Trusted access control mechanism for data with blockchain-assisted attribute encryption

Abstract

In the growing demand for data sharing, how to realize fine-grained trusted access control of shared data and protect data security has become a difficult problem. Ciphertext policy attribute-based encryption (CP-ABE) model is widely used in cloud data sharing scenarios, but there are problems such as privacy leakage of access policy, irrevocability of user or attribute, key escrow, and trust bottleneck. Therefore, we propose a blockchain-assisted CP-ABE (B-CP-ABE) mechanism for trusted data access control. Firstly, we construct a data trusted access control architecture based on the B-CP-ABE, which realizes the automated execution of access policies through smart contracts and guarantees the trusted access process through blockchain. Then, we define the B-CP-ABE scheme, which has the functions of policy partial hidden, attribute revocation, and anti-key escrow. The B-CP-ABE scheme utilizes Bloom filter to hide the mapping relationship of sensitive attributes in the access structure, realizes flexible revocation and recovery of users and attributes by re-encryption algorithm, and solves the key escrow problem by joint authorization of data owners and attribute authority. Finally, we demonstrate the usability of the B-CP-ABE scheme by performing security analysis and performance analysis.