CN113761583A - Attribute-based access control method on block chain - Google Patents

Abstract

The invention discloses an access control method based on attributes on a block chain.A data owner encrypts and stores personal data on an interplanetary file system, and stores a returned file hash value in a block chain account book as a storage certificate, thereby solving the problems of single point failure and the like in the traditional scheme; secondly, decentralized access control based on attributes is implemented through a block chain, a trusted third party in the traditional scheme is replaced, and the problems of trust of people, opaqueness in the access process and the like are solved; and finally, sharing of the symmetric key among a plurality of attributes is realized through a linear integer secret sharing algorithm, a data requester has to possess a certain number of legal attribute private keys to recover the symmetric key, and the problems of key leakage and the like possibly existing in the traditional scheme are solved.

Description

Attribute-based access control method on block chain

Technical Field

The invention belongs to the technical field of cryptography and information security, and particularly relates to an attribute-based access control method on a block chain.

Background

Along with the popularization of the internet of things, big data and the like, the data brings convenience to people and brings a plurality of privacy problems. Therefore, how to realize secure sharing among multiple parties on the premise of ensuring data privacy and further fully exerting the application value of data becomes a primary concern of people. The conventional scheme proposes a plurality of access control methods, but most of them implement the access control of data through a central mechanism, which brings the following problems: (1) the central authority may provide false authorization to the data user for personal benefit; (2) the centralized access policy management has the problems of single point of failure and the like; (3) the access process is opaque.

The tamper-proof, non-forgeable nature of the blockchain provides some solutions to the above problems. Many scholars propose to implement access control of data through blockchain techniques. However, most schemes are dedicated to ensuring the integrity of files and the public transparency of the operation process, but neglect the privacy of resources, and have the problems of key leakage and the like; or only the user public key or the identity is used for carrying out access control, which is not suitable for fine-grained access control in complex scenes. Therefore, the realization of decentralized attribute-based fine-grained access control through a blockchain still has very important research value and significance.

Disclosure of Invention

The invention aims to provide an access control method based on attributes on a block chain, which solves the problems of trust and opaque access control process in the prior art.

The technical scheme adopted by the invention is that the access control method based on the attribute on the block chain is implemented according to the following steps:

step 1, a data owner locally encrypts personal data by using a symmetric encryption algorithm to obtain a ciphertext CT; the specific process is as follows:

Encrypt_keySecret(data) → CT: firstly, a data owner randomly selects a secret number s locally, calculates a hash value keySecret h(s) to generate a symmetric key keySecret, wherein h(s) is a one-way hash function, and then encrypts personal data by using the keySecret as a symmetric key through a symmetric encryption algorithm to obtain a ciphertext CT (namely CT ═ Encrypt)_keySecret(data)；

Step 2, the data owner uploads the ciphertext CT to an interplanetary file system;

step 3, the interplanetary file system returns an address hash of the ciphertext CT_CT；

Step 4, the data owner locally establishes an attribute-based access Policy about personal data and a decryption token about ciphertext CT

And use the address hash_CTAs symmetric key, the symmetric algorithm is used to encrypt and decrypt the token

Forming a ciphertext token:

then, in a transaction form, hash the resource address of the ciphertext CT returned by the interplanetary file system_CTCryptogram token

Uploading the access Policy based on the attribute to a block chain account book;

step 5, the data requester sends a request for accessing the resource to the data owner through the block chain, and the block chain verifies whether the data requester meets the corresponding access strategy according to the attribute in the request of the data requester;

and 6, if yes, returning the file address hash_CTSub-policy P satisfied by attributes of data requestor_iTo the data requester;

step 7, the data requester receives the file address hash_CTAnd P_iThen according to hash_CTSearching ciphertext data CT corresponding to the data resource data on the interplanetary file system;

step 8, returning the resource address hash by the interplanetary file system_CTThe corresponding ciphertext CT is sent to the data requester;

step (ii) of9. After receiving the ciphertext CT, the data requester sends a corresponding decryption request requestDecrypt (P) to the block chain_i)；

Step 10, after receiving the request, the blockchain parses the request, and then, the sub-policy P included in the request of the data requester is analyzed_iThe attribute of (2) is Hash calculation, i.e. Key is Hash (P)_i) Obtaining the Key corresponding to the account book data, and then searching the corresponding encrypted decryption token from the block chain account book according to the Key

And sending to the data requester;

step 11, the data requester receives the ciphertext token

Then, use the address hash_CTAnd decrypting to obtain a decryption Token, then locally executing a decryption algorithm according to an attribute private key in Token to obtain a decryption key of the ciphertext CT, and further obtaining plaintext data.

