CN111737340A - Block chain storage encryption method based on attribute encryption - Google Patents

Abstract

The invention provides a block chain storage encryption method based on attribute encryption, which belongs to the technical field of data encryption and comprises the following steps: step 1, an external user requests to access data on a chain; step 2, checking whether an external user meets the access condition or not through a medical record identifier and a medical record object set by an attribute encryption algorithm; step 3, if not, access is refused; if the data are matched, the goal of accessing the data on the chain is achieved through the consensus algorithm SCA. The method combines the block chain technology with the attribute encryption to protect the data on the chain, namely the doctor-patient data of the patient, so as to realize the safe sharing of the electronic medical record; the block chain has natural advantages for privacy protection, and the invention combines the technologies of cryptography, computer network, asynchronous Byzantine fault tolerance and the like, optimizes the consensus mechanism in the chain, and designs and realizes a alliance chain with low delay and certain throughput.

Description

Block chain storage encryption method based on attribute encryption

Technical Field

The invention belongs to the technical field of data encryption, and particularly relates to a block chain storage encryption method based on attribute encryption.

Background

Today, the importance of medical data of patients is self-evident. However, medical data of different hospitals cannot be shared, which results in medical delay to some extent. Therefore, people realize sharing of medical data through sharing of electronic medical records, but the electronic medical records sharing has the problems of safety, privacy protection and the like to a certain extent, and the problems can be solved to a certain extent by encrypting the data.

The block chain has great advantages in protecting the privacy information of the patient due to high redundancy, distributed storage, incapability of tampering and management of multiple signature complex authorities, and the record can be greatly simplified and the safety can be improved through the block chain. The block chain is composed of invariable data records (data blocks), medical data are stored on the blocks, and the data are connected in a cryptographic mode, so that the safety of the data is ensured. Meanwhile, the data on the blockchain is public, and the data is guaranteed to be not falsified through the time stamp.

Attribute encryption (ABE) is a new one-to-many encryption scheme, which essentially implements access control to encrypted data by defining the identity of a user through attributes, thereby introducing an access control structure defined by the attributes. The core of the algorithm of attribute encryption is to embed the attribute/policy into the key/ciphertext. The ABE scheme is classified into key policy-based attribute encryption (KP-ABE) and ciphertext policy-based attribute encryption (CP-ABE) according to an embedded object.

In the prior art, Scher Tengfei and the like propose an electronic medical information sharing model based on a block chain, and solve the problem that medical information of each unit is not shared timely to a certain extent; azaria Z proposes that a medical system is established through a block chain, and the system sets authority for acquiring medical data; xia Q has proposed a privacy disclosure problem that may occur when medical data is shared, in a weak trust hosting environment, through a blockchain.

Among the schemes for encrypting electronic medical records using attribute encryption, ibrimi proposes a patient-centric scheme, where a Trusted Authority (TA) is responsible for managing attributes in the public domain and the medical record owner himself acts as a TA in the personal domain to publish attributes related to the personal domain. Thus, the medical record owner can encrypt the key, allowing only users with attributes that satisfy the associated access structure to successfully decrypt.

The prior art scheme is mostly a working mode of a workload mechanism of a public link in a block chain, data is transmitted on the public link, a situation that the data cannot be updated in time exists, and the time of one transaction is far longer than that of a alliance link mode. Moreover, as the number of users increases, the cost of the users and the energy consumption of the whole system increase, and finally the system may not support the users to continue the transaction. At the same time, a single TA is used in attribute encryption to manage the user attributes of the public domain, which may lead to a single point of failure and at the same time to key escrow problems, considering the fact that the TA can access all encrypted files.

In the existing public chain consensus algorithm, such as a workload certification-based consensus algorithm (POW), a large amount of resource waste and a high-volume incentive mechanism are relied on, and ten-thousand-level full-node data synchronization is only realized, and the efficiency problem exists. The efficiency of a Byzantine fault-tolerant algorithm (BFT) based on message transmission used by the existing alliance chain is higher than that of POW, but fault tolerance can be realized only among hundreds of nodes, and the existing alliance chain has the defect of small number of fault-tolerant nodes.

Therefore, the application provides an encryption method for block chain storage based on attribute encryption.

Disclosure of Invention

In order to overcome the defects in the prior art, the invention provides a block chain storage encryption method based on attribute encryption.

