It facilitates dynamic ownership management, guarantees public verifiability, allows flexible yet secure data access, and addresses the collaborative requirements of various players in the logistics sector. This technique addresses significant constraints in existing blockchain- and cryptography-based data exchange frameworks, especially those that find it challenging to reconcile transparency, flexibility, and security in multi-party contexts.

This research offers a comprehensive, secure, and flexible answer to the critical issues of data ownership and sharing in logistics. The proposed approach establishes a detailed and enforceable ownership structure, so enhancing confidence and accountability among participants while providing a foundation for scalable and intelligent logistics data governance. Future endeavors will investigate the incorporation of machine learning for astute policy enforcement and the enhancement of the model to facilitate cross-industry data exchange.