基于代理重加密的区块链数据受控共享方案

doi:10.12263/DZXB.20210785

电子学报

• •

基于代理重加密的区块链数据受控共享方案

郭庆¹^,², 田有亮¹^,²^,³(), 万良¹

^1.贵州大学计算机科学与技术学院，贵州贵阳 550025
^2.贵州省公共大数据重点实验室，贵州贵阳 550025
^3.贵州大学密码学与数据安全研究所，贵州贵阳 550025

收稿日期:2021-06-24 修回日期:2022-01-13 出版日期:2022-07-12
- 通讯作者:
- 田有亮
- 作者简介:
- 郭庆女，1997年出生，贵州铜仁人.硕士研究生.主要研究方向为密码学与区块链技术.E-mail: qingguo_gq@163.com
  田有亮（通讯作者）男，1982年出生，贵州盘县人.博士，贵州大学教授，博士生导师.主要研究方向为算法博弈论、密码学与安全协议、大数据安全与隐私保护、区块链与电子货币.
  万良男，1974年出生，贵州铜仁人.博士，贵州大学教授，硕士生导师.主要研究方向为网络空间安全.E-mail: wanliangtr@163.com
- 基金资助:
- 国家自然科学基金 (61662009); 国家自然科学基金联合基金重点支持项目 (U1836205); 贵州省科技重大专项计划 (20183001); 贵州省科技计划项目 (黔科合基础［2019］1098); 贵州省高层次创新型人才项目 (黔科合平台人才［2020］6008); 贵阳市科技计划项目 (筑科合［2021］1-5)

Blockchain Data Controlled Sharing Scheme Based on Proxy Re-Encryption

GUO Qing¹^,², TIAN You-liang¹^,²^,³(), WAN Liang¹

^1.College of Computer Science and Technology，Guizhou University，Guiyang，Guizhou 550025，China
^2.Guizhou Provincial Key Laboratory of Public Big Data，Guiyang，Guizhou 550025，China
^3.Institute of Cryptography & Data Security，Guizhou University，Guiyang，Guizhou 550025，China

Received:2021-06-24 Revised:2022-01-13 Online:2022-07-12
- Corresponding author:
- TIAN You-liang

摘要/Abstract

摘要：

区块链以分布式共享全局账本的形式存储交易数据，数据共享难以实现隐私保护和可用性之间的平衡，现有的区块链数据共享方案在进行隐私保护的同时可用性较低，有效实现区块链数据访问权限的动态调整是一个挑战性问题.为此，本文提出基于代理重加密的区块链数据受控共享方案.首先，基于SM2构造代理重加密算法，并借此设计区块链数据受控共享方案，利用代理重加密保护交易数据隐私实现数据安全共享.其次，提出用户权限动态调整机制，区块链节点分工代理并对重加密密钥参数分割管理，实现用户访问权限确定性更新，交易数据的可见性得到动态调整.最后，安全性和性能分析表明，本方案可以在保护交易隐私的同时，实现区块链数据动态共享，并且在计算开销方面具有优势，更好地适用于区块链数据受控共享.

关键词: 区块链, 代理重加密, 隐私保护, SM2, 受控共享

Abstract:

The blockchain stores transaction data in the form of a distributed shared global ledger and it is difficult to achieve a balance between privacy protection and availability in data sharing. The existing blockchain data sharing schemes have low availability while protecting privacy and effectively realizing the dynamic adjustment of blockchain data access permissions is a challenging problem. To this end, this paper proposes a blockchain data controlled sharing scheme based on proxy re-encryption. Firstly, based on SM2, the proxy re-encryption algorithm is constructed to design a blockchain data controlled sharing scheme, using proxy re-encryption to protect the privacy of transaction data to achieve data secure sharing. Secondly, a dynamic adjustment mechanism of user permissions is proposed that the blockchain nodes division of labor agent and the re-encryption key parameters are dividedly managed to realize the assured update of user access rights, so that the visibility of the blockchain data can be dynamically adjusted. Finally, the security and performance analysis show that the scheme can realize the dynamic sharing of blockchain data while protecting transaction privacy, and has advantages in computing overhead, better suitable for the controlled sharing of blockchain data.

Key words: blockchain, proxy re-encryption, privacy protection, SM2, controlled sharing

中图分类号:

TP309.7

郭庆, 田有亮, 万良. 基于代理重加密的区块链数据受控共享方案[J]. 电子学报, DOI: 10.12263/DZXB.20210785.