In order to achieve the above purpose, the invention provides the following technical scheme:

a block chain storage encryption method based on attribute encryption comprises the following steps:

step 1, an external user requests to access data on a chain;

step 2, checking whether an external user meets the access condition or not through a medical record identifier and a medical record object set by an attribute encryption algorithm;

step 3, if not, access is refused; if the data are matched, the goal of accessing the data on the chain is achieved through the consensus algorithm SCA.

Preferably, in the step 3, the process of executing the consensus algorithm SCA is as follows:

step 3.1, judging whether consensus is achieved; if yes, returning to the main node to wait for a user request; otherwise, executing step 3.2;

step 3.2, executing a practical Byzantine fault-tolerant algorithm;

step 3.3, continuously judging whether consensus is achieved; if yes, returning to the main node to wait for a user request; otherwise, the master node is replaced and the step 3.2 is returned.

Preferably, the consensus algorithm SCA of step 2 comprises two phases in total.

Preferably, the successful flow of the consensus algorithm SCA of the first stage is as follows:

(1) a Request stage: the client sends the request to a leader node in the service node, and the next stage is entered after the leader node passes the check request;

(2) and a Commit stage: the leader node numbers the request and forwards the numbered request to all the replica nodes, after receiving the request, the replica nodes directly carry out local processing on the request and obtain a processing result, then directly return the response signature to the client, and enter the next stage;

(3) a Reply stage: the client independently receives responses from all the service nodes, and if all the responses are the same, the consensus is considered to be achieved;

(4) the Response phase: the client needs to return the received responses with the signatures of the representative nodes to all the representative nodes, and the server checks that the responses are the same, so that the consensus at this stage is successful.

Preferably, the fault-tolerant flow analysis of the consensus algorithm SCA of the first stage is as follows:

(1) a Request stage: the leader node and the Reqlica nodes 1,2 and 3 are still the same as the successful process (1) and enter the next stage; at the moment, a Byzantine error occurs in the Replica4 node;

(2) and a Commit stage: the leader node and the Replica 1,2 and 3 have the same successful flow and enter the next stage; at this time, the order of processing the requests by the Replica4 node may not be consistent with Replica 1,2 and 3 due to Byzantine errors;

(3) a Reply stage: the client independently receives the consistent responses from the leader node and the Replica nodes 1,2 and 3, but receives the inconsistent responses from the Replica4 node or receives no response from the Replica4 at all; therefore, the system cannot enter a Response stage in a successful flow, and after the timeout waiting, the client judges that the request is unsuccessful and tries to reinitiate the request;

(4) a sonic stage: if the client receives different response results from the server copy, the client sends the received different responses with the signatures of the representative nodes to all the representative nodes, and the representative nodes enter an Abort stage immediately after verifying that the responses are really inconsistent; or the server cannot receive error feedback of the client, so as to trigger a server overtime check mechanism;

(5) abort stage: all the representative nodes enter a rollback state, rollback the previous commit to the local processing result, and judge that the system in the current asynchronous network has a Byzantine error node; triggering the switching of the consensus algorithm, and switching the system to use a two-stage PBFT algorithm.

Preferably, when the consensus algorithm SCA used in the first stage fails to achieve consensus, the system determines that a byzantine node exists in the asynchronous network, so the system switches to the second stage consensus, the PBFT practical byzantine fault-tolerant algorithm used in the second stage consensus, and the flow analysis of the second stage PBFT consensus algorithm is as follows:

(1) the Reuqest phase: the client sends the request to a Leader node in the server;

(2) Pre-Prepare stage: the Leader node forwards the request to all the replica nodes; in this stage, the replica node ensures that the master node Leader does not send two messages with the same number but different contents;

(3) stage Prepare: all nodes sign the message and broadcast the prefix message to other nodes, and if the same node receives at least 2f +1 prefix messages from different nodes, the node enters a Commit stage; this stage is to get a consensus on a series of messages sent by the leader; determining which message of the leader is being agreed upon;

(4) and a Commit stage: all nodes broadcast commit messages, when 2f +1 commit messages including the nodes are received, enough nodes count the commit stage, namely, consensus is achieved;

(5) a Reply stage: the node returns the response of the request to the user, and when the user receives more than f +1 different responses, the request is confirmed to be successful.

