基于区块链和密文属性加密的访问控制方案  被引量：8

作　　者：张晓东 陈韬伟[1] 余益民[1,2] 王会源 Zhang Xiaodong;Chen Taowei;Yu Yimin;Wang Huiyuan(School of Information,Yunnan University of Finance&Economics,Kunming 650221,China;Intelligent Application Research Institute,Yunnan University of Finance&Economics,Kunming 650221,China)

机构地区：[1]云南财经大学信息学院,昆明650221 [2]云南财经大学智能应用研究院,昆明650221

出　　处：《计算机应用研究》2022年第4期986-991,共6页Application Research of Computers

基　　金：国家自然科学基金资助项目(71964037);中央引导地方科技发展专项资金项目(202007AD110001);电子政务建模仿真国家工程实验室开放课题项目(MEL-18-03)。

摘　　要：随着数字社会的到来,使得数据成为了重要的生产要素,为了充分释放数据要素价值,作为数据安全共享的访问控制技术是实现数据安全应用与治理的关键。因此,围绕分布式架构下密文及密钥的安全性问题提出了一种基于区块链的密文访问控制方案。该方案利用密文生成算法与验证合约实现外包密文存储的真实性与完整性验证;设计了基于安全多方计算的属性密码,实现了用户私钥的链下安全多方计算并确保了私钥的唯一性,极大缓解了单属性权威的计算压力,可有效保护用户属性隐私、避免单点故障;定义了格式化的事务数据结构,实现了访问控制的全过程追责。通过安全性分析、性能分析和实验仿真分析表明,该方案在安全性和性能上均满足通用区块链的需求,为数据开放共享提供了一种通用的区块链访问控制方案。With the advent of the digital society,data has become an important factors of productivity.In order to fully realize the values of data,access control as a technology of data security sharing is a fundamental component of data security and data governance.Therefore,this paper proposed a cipher-text access control scheme based on blockchain aiming at improving security of cipher-text and secret key in distributed architecture.Firsly,this scheme verified the authenticity and integrity of outsourced cipher-text storage by using cipher-text generation algorithm and verifiable smart contract.Secondly,it designed an attribute key based on off-chain secure multi-party computation(SMC)to ensure the security of the user’s secret key and the uniqueness of the secret key,which could reduce computational complexity of the single attribute authority,and could effectively protect the user’s attribute privacy and avoided the single point of failure.Finally,through defining the formatted transaction data structure,it realized the whole process accountability of access control on the blockchain.Security analysis,performance analysis and experimental simulation results show that proposed scheme meets the requirements of general blockchain in terms of security and performance,and provides a general block chain access control scheme for data sharing.

关 键 词：区块链 属性基加密 访问控制 属性隐藏 秘密共享 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]