The present invention is also characterized in that,

step 4 is specifically implemented according to the following steps:

step 4.1, a data owner registers a user account on a block chain, wherein an owerId is used as an identification of a personal account, an owerName is used as a user name of the personal account, and the data owner can record personal information, a file resource address under the name of the data owner and an access control strategy through the account;

step 4.2, the data owner stores the address hash of the ciphertext CT returned by the interplanetary file system on the block chain_CTBecause the block chain stores data in a Key-Value pair form, the resource identifier resId is used as a Key, and the user identifier ownerId, the data file name resName and the file address hash are used as keys_CTAs Value, storing data to the blockchain account book;

step 4.3, the data owner uploads the access Policy to the blockchain, and the uploaded content includes (policyId, Object, Policy), wherein, policyId refers to the only attribute-based access PolicyAn identifier, Object { resId, owerId, resName } indicates personal resource information of the data owner, where resId refers to the resource identifier, owerId refers to the personal identifier of the data owner for associating the user with the access Policy, resName refers to the resource name, Policy refers to the attribute-based access Policy, and is determined by the subject Policy P_SubjectWith environment policy P_EnvironmentIn combination, a data requestor can access data of a data owner only if both policies are satisfied, Policy format is:

Policy＝P_Subject∧P_Environment

subject policy P_SubjectAn access policy, P, comprising attributes of data requestors granted access to personal data resources by a data owner_SubjectComposed of many sub-strategies by disjunctive normal form, P_SubjectExample formats of (d) are:

P_Subject＝P₁∨P₂∨...∨P_n

the sub-policy contains attributes of data requesters which a plurality of data owners permit to access, such as the unit, department and position of the data requesters, wherein the sub-policy has an example format as follows:

P_Environmentrepresenting environment policies, such as time periods, the data owner sets the access time period of the personal resource, and if the access time of the data requester is not in the time period, the data requester is denied access;

the data owner can also implement dynamic management of updating, deleting and inquiring of the personal access policy through the block chain.

4.4, in order to ensure the security of the symmetric key, the data owner divides the secret number s associated with the key into a secret share corresponding to each attribute locally through a linear integer secret sharing algorithm, thereby indirectly realizing the sharing of the symmetric key among a plurality of attributes;

LISS(P_Subject,s)→(s₁,s₂,...s_d)^T: data owner inputs subject policy P_SubjectAnd a secret number s, then the algorithm is based on P_SubjectConstructing a strategy matrix

And mapping function psi (·), namely, each row of the matrix corresponds to an attribute psi (i),1 ≦ i ≦ d, and some random numbers ρ are selected_iI ≦ 2 ≦ e, and forms a linear combination with the secret value s, ρ ═ s, ρ₂,ρ₃,...ρ_e)^TD and e refer to

Rows and columns of; final calculation

Outputting the secret share(s) corresponding to each attribute₁,s₂,...s_d)^TThen share s of the secret_iDistribution to attribute Ψ (i);

wherein the strategy matrix

The specific construction method of (2) is as follows:

the data owner according to the subject Policy P in the access Policy_SubjectConstructing a corresponding strategy matrix:

first order M_o∈Z^1×1Meaning that only one element, i.e. M, is present in the matrix_o＝[1]Simultaneously, a matrix M is supposed to be formed for Z^d×eWherein c ∈ Z^eRepresents the first column of M, r ∈ Z^d×(e-1)All columns in M except the first are represented, and secondly, the following 3 construction rules are followed:

rules1: for each attribute in the access policy, M may be used_oRepresents;

rule 2: for any OR gate, i.e. P_Subject＝P_a∨P_bLet a

And

is a policy P_aAnd strategy P_bRespectively formed matrix, and then, constructing an OR gate matrix

Representation by policy P_aFormed matrix M_aAnd strategy P_bFormed matrix M_bCo-formed policy matrix M_ORWherein M is_ORIs formed by two matrices M_aAnd M_bColumn vector c of_aAnd c_bFormed in series, then d_aLine 1 is formed by_aI.e. the matrix M_aThe remaining columns except the first column and e_b0 are formed in series, finally, d_bColumn-1 is composed of_bAnd e_aEach 0 is formed by connecting in series, and the specific expression is as follows:

rule 3: for any AND gate, i.e. P_Subject＝P_a∧P_b. Let

And

is a policy P_aAnd strategy P_bRespectively formed matrix, then an AND gate matrix is constructed