GUO Qing, TIAN You-liang, WAN Liang. Blockchain Data Controlled Sharing Scheme Based on Proxy Re-Encryption[J]. Acta Electronica Sinica, DOI: 10.12263/DZXB.20210785.

图/表 9

图1 系统模型

图2 方案流程图

图3 区块链数据共享平台

表1 交易数据隐私保护需求表

数据拥有者	交易数据类型	数据使用者
数据拥有者	交易数据类型	参与方A	参与方B	参与方C	参与方D
参与方A	基础数据	可见	可见	不可见	可见
参与方A	敏感数据	可见	可见	不可见	不可见
参与方B	基础数据	可见	可见	可见	不可见
参与方B	敏感数据	不可见	可见	可见	不可见

表2 本文方案与现有研究方案对比

方案	密文访问控制	抗共谋攻击	授权确定性更新	重加密	可追溯
文献[3]	×	√	×	×	√
文献[14]	√	×	√	×	√
文献[15]	√	√	×	×	√
文献[26]	√	×	×	×	×
文献[12]	√	×	×	√	√
本文	√	√	√	√	√

表3 方案性能计算对比

方案	初始加密	重加密	解密
文献[18]	$3 T E + T P + 4 T H$	$2 T E + 2 T P + 3 T H$	$3 T E + 2 T P + 3 T H$
文献[27]	$3 T E + 2 T P + T H$	$T E + T P$	$T E + T P + T H$
文献[12]	$2 T E + T P + 3 T H$	$T P + 4 T H$	$T E + T P$
文献[28]	$4 T M + 2 T H + X O R$	$X O R$	$5 T M + 2 T H + X O R$
本文	$2 T M + 4 T H + X O R$	$X O R$	$T M + 2 T H + X O R$

表3 方案性能计算对比

方案	初始加密	重加密	解密
文献[18]	$3 T E + T P + 4 T H$	$2 T E + 2 T P + 3 T H$	$3 T E + 2 T P + 3 T H$
文献[27]	$3 T E + 2 T P + T H$	$T E + T P$	$T E + T P + T H$
文献[12]	$2 T E + T P + 3 T H$	$T P + 4 T H$	$T E + T P$
文献[28]	$4 T M + 2 T H + X O R$	$X O R$	$5 T M + 2 T H + X O R$
本文	$2 T M + 4 T H + X O R$	$X O R$	$T M + 2 T H + X O R$

表4 SM2公钥密码算法椭圆曲线参数

曲线参数	取值
$p$	FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF
$a$	FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC
$b$	28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93
$n$	FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123
$x G$	32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7
$y G$	BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0

表4 SM2公钥密码算法椭圆曲线参数

曲线参数	取值
$p$	FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF
$a$	FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC
$b$	28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93
$n$	FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123
$x G$	32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7
$y G$	BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0

