SCIENTIA SINICA Informationis, Volume 51 , Issue 8 : 1345(2021) https://doi.org/10.1360/SSI-2020-0048

Access control scheme on blockchain and decentralized attributed-based algorithm with identity

More info
  • ReceivedMar 8, 2020
  • AcceptedJun 17, 2020
  • PublishedJul 29, 2021


Funded by





[1] Huang S, Chen L W, Fan B B. Data Security Sharing Method Based on CP-ABE and Blockchain. Computer Systems & Applications, 2019, 28: 79-86. Google Scholar

[2] Wang X L, Jiang X Z, Li Y, et al. Model for Data Access Control and Sharing Based on Blockchain. Journal of Software, 2019, 30: 1661-1669. Google Scholar

[3] Yang Y T, Cai J L, Zhang Y W, et al. Privacy Preserving Scheme in Block Chain with Provably Secure Based on SM9 Algorithm. Journal of Software, 2019, 30: 1692-1704. Google Scholar

[4] Zyskind G, Nathan O. Decentralizing privacy: using blockchain to protect personal data. In: Proceedings of 2015 IEEE Security and Privacy Workshops, 2015. 180--184. Google Scholar

[5] Zhang Q H. Research on identification and access control in blockchain. Dissertation for Master Degree. Beijing: Beijing Jiaotong University, 2018. Google Scholar

[6] Zhang Y, He D, Choo K K R. BaDS: Blockchain-Based Architecture for Data Sharing with ABS and CP-ABE in IoT. Wireless Commun Mobile Computing, 2018, 2018(2): 1-9 CrossRef Google Scholar

[7] Ding S, Cao J, Li C. A Novel Attribute-Based Access Control Scheme Using Blockchain for IoT. IEEE Access, 2019, 7: 38431-38441 CrossRef Google Scholar

[8] Li W, Xue K, Xue Y. TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage. IEEE Trans Parallel Distrib Syst, 2016, 27: 1484-1496 CrossRef Google Scholar

[9] Wang H, Song Y. Secure Cloud-Based EHR System Using Attribute-Based Cryptosystem and Blockchain. J Med Syst, 2018, 42: 152 CrossRef Google Scholar

[10] Tian Y L, Yang K D, Wang Z, et al. Algorithm of blockchain data provenance based on ABE. Journal on Communications, 2019, 40: 101-111. Google Scholar

[11] Sahai A, Waters B. Fuzzy identity-based encryption. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2005. 457--473. Google Scholar

[12] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006. 89--98. Google Scholar

[13] Cameron K. The laws of identity. Microsoft Corp, 2005, 12: 8-11 [2005-05]. http://www.identityblog.com. Google Scholar

[14] Fromknecht C, Velicanu D, Yakoubov S. Certcoin: A namecoin based decentralized authentication system 6.857 class project. 2014. Google Scholar

[15] Fromknecht C, Velicanu D, Yakoubov S. A Decentralized Public Key Infrastructure with Identity Retention. IACR Cryptology ePrint Archive, 2014, 2014: 803. Google Scholar

[16] Axon L. Privacy-awareness in blockchain-based pki. Cdt technical paper series, 2015. Google Scholar

[17] Axon L, Glodsmith M. Pb-pki: A privacy-aware blockchain-based PKI. In: Proceedings of the 14th International Conference on Security and Cryptography, 2017. Google Scholar

[18] Lewison K, Corella F. Backing rich credentials with a blockchain PKI. 2016, http://pomcor.com. Google Scholar

[19] Miers I, Garman C, Green M, et al. Zerocoin: anonymous distributed e-cash from bitcoin. In: Proceedings of 2013 IEEE Symposium on Security and Privacy, 2013. 397--411. Google Scholar

[20] Sasson E B, Chiesa A, Garman C, et al. Zerocash: decentralized anonymous payments from bitcoin. In: Proceedings of 2014 IEEE Symposium on Security and Privacy, 2014. 459--474. Google Scholar

[21] Nakamoto S. Bitcoin: a peer-to-peer electronic cash system. 2009, https://bitcoin.org/bitcoin.pdf. Google Scholar

[22] Buterin V. A next-generation smart con-tract and decentralized application platform. 2013. https://github.com/ethereum/wiki/wiki/White-Paper. Google Scholar

[23] Cachin C. Architecture of the hyperledger blockchain fabric. Workshop on Distributed Cryptocurrencies and Consensus Ledgers, 2016. Google Scholar

[24] Beimel A. Secure schemes for secret sharing and key distribution. Technion-Israel Institute of technology, Faculty of computer science, 1996. Google Scholar

[25] Shamir A. How to share a secret. Commun ACM, 1979, 22: 612-613 CrossRef Google Scholar

[26] Pedersen T P. A threshold cryptosystem without a trusted party. In: Proceedings of Workshop on the Theory and Application of of Cryptographic Techniques. Berlin: Springer, 1991. 522--526. Google Scholar