To representBy policy P_aFormed matrix M_aAnd strategy P_bFormed matrix M_bCo-formed policy matrix M_ANDWherein M is_ANDIs formed by a column vector c_aAnd c_b0 are connected in series, the second column is formed by c_aAnd c_bAre formed in series, then d_aLine 1 is formed by_aI.e. the matrix M_aThe remaining columns except the first column and e_b0 are formed in series, finally, d_bColumn-1 is composed of_bAnd e_aEach 0 is formed by connecting in series, and the specific expression is as follows:

step 4.5, the data owner stores the attribute and the secret share s corresponding to the attribute on the blockchain_i(ii) a Due to the subject policy P_SubjectIs composed of many sub-policies, so the main attribute set of data requester

The access right can be obtained as long as one of the sub-policies is satisfied;

thus, the data owner constructs a decryption token locally for each sub-policy, assuming that the data owner is targeting sub-policy P_iDecryption token constructed as in equation (1)

As shown in equation (2):

wherein

The secret share set corresponding to the attribute in the finger policy is expressed by equation (3), psi (i)_n) Representation matrix

Represents the nth attribute

And the nth attribute

Corresponding to the nth secret value

As shown in the formula (4),

representing attributes in sub-policies in a policy matrix

The matrix formed by the corresponding row vectors is shown in equation (5):

step 4.6, the data owner stores the secret share corresponding to the attribute, namely the attribute private key, in the block chain, and the specific process is as follows:

data ownerAddress hash of ciphertext CT returned by using interplanetary file system_CTAs symmetric key, the decryption token is encrypted using a symmetric encryption algorithm

Form a

Is encrypted by the encryption key

Then the ciphertext token

Uploading to a block chain;

because the account book of the block chain stores data in a Key-Value form, the strategy P is matched_iThe hashed value of the attribute in (1) is Hash (P)_i) Is Key, encrypted decryption token

Data is stored for Value to the blockchain ledger.

Step 5 is specifically implemented according to the following steps:

first, the data requestor sends its own access request to the blockchain: request (Subject'_attrsresId), where Subject'_attrsThe block chain receives the request, analyzes the request, then searches corresponding Policy according to the resource identifier (resId) in the request, specifies that one resource corresponds to one access Policy, so that the identifier of the resource corresponds to the identifier of the Policy, namely, resId → policyId, and then judges the main attribute set of the data requester

Whether or not an attribute-based access policy, i.e., P, set in advance by the data owner is satisfied_SubjectIf so, then determine if the access time accessTime is within the specified access timeI.e. the access between the start time startTime and the end time endTime is a valid access:

Policy.P_Environment.startTime≤accessTime≤Policy.P_Environment.endTime。

the step 11 is specifically implemented according to the following steps:

step 11.1,

Data requestor gets ciphertext token

Then, a symmetric encryption algorithm is executed locally to use the file address hash of the data owner_CTAs a symmetric key for decryption, a decryption token corresponding to the attribute of the user is obtained

Step 11.2, obtain the decryption token

Thereafter, the data requester locally executes a decryption algorithm to obtain a symmetric key secret about the ciphertext CT:

the algorithm is based first on the decryption token

Row vector matrix of

Solving; where ξ is a known target vector,

get λ, then calculate:

a secret number s is obtained, which is then subjected to a hash algorithm:

keySecret＝H(s)，

a symmetric key secret is obtained,

and finally, decrypting the ciphertext CT by using the keySecret to obtain plaintext data: decrypt_keySecret(CT)＝data。

The invention has the beneficial effects that the attribute-based access control method on the block chain provides a decentralized attribute-based fine-grained access control method aiming at the problems that the access control process in the existing scheme is opaque, the central mechanism is not completely trusted, the key transmission process is possibly leaked and the like. Firstly, decentralized access control is implemented through the blockchain, a user can obtain a storage address of a data resource after verification of the blockchain, and each access is recorded on a blockchain account book, so that the access process is guaranteed to be transparent. Secondly, dividing the symmetric key into a secret share corresponding to each attribute through a linear integer secret sharing algorithm, encrypting the secret shares through a resource address, and storing the secret shares in a block chain account book. A user can obtain a resource address and an access sub-strategy met by the user only through verification of a block chain, then requests a corresponding ciphertext token from the block chain through the sub-strategy, decrypts the secret token through the resource address to obtain an attribute private key, and finally calculates plaintext data, so that the problems of key leakage and the like possibly existing in the traditional scheme are effectively solved.