图4 算法运行时间比较

图5 数据共享执行时间代价

参考文献 28

1	NAKAMOTO S. Bitcoin: A Peer-To-Peer Electronic Cash System[EB/OL]. [2021-3-26]. .
2	祝烈煌, 高峰, 沈蒙, 等. 区块链隐私保护研究综述[J]. 计算机研究与发展, 2017, 54(10): 2170-2186.
	ZHU L H, GAO F, SHEN M, et al. Survey on privacy preserving techniques for blockchain technology[J]. Journal of Computer Research and Development, 2017, 54(10): 2170-2186. (in Chinese)
3	NOETHER S, MACKENZIE A, RESEARCH LAB T M. Ring confidential transactions[J]. Ledger, 2016, 1: 1-18.
4	MIERS I, GARMAN C, GREEN M, et al. Zerocoin: anonymous distributed E-cash from bitcoin[C]//2013 IEEE Symposium on Security and Privacy. Berkeley: IEEE, 2013: 397-411.
5	KOSBA A, MILLER A, SHI E, et al. Hawk: the blockchain model of cryptography and privacy-preserving smart contracts[C]//2016 IEEE Symposium on Security and Privacy. San Jose: IEEE, 2016: 839-858.
6	DI FRANCESCO MAESA D, MORI P, RICCI L. Blockchain Based Access Control[C]//IFIP International Conference on Distributed Applications and Interoperable Systems. Cham: Springer, 2017: 206-220.
7	DI FRANCESCO MAESA D, MORI P, RICCI L. Blockchain based access control services[C]//2018 IEEE International Conference on Internet of Things(iThings) and IEEE Green Computing and Communications(GreenCom) and IEEE Cyber, Physical and Social Computing(CPSCom) and IEEE Smart Data. Halifax: IEEE, 2018: 1379-1386.
8	WANG R, TSAI W T, HE J, et al. A medical data sharing platform based on permissioned blockchains[C]//ICBTA 2018: Proceedings of the 2018 International Conference on Blockchain Technology and Application. Xi'an: ACM, 2018: 12-16.
9	LI R N, SONG T Y, MEI B, et al. Blockchain for large-scale Internet of Things data storage and protection[J]. IEEE Transactions on Services Computing, 2019, 12(5): 762-771.
10	董祥千, 郭兵, 沈艳, 等. 一种高效安全的去中心化数据共享模型[J]. 计算机学报, 2018, 41(5): 1021-1036.
	DONG X Q, GUO B, SHEN Y, et al. An efficient and secure decentralizing data sharing model[J]. Chinese Journal of Computers, 2018, 41(5): 1021-1036. (in Chinese)
11	WU S H, DU J. Electronic medical record security sharing model based on blockchain[C]//Proceedings of the 3rd International Conference on Cryptography, Security and Privacy. Melmaruvathur: ACM, 2019: 13-17.
12	WANG Z, TIAN Y L, ZHU J M. Data sharing and tracing scheme based on blockchain[C]//2018 8th International Conference on Logistics, Informatics and Service Sciences(LISS). Toronto: IEEE, 2018: 1-6.
13	WU A X, ZHANG Y H, ZHENG X K, et al. Efficient and privacy-preserving traceable attribute-based encryption in blockchain[J].Annals of Telecommunications, 2019, 74(7/8): 401-411.
14	田有亮, 杨科迪, 王缵, 等. 基于属性加密的区块链数据溯源算法[J]. 通信学报, 2019, 40(11): 101-111.
	TIAN Y L, YANG K D, WANG Z, et al. Algorithm of blockchain data provenance based on ABE[J]. Journal on Communications, 2019, 40(11): 101-111. (in Chinese)
15	FENG T, PEI H M, MA R, et al. Blockchain data privacy access control based on searchable attribute encryption[J]. Computers, Materials & Continua, 2020, 66(1): 871-890.
16	王秀利, 江晓舟, 李洋. 应用区块链的数据访问控制与共享模型[J]. 软件学报, 2019, 30(6): 1661-1669.
	WANG X L, JIANG X Z, LI Y. Model for data access control and sharing based on blockchain[J]. Journal of Software, 2019, 30(6): 1661-1669. (in Chinese)
17	苏铓, 吴槟, 付安民, 等. 基于代理重加密的云数据访问授权确定性更新方案[J]. 软件学报, 2020, 31(5): 1563-1572.
	SU M, WU B, FU A M, et al. Assured update scheme of authorization for cloud data access based on proxy re-encryption[J]. Journal of Software, 2020, 31(5): 1563-1572. (in Chinese)
18	SU M, ZHOU B, FU A M, et al. PRTA: A Proxy re-encryption based Trusted Authorization scheme for nodes on CloudIoT[J]. Information Sciences, 2020, 527: 533-547.
19	WANG X A, XHAFA F, MA J F, et al. Controlled secure social cloud data sharing based on a novel identity based proxy re-encryption plus scheme[J]. Journal of Parallel and Distributed Computing, 2019, 130: 153-165.
20	DENG H, QIN Z, WU Q H, et al. Flexible attribute-based proxy re-encryption for efficient data sharing[J]. Information Sciences, 2020, 511: 94-113.
21	SAMANTHULA B K, ELMEHDWI Y, HOWSER G, et al. A secure data sharing and query processing framework via federation of cloud computing[J]. Information Systems, 2015, 48: 196-212.
22	马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案[J]. 电子学报, 2018, 46(11): 2571-2579.
	MA X T, MA W P, LIU X X. A cross domain authentication scheme based on blockchain technology[J]. Acta Electronica Sinica, 2018, 46(11): 2571-2579. (in Chinese)
23	BLAZE M, BLEUMER G, STRAUSS M. Divertible protocols and atomic proxy cryptography[M]//Lecture Notes in Computer Science. Berlin: Springer, 1998: 127-144.
24	SHAO J, CAO Z F, LIANG X H, et al. Proxy re-encryption with keyword search[J]. Information Sciences, 2010, 180(13): 2576-2587.
25	WANG H B, CAO Z F, WANG L C. Multi-use and unidirectional identity-based proxy re-encryption schemes[J]. Information Sciences, 2010, 180(20): 4042-4059.
26	ZYSKIND G, NATHAN O, PENTLAND A S. Decentralizing privacy: Using blockchain to protect personal data[C]//2015 IEEE Security and Privacy Workshops. San Jose: IEEE, 2015: 180-184.
27	KIM S, LEE I. IoT device security based on proxy re-encryption[J].Journal of Ambient Intelligence and Humanized Computing, 2018, 9(4): 1267-1273.
28	CHEN B W, HE D B, KUMAR N, et al. A blockchain-based proxy re-encryption with equality test for vehicular communication systems[J]. IEEE Transactions on Network Science and Engineering, 2021, 8(3): 2048-2059.