Preferably, the attribute encryption algorithm is divided into four steps, namely system initialization, key distribution, data encryption and data decryption.

The block chain storage encryption method based on attribute encryption provided by the invention has the following beneficial effects:

(1) the invention protects the data on the chain, namely the doctor-patient data of the patient by applying the block chain technology and combining the attribute encryption, thereby realizing the safe sharing of the electronic medical record;

(2) the block chain has natural advantages for privacy protection, the invention combines the technologies of cryptography, computer network, asynchronous Byzantine fault tolerance and the like, optimizes the consensus mechanism in the chain, and designs and realizes a alliance chain with low delay and certain throughput;

(3) the invention provides a new layered consensus algorithm dsBFT, which can have higher throughput and lower delay than the existing consensus algorithm when the network robustness is better, and can realize that when the number of Byzantine nodes in a system is less than one third of the total number of the nodes of the system, the system can obtain the actual asynchronous Byzantine fault-tolerant capability by reducing the throughput and increasing the delay;

(4) according to the invention, an effective attribute encryption algorithm is developed by applying attribute encryption on the block chain, so that the access condition of the data on the chain is limited, fine-grained access control is achieved, and irrelevant visitors are prevented for the patient medical record data, thereby protecting the privacy of patients.

Drawings

Fig. 1 is a flowchart of an encryption method for storing on a block chain based on attribute encryption according to embodiment 1 of the present invention;

FIG. 2 is a flow chart of an implementation of the consensus algorithm SCA;

FIG. 3 is a diagram of a successful flow analysis of the consensus algorithm SCA at the first stage;

FIG. 4 is a fault-tolerant flow analysis diagram of the consensus algorithm SCA at the first stage;

FIG. 5 is a flow chart of a two-stage PBFT consensus algorithm.

Detailed Description

In order that those skilled in the art will better understand the technical solutions of the present invention and can practice the same, the present invention will be described in detail with reference to the accompanying drawings and specific examples. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby.

Example 1

The invention provides a block chain storage encryption method based on attribute encryption, which specifically comprises the following steps as shown in figure 1:

step 1, an external user requests to access data on a chain;

step 2, checking whether an external user meets the access condition or not through a medical record identifier and a medical record object set by an attribute encryption algorithm;

step 3, if not, access is refused; if the data are matched, the goal of accessing the data on the chain is achieved through the consensus algorithm SCA.

Further, as shown in fig. 2, in step 3, the process of executing the consensus algorithm SCA is as follows:

step 3.1, judging whether consensus is achieved; if yes, returning to the main node to wait for a user request; otherwise, executing step 3.2;

step 3.2, executing a practical Byzantine fault-tolerant algorithm;

step 3.3, continuously judging whether consensus is achieved; if yes, returning to the main node to wait for a user request; otherwise, the master node is replaced and the step 3.2 is returned.

Further, the consensus algorithm selection process of this embodiment is as follows:

the SCA algorithm in the first stage is used in a scenario that the robustness of the network is assumed to be good, no Byzantine node exists in the system, consensus can be successfully and rapidly achieved when the assumption is met, and when the consensus is not achieved, the consensus can be found to fail.

The successful flow of the first-stage SCA consensus algorithm is as follows, fig. 3, and the flow analysis is as follows:

(1) a Request stage: the client sends the request to the leader node in the service node, and the leader node enters the next stage after the verification request of the leader node passes.

(2) And a Commit stage: the leader node numbers the request and forwards the numbered request to all the replica nodes, after receiving the request, the replica nodes directly carry out local processing on the request and obtain a processing result, and then directly return the response signature to the client. The next stage is entered.

(3) A Reply stage: the client independently receives responses from all the service nodes, and if all the responses are the same, the consensus is considered to be achieved.

(4) The Response phase: the client needs to return the received responses with the signatures of the representative nodes to all the representative nodes, and the server checks that the responses are the same, so that the consensus at this stage is successful.

The fault-tolerant process analysis of the SCA consensus algorithm in the first stage is as follows, the Replica0 in fig. 4 is the leader node of the current round of consensus, and the Replica3 node has a byzantine error.

(1) A Request stage: the leader node and the Replica nodes 1,2 and 3 are still the same as the successful process (1) and enter the next stage. At this point, the Replica4 node has a Byzantine error.