Drawings

FIG. 1 is a model diagram of an attribute-based access control scheme on a blockchain;

fig. 2 is a timing diagram of an attribute-based access control scheme on a blockchain.

Detailed Description

The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.

The access control method based on the attribute on the block chain is implemented by combining the following steps with the figures 1-2:

step 1, the data owner encrypts personal data locally by using a symmetric encryption algorithm to obtain a ciphertext CT. The specific process is as follows:

Encrypt_keySecret(data) → CT: firstly, a data owner randomly selects a secret number s locally, calculates a hash value keySecret h(s) to generate a symmetric key keySecret, wherein h(s) is a one-way hash function, and then encrypts personal data by using the keySecret as a symmetric key through a symmetric encryption algorithm to obtain a ciphertext CT (namely CT ═ Encrypt)_keySecret(data)。

And 2, uploading the ciphertext CT to an interplanetary file system by the data owner.

Step 3, the interplanetary file system returns an address hash of the ciphertext CT_CT。

Step 4, the data owner locally establishes an attribute-based access Policy about personal data and a decryption token about ciphertext CT

And use the address hash_CTAs symmetric key, the symmetric algorithm is used to encrypt and decrypt the token

Forming a ciphertext token:

then, in a transaction form, hash the resource address of the ciphertext CT returned by the interplanetary file system_CTCryptogram token

And uploading the attribute-based access Policy to the blockchain account book.

The specific process is as follows:

step 4.1, the data owner first registers a user account number on the block chain, wherein the owerld is used as the identification of the personal account (the data owner is assigned by the system when the user registers), and the owername is used as the user name of the personal account. Through the account, the data owner can record personal information and file resource addresses and access control strategies under the name of the data owner.

Step 4.2, the data owner stores the address hash of the ciphertext CT returned by the interplanetary file system on the block chain_CT. Because the block chain stores data in a Key-Value pair form, the resource identifier resId is used as a Key, the user identifier ownerId (used for associating a user with a data file and indicating that the file belongs to the user ownerId), the data file name resName and the file address hash are used as keys, and the data file name resName and the file address hash are used as keys_CTAs Value, data is stored to the blockchain ledger.

And 4.3, uploading the access Policy to the block chain by the data owner, wherein the uploaded content comprises the following contents: (policyId, Object, Policy), where policyId refers to a unique identifier for an attribute-based access Policy. Object indicates personal resource information of the data owner, where resId refers to a resource identifier, ownerId refers to a personal identifier of the data owner, for associating a user with an access policy, and resName refers to a resource name. Policy refers to an attribute-based access Policy, which is a body Policy P_SubjectWith environment policy P_EnvironmentIn combination, a data requestor can access the data of the data owner only if both policies are satisfied. The Policy format is:

Policy＝P_Subject∧P_Environment

subject policy P_SubjectRefers to an access policy consisting of attributes of data requestors that are granted access to personal data resources by the data owner. P_SubjectComposed of many sub-strategies by disjunctive normal form, P_SubjectExample formats of (d) are:

P_Subject＝P₁∨P₂∨...∨P_n

the sub-policy contains attributes of data requesters which a plurality of data owners permit to access, such as the unit, department, position, etc. can be used as the attributes of the data requesters, wherein the example format of the sub-policy is as follows:

P_Environmentrepresenting environmental policies such as time periods, the data owner sets the access time period for the personal resource and will be denied access if the access time of the data requestor is not within this time period.

The data owner can also dynamically manage updating, deleting, inquiring and the like of the personal access policy through the block chain.

4.4, in order to ensure the security of the symmetric key keySecret, the data owner locally divides the secret number s associated with the keySecret into one secret share corresponding to each attribute through a linear integer secret sharing algorithm, thereby indirectly realizing the sharing of the symmetric key among a plurality of attributes.