[1]	张少波, 原刘杰, 毛新军, 朱更明. 基于本地差分隐私的K-modes聚类数据隐私保护方法[J]. 电子学报, 2022, 50(9): 2181-2188.
[2]	丁毅, 沈薇, 李海生, 钟琼慧, 田明宇, 李洁. 面向CNN的区块链可信隐私服务计算模型[J]. 电子学报, 2022, 50(6): 1399-1409.
[3]	佘维, 霍丽娟, 刘炜, 张志鸿, 宋轩, 田钊. 一种可隐藏敏感文档和发送者身份的区块链隐蔽通信模型[J]. 电子学报, 2022, 50(4): 1002-1013.
[4]	杨坤伟, 杨波, 周彦伟. 群智网络中基于区块链的有序聚合签名认证方案[J]. 电子学报, 2022, 50(2): 358-365.
[5]	郑锐, 汪秋云, 林卓庞, 靖蓉琦, 姜政伟, 傅建明, 汪姝玮. 一种基于威胁情报层次特征集成的挖矿恶意软件检测方法[J]. 电子学报, 2022, 50(11): 2707-2715.
[6]	蔡莹, 朱翔, 王舰, 李昊远, 韩建伟. 基于激光注入的FPGA加密防护设计验证研究[J]. 电子学报, 2022, 50(10): 2381-2386.
[7]	袁水莲, 皮德常, 胥萌. 基于差分隐私的轨迹隐私保护方法[J]. 电子学报, 2021, 49(7): 1266-1273.
[8]	朱健, 胡凯, 张伯钧. 智能合约的形式化验证方法研究综述[J]. 电子学报, 2021, 49(4): 792-804.
[9]	包象琳, 熊焰, 黄文超, 陈凯杰, 汪万森, 孟昭逸, 徐晓峰, 方贤进. 基于SmartVerif的比特币底层协议算力盗取漏洞发现[J]. 电子学报, 2021, 49(12): 2390-2398.
[10]	秦超霞, 郭兵, 沈艳, 苏红, 张珍, 周驰岷. 区块链的安全风险评估模型[J]. 电子学报, 2021, 49(1): 117-124.
[11]	郑孝遥, 罗永龙, 汪祥舜, 孙丽萍, 陈付龙, 胡桂银, 汪小寒. 基于位置服务的分布式差分隐私推荐方法研究[J]. 电子学报, 2021, 49(1): 99-110.
[12]	陈露, 相峰, 孙知信. 基于属性密码体制的区块链安全技术研究进展[J]. 电子学报, 2021, 49(1): 192-200.
[13]	吴立强, 韩益亮, 杨晓元, 张敏情, 杨凯. 基于理想格的鲁棒门限代理重加密方案[J]. 电子学报, 2020, 48(9): 1786-1794.
[14]	陈传明, 林文诗, 俞庆英, 罗永龙. 一种基于单点收益的轨迹隐私保护方法[J]. 电子学报, 2020, 48(1): 143-152.
[15]	孙君, 熊关. SCMA mMTC系统中基于联盟区块链的无线电资源交易的信用支付[J]. 电子学报, 2019, 47(8): 1677-1684.

基于代理重加密的区块链数据受控共享方案

Blockchain Data Controlled Sharing Scheme Based on Proxy Re-Encryption

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 28

相关文章 15

编辑推荐

Metrics