基于零知识证明的区块链密文数据共享与访问控制方案  

作　　者：任志鑫 闫恩华 陈韬伟 余益民[1] REN Zhixin;YAN Enhua;CHEN Taowei;YU Yimin(School of Information,Yunnan University of Finance and Economics,Kunming 650221,China;Intelligent Application Research Institute,Yunnan University of Finance and Economics,Kunming 650221,China)

机构地区：[1]云南财经大学信息学院,昆明650221 [2]云南财经大学智能应用研究院,昆明650221

出　　处：《北京邮电大学学报》2025年第1期87-91,113,共6页Journal of Beijing University of Posts and Telecommunications

基　　金：国家自然科学基金项目(61961042,71964037);云南省科技厅科技计划项目(202203AP140010,202202AD080011);云南省教育厅科学研究基金项目(2023Y0657);昆明市国际(对外)科技合作基地项目(GHJD-2022006)。

摘　　要：当前大多数解决方案仍然在区块链上保留了授权机构,这使得“不可能三角”问题在区块链中变得更为显著。为了打破传统由中央授权机构或可信第三方管理和分发密钥模式,引入了零知识证明机制,提出基于零知识证明的区块链密文数据共享与访问控制方案。首先,使用重加密协议实现了无需授权机构参与的属性基加密算法主密钥的安全管理和分发,并设计零知识证明以完成重加密的链下计算正确性验证;最后,开发区块链密文访问控制事务交易聚合电路进一步提升系统的可扩展性并降低链上成本。理论分析和仿真实验结果表明,相比传统密钥管理和分发模式,所提方案不仅可以实现安全高效的数据共享与访问控制,还可以有效地降低链上开销。The majority of existing solutions are observed to still retain an authorization authority on the blockchain,which is viewed as exacerbating the“blockchain trilemma”issue.To address this,a zero-knowledge proof mechanism has been introduced in order to break away from the traditional model where key management and distribution are conducted by a central authority or trusted third party.Initially,a re-encryption protocol is employed to enable secure management and distribution of the attribute-based encryption algorithm’s master key without the involvement of an authorization authority.The correctness of the off-chain computations in re-encryption is then verified by using zero-knowledge proofs.Finally,a transaction aggregation circuit for blockchain ciphertext access control is developed to enhance system scalability and reduce on-chain costs.Through theoretical analysis and simulation,it is demonstrated that,in comparison to the traditional key management and distribution model,secure and efficient data sharing and access control are achieved,and on-chain overhead is effectively reduced.

关 键 词：数据共享 访问控制 零知识证明 区块链 属性基加密 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]