LISS(P_Subject,s)→(s₁,s₂,...s_d)^T: data owner inputs subject policy P_SubjectAnd a secret number s, then the algorithm is based on P_SubjectConstructing a strategy matrix

And mapping function psi (·), namely, each row of the matrix corresponds to an attribute psi (i),1 ≦ i ≦ d, and some random numbers ρ are selected_iI ≦ 2 ≦ e, and forms a linear combination with the secret value s, ρ ═ s, ρ₂,ρ₃,...ρ_e)^TD and e refer to

Rows and columns. Final calculation

Outputting the secret share(s) corresponding to each attribute₁,s₂,...s_d)^TThen will beSecret share s_iAnd distributes to attribute Ψ (i).

Wherein the strategy matrix

The specific construction method of (2) is as follows:

the data owner according to the subject Policy P in the access Policy_SubjectConstructing a corresponding strategy matrix:

first order M_o∈Z^1×1Meaning that only one element, i.e. M, is present in the matrix_o＝[1]. At the same time, suppose that a matrix M belongs to Z^d×eWherein c ∈ Z^eRepresenting the first column of M. r is formed as Z^d×(e-1)Representing all columns in M except the first column. Next, the following 3 construction rules are followed.

Rule 1: for each attribute in the access policy, M may be used_oAnd (4) showing.

Rule 2: for any OR gate, i.e. P_Subject＝P_a∨P_b. Let

And

is a policy P_aAnd strategy P_bEach forming a matrix. Then, an OR gate matrix is constructed

Representation by policy P_aFormed matrix M_aAnd strategy P_bFormed matrix M_bCo-formed policy matrix M_OR. Wherein M is_ORIs formed by two matrices M_aAnd M_bColumn vector c of_aAnd c_bFormed in series, then d_aLine 1 is formed by_aI.e. matrixM_aThe remaining columns except the first column and e_b0 are formed in series, finally, d_bColumn-1 is composed of_bAnd e_a0 are formed in series. The specific expression is as follows:

rule 3: for any AND gate, i.e. P_Subject＝P_a∧P_b. Let

And

is a policy P_aAnd strategy P_bEach forming a matrix. Then, an AND gate matrix is constructed

Representation by policy P_aFormed matrix M_aAnd strategy P_bFormed matrix M_bCo-formed policy matrix M_AND. Wherein M is_ANDIs formed by a column vector c_aAnd c_b0 are connected in series, the second column is formed by c_aAnd c_bAre formed in series, then d_aLine 1 is formed by_aI.e. the matrix M_aThe remaining columns except the first column and e_b0 are formed in series, finally, d_bColumn-1 is composed of_bAnd e_a0 are formed in series. The specific expression is as follows:

step 4.5, the data owner stores the attribute and the secret share s corresponding to the attribute on the blockchain_i. Due to the subject policy P_SubjectIs composed of many sub-policies, so the main attribute set of data requester

Access rights can be obtained as long as one of the sub-policies is satisfied.

Thus, the data owner constructs a decryption token locally for each sub-policy, e.g. now the data owner constructs a decryption token for sub-policy P_iA decryption token constructed (as shown in equation (1))

Is (as shown in formula (2)):

wherein

Secret share set corresponding to attribute in finger policy (as shown in formula (3)), psi (i)_n) Representation matrix

Represents the nth attribute

And the nth attribute

Corresponding to the nth secret value

(as shown in equation (4)).

Representing attributes in sub-policies in a policy matrix

The corresponding row vectors in (a) form a matrix (as shown in equation (5)).

Step 4.6, the data owner stores the secret share corresponding to the attribute, i.e. the attribute private key, on the blockchain. The specific process is as follows:

address hash of ciphertext CT returned by data owner through interplanetary file system_CTAs symmetric key, the decryption token is encrypted using a symmetric encryption algorithm

Form a

Is encrypted by the encryption key

Then the ciphertext token

Uploading to a blockchain.

Because the account book of the block chain stores data in a Key-Value form, the strategy P is matched_iThe hashed value of the attribute in (1) is Hash (P)_i) (where H () is a one-way hash function) as Key to decrypt the encrypted token

Data is stored for Value to the blockchain ledger.