(2) And a Commit stage: the leader node and the Replica 1,2 and 3 have the same successful process and enter the next stage. At this time, the order of processing the requests by the Replica4 node may not be consistent with Replica 1,2 and 3 due to Byzantine errors.

(3) A Reply stage: the client independently receives a consistent response from the leader node and the Replica nodes 1,2, 3, but receives a response from the Replica4 node that is inconsistent or does not receive a response from the Replica4 at all. Therefore, the system cannot enter a Response stage in a successful flow, and after the timeout waiting, the client judges that the request is unsuccessful and tries to reinitiate the request.

(4) A sonic stage: if the client receives different response results from the server copy, the client sends the received different responses with the signatures of the representative nodes to all the representative nodes, and the representative nodes enter an Abort stage immediately after verifying that the responses are really inconsistent. Or the server cannot receive error feedback of the client, so that a server timeout checking mechanism is triggered.

(5) Abort stage: and all the representative nodes enter a rollback state, rollback the previous commit to the local processing result, and judging that the system in the current asynchronous network has a Byzantine error node. Triggering the switching of the consensus algorithm, and switching the system to use a two-stage PBFT algorithm.

When the high-efficiency consensus algorithm cannot achieve the consensus in one stage, the system judges that the Byzantine node exists in the asynchronous network, so that the system is switched to the two-stage consensus. The PBFT utility byzantine fault-tolerant algorithm is used in the two-stage consensus. The main flow of the two-stage PBFT consensus algorithm is as follows:

the Replica0 in fig. 5 is the leader node in the current round of consensus, and the rcplica3 node has a byzantine error.

(1) The Reuqest phase: the client sends the request to a Leader node in the server.

(2) Pre-Prepare stage: the leader node forwards the request to all replica nodes. In this phase, the replica node ensures that the master node leader does not send two messages with the same number but different contents.

(3) Stage Prepare: all nodes sign the message and broadcast the prefix message to other nodes, and if the same node receives at least 2f +1 prefix messages from different nodes, the Commit stage is entered. This phase is intended to agree on a series of messages issued by the leader. A determination is made as to which message of the leader is being agreed upon.

(4) And a Commit stage: all nodes broadcast commit messages, and when a total of 2f +1 commit messages including the nodes are received, enough nodes count the commit stage, that is, the consensus is achieved.

(5) A Reply stage: the node returns the response of the request to the user, and when the user receives more than f +1 different responses, the request is confirmed to be successful.

In this embodiment, the attribute encryption algorithm includes four steps, which are respectively system initialization, key distribution, data encryption, and data decryption.

Safety requirements are as follows: 1. confidentiality of user data: the patient's medical data must be kept secret to prevent unauthorized parties. 2. Patient-centric access control: the patient user should have full control over the outsourced health data so that they determine who is entitled to access them. 3. Resisting attribute collusion: multiple users should not be able to share their attributes and decrypt medical data.

Scheme overview: the system consists of a plurality of distributed common Attribute Authorities (AA). Each attribute authority manages a set of disjoint attributes and publishes the attributes for users belonging to the public domain. In addition, the patient acts as a private property right to provide properties specifying personal relationships, such as the family of the personal domain user. During system initialization, each AA first defines a set of secret indices and public indices in such a way that: each managed attribute is associated with a different secret attribute index and a corresponding public attribute index. The initialization of the AA can run independently without any global coordination. The PHR user may obtain attributes from the relevant AA by providing evidence of the attributes being eligible for use in the request. If the AA responsible for the requested attribute is satisfied in that the user requesting the attribute qualifies for the requested attribute, the AA will issue the relevant key for the user.

The method comprises the following specific implementation steps:

initializing a system: to initialize the system, a set of global common parameters is first set, shared among all the AAs.

Two multiplicative cyclic groups G0, G1 of prime number p, where G is the generator of G0 and the bilinear map e G0 × G0 → G1 and the secure hash function H:

mapping each subscriber identification string to

Is determined. The user identity should be a unique identifier for a given user, such as an email address. The AA then publishes the global common parameter sets (G0, G1, H, e, G, p). Thus, any new AA can be globally initialized by obtaining the global parameter set shared by existing AAs. Each AA (including the patient) is then initialized locally, and the initialization process is described below. Suppose the kth AA uses AA_kIs represented by AA_kAT for managed attribute set^kAnd (4) showing.