[27] Chase M. Multi-authority attribute based encryption. In: Proceedings of Theory of Cryptography Conference, 2007. 515--534. Google Scholar

[28] Lewko A, Waters B. Decentralizing attribute-based encryption. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2011. 568--588. Google Scholar

[29] Dunphy P, Petitcolas F A P. A First Look at Identity Management Schemes on the Blockchain. IEEE Secur Privacy, 2018, 16: 20-29 CrossRef Google Scholar

  • Figure 1

    (Color online) Universal processes

  • Figure 2

    (Color online) Time curve fitting of calculating $\mathrm{OPK}$ with different $t$

  • Table 1   Functional characteristics comparison
    Features Ref. [6] Ref. [8] Our scheme
    Central manager's effect Mastering main secret key and generate private keys for other devices. Combine main public key at System Setup. None. Nodes negotiate the choice of $\mathrm{GP}$ by Blockchain.
    Blockchain's effect Provide consensus mechanism like PBFT. Save encrypted data.
    Public cloud storage's effect Save encrypted data. Save encrypted data.
    Smart contract's effect Save, update, verify the access control policy; save encrypted symmetric keys. Execute business logic; initialize system, organization and authorize attributes.
    Role definition Not obvious, all devices except central manager are users. One certificate authority, many attribute authorities and users. Include organizations and users, which have similar features.
    Users' identity authentication Identities are supported by Blockchain and its consensus mechanism, or divided by business id. Certificate authority is responsible for identity verification. In different domains, users can combine specific identities by authorized attributes.
    Access control on data Smart contract saves and updates the access control policy. ABE controls the access control policy. ABE controls the access control policy.
    Decentralization's supportPBFT and smart contract. Multi-attribute Authorities. User communicates with others by the chain of trust.
    ABE's features Centralized ABE, attributes are confirmed in system setup. Decentralized ABE, attributes are confirmed in system setup. Decentralized ABE, attributes are subsequently generated by organizations or users.
  • Table 2   Calculation cost comparison
    Steps Ref. [6] Ref. [8] Our scheme
    Global setup $E+P$ $E+P+tE_T$ $P$
    User setup $E_T+E$
    Org setup $n(t-2)N+E_T$
    User: $n(t-2)N+E_T$
    Smart contract: $tE_T$
    User generate attributes $E$
    Org generate attributes
    User: $n(t-2)N+E$
    Smart contract: $tE$
    User KeyGen $(3+|S|)E+P$ $E$
    Org KeyGen
    Org's member: $(3+|S|)E$
    Request user: $(2+|S|)tE$
    Org's member: $E$
    Request user: $tE$
    Encryption $E_T~+~(3|C|+1)E$ $E_T~+~(3|C|+1)E$ $E_T+|C|(2E_T+3E)$
    Decryption $P+|S|(2P+E_T)$ $P+|S|(2P+E_T)$ $|S|(2P+E_T)$
  • Table 3   Benchmark operation time reference
    Operation Time (ms)
    $N$ 0.024
    $E_T$ 0.157
    $P$ 1.464
    $E$ 2.019
  • Table 4   Algorithm running time (ms)
    Steps Ref. [8] Our scheme
    Global setup 4.665[$E+P+tE_T$] 3.440[$P$]
    User setup 2.195[$E_T+E$]
    Org setup 2.152[$n(t-2)N+E_T$]
    User: 2.234[$n(t-2)N+E_T$]
    Smart contract: 0.369[$tE_T$]
    User generate attributes 2.032[$E$]
    Org generate attributes
    User: 2.069[$n(t-2)N+E$]
    Smart contract: 4.089[$tE$]
    User KeyGen 2.140[$E$]
    Org KeyGen
    Org's member: 12.492[$(3+|S|)E$]
    Request user: 23.884[$(2+|S|)tE$]
    Org's member: 1.693[$E$]
    Request user: 4.085[$tE$]
    Encryption 14.652[$E_T~+~(3|C|+1)E$] 13.090[$E_T+|C|(2E_T+3E)$]
    Decryption 9.365[$P+|S|(2P+E_T)$] 6.431[$|S|(2P+E_T)$]
  • Table 5   Org initialization's time with different $(t,n)$ (ms)
    $(t,n)$ User generate share User generate ${\rm~opk}_i$ Smart contract calculate $\mathrm{OPK}$
    $(2,3)$ 0.049 2.185 0.369
    $(10,30)$ 0.342 2.162 4.117
    $(20,30)$ 0.657 2.179 13.788
    $(20,60)$ 0.868 2.178 13.778
    $(200,300)$ 22.877 2.218 1151.472
  • Table 6   Encryption and decryption time with different attributes (ms)
    Number of Encryption with Encryption with Decryption with Decryption with
    attributes used all “AND" all “OR" all “AND" all “OR"
    2 13.079 9.071 6.382 6.462
    4 25.838 17.822 12.640 12.618
    8 51.526 35.306 25.248 25.170
    16 102.436 70.267 50.829 50.058
    32 204.648 140.809 99.709 100.947

Contact and support