And 5, the data requester initiates a request for accessing the resource to the data owner through the block chain, and the block chain verifies whether the data requester meets a corresponding access strategy according to the attribute in the request of the data requester. The specific process is as follows:

first, the data requestor sends its own access request to the blockchain: request (Subject'_attrsresId), where Subject'_attrsThe set of personal attributes containing the data requestor, i.e., the set of body attributes, the resId refers to the identity of the resource that is desired to be accessed. After receiving the request, the blockchain parses the request, and then looks up the corresponding Policy according to the resource identifier resId in the request (provide: one resource corresponds to one access Policy, so the identifier of the resource corresponds to the identifier of the Policy, i.e., resId → policyId). Then judges the Subject attribute set Subject of the data requester'_attrsWhether or not an attribute-based access policy, i.e., P, set in advance by the data owner is satisfied_Subject. If yes, then judging whether the access time accessTime is within the specified access time, namely the access between the start time startTime and the end time endTime is valid access:

Policy.P_Environment.startTime≤accessTime≤Policy.P_Environment.endTime

and 6, if yes, returning the file address hash_CTSub-policy P satisfied by attributes of data requestor_iTo the data requestor.

Step 7, the data requester receives the file address hash_CTAnd P_iThen according to hash_CTAnd searching ciphertext data CT corresponding to the data resource data on the interplanetary file system.

Step 8, the interstellar file system returns a resource address hash_CTThe corresponding ciphertext CT is provided to the data requestor.

Step 9, after receiving the ciphertext CT, the data requester sends a corresponding decryption request requestDecrypt (P) to the block chain_i)。

Step 10, after the block chain receives the request, the block chain analyzes the request. Then, the sub-policy P contained in the request to the data requestor_iThe attribute of (2) is Hash calculation, i.e. Key is Hash (P)_i) Obtaining the Key corresponding to the account book data, and then searching the corresponding encrypted decryption token from the block chain account book according to the Key

And sent to the data requestor.

Step 11, the data requester receives the ciphertext token

Then, use the address hash_CTAnd decrypting to obtain a decryption Token, then locally executing a decryption algorithm according to an attribute private key in Token to obtain a decryption key of the ciphertext CT, and further obtaining plaintext data. The specific process is as follows:

in the step 11.1, the method comprises the following steps of,

data requestor gets ciphertext token

e, executing symmetric encryption algorithm locally to use the file address hash of the data owner_CTAs a symmetric key for decryption, a decryption token corresponding to the attribute of the user is obtained

Step 11.2, get the decryption token

Thereafter, the data requester locally executes a decryption algorithm to obtain a symmetric key secret about the ciphertext CT:

the algorithm is based first on the decryption token

Row vector matrix of

Solve (where ξ is one known target vector):

lambda is obtained. Secondly, calculating:

a secret number s is obtained. A hash algorithm is then performed on it:

keySecret＝H(s)，

resulting in the symmetric key secret.

And finally, decrypting the ciphertext CT by using the keySecret to obtain plaintext data:

Decrypt_keySecret(CT)＝data。

Claims (4)

1. the method for controlling access based on attributes on a block chain is characterized by comprising the following steps:

step 1, a data owner locally encrypts personal data by using a symmetric encryption algorithm to obtain a ciphertext CT; the specific process is as follows:

Encrypt_keySecret(data) → CT: firstly, a data owner randomly selects a secret number s locally, calculates a hash value keySecret h(s) to generate a symmetric key keySecret, wherein h(s) is a one-way hash function, and then encrypts personal data by using the keySecret as a symmetric key through a symmetric encryption algorithm to obtain a ciphertext CT (namely CT ═ Encrypt)_keySecret(data)；

Step 2, the data owner uploads the ciphertext CT to an interplanetary file system;

step 3,Address hash for returning ciphertext CT by interplanetary file system_CT；

Step 4, the data owner locally establishes an attribute-based access Policy about personal data and a decryption token about ciphertext CT

And use the address hash_CTAs symmetric key, the symmetric algorithm is used to encrypt and decrypt the token

Forming a ciphertext token:

then, in a transaction form, hash the resource address of the ciphertext CT returned by the interplanetary file system_CTCryptogram token

Uploading the access Policy based on the attribute to a block chain account book;

step 5, the data requester sends a request for accessing the resource to the data owner through the block chain, and the block chain verifies whether the data requester meets the corresponding access strategy according to the attribute in the request of the data requester;

and 6, if yes, returning the file address hash_CTSub-policy P satisfied by attributes of data requestor_iTo the data requester;

step 7, the data requester receives the file address hash_CTAnd P_iThen according to hash_CTSearching ciphertext data CT corresponding to the data resource data on the interplanetary file system;

step 8, returning the resource address hash by the interplanetary file system_CTThe corresponding ciphertext CT is sent to the data requester;

step 9, after receiving the ciphertext CT, the data requester initiates a corresponding decryption request to the block chainrequestDecrypt(P_i)；