1、AA_kTwo random indices α were selected_k,

And calculate X_k＝g^βk,Y_k＝e(g,g)^akThen AT^kEach element i in (a) selects a unique random identifier T^k，

Furthermore, from AA_kEach attribute managed is also associated with a common attribute index T_k,lRelated, wherein T_k,i＝g^tk,i。

2、AA_kWill remain α_k,β_k,T_k,i},i＝1,2...AT^kAs Master Key (MK)_k) And issues { X_k,Y_k,T_k,i},i＝1,2...AT^kAs a result of PK_kThe public key of the indicated authority.

Key distribution

Suppose user U_mTo obtain attribute AT_mAggregated attribute keys. In addition, suppose

Indicating that it should be AA_kAT acquired in_mA subset of attributes in (1). Suppose AA_kHas authenticated the user's resourcesTo determine the requested attribute. The process of attribute key distribution is as follows:

AA_kfirst use the secure hash function H to hash U_mIs mapped to a unique identifier (using an email address as the user's identity)

Then, a key is generated for each request attribute, the key set for use

It is shown that,

wherein

Wherein t is_kI is AA_kIs defined by

The MK component of the ith attribute. Note that the Key component

Associating a user identity with an issuing authority AA_kAre associated with each other, and the key component

The user identity is associated with the attribute itself, and thus the generated key set has been securely transmitted to the U_m；

Data encryption

Suppose a patient wants to encrypt medical record data M ∈ G1, which includes information about his allergies_k}_kQ, so the ciphertext of M encoded with T is given by e (M), e (M) T,

wherein E_kAccess son for representationStructure T_kThe ciphertext of the encoded M. The calculation E will be described below_kThe process of (1).

Suppose a kth substructure T_kM attributes are contained and they are managed by l AA's, such that 1 ≦ n, where n is the total number of AAs in the system. Any AA can manage multiple ones of the m attributes under consideration. Using ciphertext components C₀Representing ciphertext E_k，{C′_i}_i＝1,2...lFurthermore, { C_i}_i＝1,2...mSo that E_k＝(T_k,C₀,{C′_i}_i＝1,2...l,{C″_i}_i＝1,2...m)，E_kThe ciphertext components are calculated as follows. The owner of the medical record first generates a random index

And using the public key of 1 AAs, he calculates the ciphertext component C₀And { C'_i}_i＝1,2...lSo that

To calculate C ″)_iAccording to the following steps of_kEach attribute in (a) assigns a secret share of s. For T_kEach attribute except the last one of them, has

And the last element is assigned a value of

The medical record owner then calculates { C ″ "_i}_i＝1,2...mIn this way it is possible to obtain,

wherein T is_iCorresponds to T_kThe common attribute index of the ith attribute.

Likewise, the medical record owner generates a substructure of all T's. Finally, the medical record owner sends the ciphertext M, E (M), the medical record identifier (Rid) and the medical record information (Obj) to be stored on the electronic medical record.

Data decryption

Assume that an external user wants to access a particular PHRobj stored in the HC. Um should first send an access request to the HC indicating PHRid and PHRobj corresponding to the PHR information required for access. The HC then extracts the corresponding T associated with the requested PHRobj and sends it back to Um.

Suppose that an external user (Um) wants to access specific medical record data stored in the chain. Um should first send an access request to the patient user on the chain indicating the medical record identification (Rid) and the medical record object (Obj) corresponding to the medical record information needed for access. The on-chain node then extracts the corresponding T associated with the requested Obj and sends it back to Um. AT for attribute set assumed to be owned by Um_mAnd (4) showing. Um determines the attributes AT he owns to satisfy the received T_mA minimal subset of. AT-based_m', Um generates the substructure T' and sends it to the patient user on the chain. The patient retrieves the corresponding ciphertext E 'from the received T' and sends it back to Um, causing Um to decrypt the encrypted data using the associated attribute secret key.

The decryption process is as follows: assume that the received ciphertext E' is composed of m attributes managed by 1 AAs. E ═ C (T', C)₀,{C′_i}_i＝1,2...l,{C″_i}_i＝1,2...m)，C₀,C′_i,C″_iThe definitions have been given before.

Further assume { Sk_i}_i＝1,2...mIndicating Um for attribute subset AT_m' owned dependent Attribute Key set, and

then refers to a set of keys that associate the identity of Um with 1 AA that publishes m attributes.

