基于SM9的属性加密的区块链访问控制方案  被引量：3

作　　者：周权[1] 陈民辉 卫凯俊 郑玉龙 ZHOU Quan;CHEN Minhui;WEI Kaijun;ZHENG Yulong(School of Mathematics and Information Science,Guangzhou University,Guangzhou 510006,China;School of Computer Science and Cyber Engineering,Guangzhou University,Guangzhou 510006,China)

机构地区：[1]广州大学数学与信息科学学院,广州510006 [2]广州大学计算机科学与网络工程学院,广州510006

出　　处：《信息网络安全》2023年第9期37-46,共10页Netinfo Security

基　　金：国家重点研发计划[2021YFA1000600]。

摘　　要：信息化社会中数据的安全共享问题已引起人们的广泛关注。数据安全共享的关键是通过密码技术对数据的访问和使用加以控制,然而传统的访问控制或者公钥加密体制都已经暴露出其在数据共享上的不足,例如访问控制策略的数量易随用户规模的增大而增多,不易管理;传统的公钥加密体制需要获取每个用户的公钥信息,并需要一对一地发送密文,通信成本高;依赖第三方服务商存储数据有单点故障的风险等。为解决上述问题,文章首先引入分布式技术区块链和星际文件系统(IPFS),提出一种基于SM9的属性加密的区块链访问控制方案,实现了安全高效的一对多数据共享和细粒度的访问控制;然后,利用区块链技术使得用户数据不被纂改,实现了数据的安全存储且可审计;最后通过判定性q-PBDHE假设证明了所提方案的安全性。The issue of secure sharing of data in the information society has attracted a lot of attention.The key to secure data sharing is to control the access or use of data through cryptography.However,traditional access control or public key encryption systems have gradually revealed their shortcomings in data sharing,such as the number of access control policies tends to increase with the size of users,which is not easy to manage;the traditional public key encryption system needs to obtain the public key information of each user and send the cipher text one-to-one,which is costly to communicate;relying on third-party service providers to store data carries the risk of a single point of failure,etc.To solve the above problems,the paper introduced distributed technology blockchain and Interplanetary File System(IPFS),and proposed a blockchain access control scheme with SM9-based attribute encryption,which achieved secure and efficient one-to-many data sharing and fine-grained access control,while the blockchain made user data uncompiled and achieved secure storage and auditable data.Finally,the safety of the proposed scheme is proved by the deterministic q-parallel BDHE assumption.

关 键 词：SM9算法 属性加密 访问控制 区块链 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]