Step 10, after receiving the request, the blockchain parses the request, and then, the sub-policy P included in the request of the data requester is analyzed_iThe attribute of (2) is Hash calculation, i.e. Key is Hash (P)_i) Obtaining the Key corresponding to the account book data, and then searching the corresponding encrypted decryption token from the block chain account book according to the Key

And sending to the data requester;

step 11, the data requester receives the ciphertext token

Then, use the address hash_CTAnd decrypting to obtain a decryption Token, then locally executing a decryption algorithm according to an attribute private key in Token to obtain a decryption key of the ciphertext CT, and further obtaining plaintext data.

2. The method according to claim 1, wherein the step 4 is implemented by the following steps:

step 4.1, a data owner registers a user account on a block chain, wherein an owerId is used as an identification of a personal account, an owerName is used as a user name of the personal account, and the data owner can record personal information, a file resource address under the name of the data owner and an access control strategy through the account;

step 4.2, the data owner stores the address hash of the ciphertext CT returned by the interplanetary file system on the block chain_CTBecause the block chain stores data in a Key-Value pair form, the resource identifier resId is used as a Key, and the user identifier ownerId, the data file name resName and the file address hash are used as keys_CTAs Value, storing data to the blockchain account book;

step 4.3, the data owner uploads the access Policy to the blockchain, and the uploaded content includes (policyId, Object, Policy), wherein, policyId refers to the baseThe unique identifier of the access Policy for the attribute, Object { resId, owerId, resName } indicates personal resource information of the data owner, where resId refers to the resource identifier, owerId refers to the personal identifier of the data owner for associating the user with the access Policy, resName refers to the resource name, Policy refers to the access Policy based on the attribute, and is defined by the subject Policy P_SubjectWith environment policy P_EnvironmentIn combination, a data requestor can access data of a data owner only if both policies are satisfied, Policy format is:

Policy＝P_Subject∧P_Environment

subject policy P_SubjectAn access policy, P, comprising attributes of data requestors granted access to personal data resources by a data owner_SubjectComposed of many sub-strategies by disjunctive normal form, P_SubjectExample formats of (d) are:

P_Subject＝P₁∨P₂∨...∨P_n

the sub-policy contains attributes of data requesters which a plurality of data owners permit to access, such as the unit, department and position of the data requesters, wherein the sub-policy has an example format as follows:

P_Environmentrepresenting environment policies, such as time periods, the data owner sets the access time period of the personal resource, and if the access time of the data requester is not in the time period, the data requester is denied access;

the data owner can also implement dynamic management of updating, deleting and inquiring the personal access strategy through the block chain;

4.4, in order to ensure the security of the symmetric key, the data owner divides the secret number s associated with the key into a secret share corresponding to each attribute locally through a linear integer secret sharing algorithm, thereby indirectly realizing the sharing of the symmetric key among a plurality of attributes;

LISS(P_Subject,s)→(s₁,s₂,...s_d)^T: data owner inputs subject policy P_SubjectAnd a secret number s, then the algorithm is based on P_SubjectConstructing a strategy matrix

And mapping function psi (·), namely, each row of the matrix corresponds to an attribute psi (i),1 ≦ i ≦ d, and some random numbers ρ are selected_iI ≦ 2 ≦ e, and forms a linear combination with the secret value s, ρ ═ s, ρ₂,ρ₃,...ρ_e)^TD and e refer to

Rows and columns of; final calculation

Outputting the secret share(s) corresponding to each attribute₁,s₂,...s_d)^TThen share s of the secret_iDistribution to attribute Ψ (i);

wherein the strategy matrix

The specific construction method of (2) is as follows:

the data owner according to the subject Policy P in the access Policy_SubjectConstructing a corresponding strategy matrix:

first order M_o∈Z^1×1Meaning that only one element, i.e. M, is present in the matrix_o＝[1]Simultaneously, a matrix M is supposed to be formed for Z^{d ×e}Wherein c ∈ Z^eRepresents the first column of M, r ∈ Z^d×(e-1)Indicated in M except for the first columnAll remaining columns, secondly, follow the following 3 construction rules:

rule 1: for each attribute in the access policy, M may be used_oRepresents;

rule 2: for any OR gate, i.e. P_Subject＝P_a∨P_bLet a

And

is a policy P_aAnd strategy P_bRespectively formed matrix, and then, constructing an OR gate matrix

Representation by policy P_aFormed matrix M_aAnd strategy P_bFormed matrix M_bCo-formed policy matrix M_ORWherein M is_ORIs formed by two matrices M_aAnd M_bColumn vector c of_aAnd c_bFormed in series, then d_aLine 1 is formed by_aI.e. the matrix M_aThe remaining columns except the first column and e_b0 are formed in series, finally, d_bColumn-1 is composed of_bAnd e_aEach 0 is formed by connecting in series, and the specific expression is as follows:

rule 3: for any AND gate, i.e. P_Subject＝P_a∧P_bLet a

And

is a policy P_aAnd strategy P_bAre each formed ofMatrix, then, an AND gate matrix is constructed

Representation by policy P_aFormed matrix M_aAnd strategy P_bFormed matrix M_bCo-formed policy matrix M_ANDWherein M is_ANDIs formed by a column vector c_aAnd c_b0 are connected in series, the second column is formed by c_aAnd c_bAre formed in series, then d_aLine 1 is formed by_aI.e. the matrix M_aThe remaining columns except the first column and e_b0 are formed in series, finally, d_bColumn-1 is composed of_bAnd e_aEach 0 is formed by connecting in series, and the specific expression is as follows:

step 4.5, the data owner stores the attribute and the secret share s corresponding to the attribute on the blockchain_i(ii) a Due to the subject policy P_SubjectIs composed of many sub-policies, so the main attribute set of data requester

The access right can be obtained as long as one of the sub-policies is satisfied;

thus, the data owner constructs a decryption token locally for each sub-policy, assuming that the data owner is targeting sub-policy P_iDecryption token constructed as in equation (1)

As shown in equation (2):

wherein

The secret share set corresponding to the attribute in the finger policy is expressed by equation (3), psi (i)_n) Representation matrix

Represents the nth attribute

And the nth attribute

Corresponding to the nth secret value

As shown in the formula (4),

representing attributes in sub-policies in a policy matrix

The matrix formed by the corresponding row vectors is shown in equation (5):

step 4.6, the data owner stores the secret share corresponding to the attribute, namely the attribute private key, in the block chain, and the specific process is as follows:

address hash of ciphertext CT returned by data owner through interplanetary file system_CTAs symmetric key, the decryption token is encrypted using a symmetric encryption algorithm

Form a

Is encrypted by the encryption key

Then the ciphertext token

Uploading to a block chain;

because the account book of the block chain stores data in a Key-Value form, the strategy P is matched_iThe hashed value of the attribute in (1) is Hash (P)_i) Is Key, encrypted decryption token

Data is stored for Value to the blockchain ledger.

3. The method according to claim 2, wherein said step 5 is implemented by the following steps:

first, the data requestor sends its own access request to the blockchain: request (Subject'_attrsresId), where Subject'_attrsContaining personal attribute sets of data requesters, i.e.A main body attribute set, resId refers to the identification of the resource that the block chain wants to access, after receiving the request, the block chain parses the request, then searches the corresponding Policy according to the resource identification resId in the request, specifies that one resource corresponds to one access Policy, so the identifier of the resource corresponds to the identifier of the Policy, namely resId → policyId, and then judges the main body attribute set of the data requester

Whether or not an attribute-based access policy, i.e., P, set in advance by the data owner is satisfied_SubjectIf yes, then judging whether the access time accessTime is within the specified access time, namely the access between the start time startTime and the end time endTime is valid access:

Policy.P_Environment.startTime≤accessTime≤Policy.P_Environment.endTime。

4. the method according to claim 3, wherein said step 11 is implemented according to the following steps:

step 11.1,

Data requestor gets ciphertext token

Then, a symmetric encryption algorithm is executed locally to use the file address hash of the data owner_CTAs a symmetric key for decryption, a decryption token corresponding to the attribute of the user is obtained

Step 11.2, obtain the decryption token

Thereafter, the data requestor executes the decryption algorithm locally toObtain the symmetric key secret about the ciphertext CT:

the algorithm is based first on the decryption token

Row vector matrix of

Solving; where ξ is a known target vector,

get λ, then calculate:

a secret number s is obtained, which is then subjected to a hash algorithm:

keySecret ═ h(s), resulting in a symmetric key keySecret,

and finally, decrypting the ciphertext CT by using the keySecret to obtain plaintext data: decrypt_keySecret(CT)＝data。

Images