According to

And

wherein t is_iRepresents the MK component defined by the AA managing the corresponding property. In order to decrypt the Um, the user may,

first of all, calculate

Then calculate

From the above two equations, we can derive:

therefore, M can be calculated by Um

The above-mentioned embodiments are only preferred embodiments of the present invention, and the scope of the present invention is not limited thereto, and any simple modifications or equivalent substitutions of the technical solutions that can be obviously obtained by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention.

Claims (7)

1. A block chain storage encryption method based on attribute encryption is characterized by comprising the following steps:

step 1, an external user requests to access data on a chain;

step 2, checking whether an external user meets the access condition or not through a medical record identifier and a medical record object set by an attribute encryption algorithm;

step 3, if not, access is refused; if the data are matched, the goal of accessing the data on the chain is achieved through the consensus algorithm SCA.

2. The method for encrypting the storage on the block chain based on the attribute encryption as claimed in claim 1, wherein the step 3 is executed by the process of executing the consensus algorithm SCA as follows:

step 3.1, judging whether consensus is achieved; if yes, returning to the main node to wait for a user request; otherwise, executing step 3.2;

step 3.2, executing a practical Byzantine fault-tolerant algorithm;

step 3.3, continuously judging whether consensus is achieved; if yes, returning to the main node to wait for a user request; otherwise, the master node is replaced and the step 3.2 is returned.

3. The method for encryption of storage on a blockchain based on attribute encryption according to claim 2, wherein the consensus algorithm SCA of step 2 comprises two stages in total.

4. The method for encryption of block chain storage based on attribute encryption according to claim 3, wherein the successful flow of the consensus algorithm SCA in the first stage is as follows:

(1) a Request stage: the client sends the request to a leader node in the service node, and the next stage is entered after the leader node passes the check request;

(2) and a Commit stage: the leader node numbers the request and forwards the numbered request to all the replica nodes, after receiving the request, the replica nodes directly carry out local processing on the request and obtain a processing result, then directly return the response signature to the client, and enter the next stage;

(3) a Reply stage: the client independently receives responses from all the service nodes, and if all the responses are the same, the consensus is considered to be achieved;

(4) the Response phase: the client needs to return the received responses with the signatures of the representative nodes to all the representative nodes, and the server checks that the responses are the same, so that the consensus at this stage is successful.

5. The method for encryption of storage on a blockchain based on attribute encryption according to claim 4, wherein the fault-tolerant flow analysis of the consensus algorithm SCA of the first stage is as follows:

(1) a Request stage: the leader node and the Replica nodes 1,2 and 3 are still the same as the successful process (1) and enter the next stage; at the moment, a Byzantine error occurs in the Replica4 node;

(2) and a Commit stage: the leader node and the Replica 1,2 and 3 have the same successful flow and enter the next stage; at this time, due to byzantine error, the order of processing requests by the Replica4 node may not coincide with that of Replica 1,2, 3:

(3) a Reply stage: the client independently receives the consistent responses from the leader node and the Replica nodes 1,2 and 3, but receives the inconsistent responses from the Replica4 node or receives no response from the Replica4 at all; therefore, the system cannot enter a Response stage in a successful flow, and after the timeout waiting, the client judges that the request is unsuccessful and tries to reinitiate the request;

(4) a sonic stage: if the client receives different response results from the server copy, the client sends the received different responses with the signatures of the representative nodes to all the representative nodes, and the representative nodes enter an Abort stage immediately after verifying that the responses are really inconsistent; or the server cannot receive error feedback of the client, so as to trigger a server overtime check mechanism;

(5) abort stage: all the representative nodes enter a rollback state, rollback the previous commit to the local processing result, and judge that the system in the current asynchronous network has a Byzantine error node; triggering the switching of the consensus algorithm, and switching the system to use a two-stage PBFT algorithm.

6. The method according to claim 5, wherein when the consensus algorithm SCA is not used in one stage, the system determines that Byzantine nodes exist in the asynchronous network, so the system switches to the two-stage consensus, which uses the PBFT practical Byzantine fault-tolerant algorithm, and the flow analysis of the two-stage PBFT consensus algorithm is as follows:

(1) the Reuqest phase: the client sends the request to a Leader node in the server;

(2) Pre-Prepare stage: the leader node forwards the request to all the replica nodes; in this stage, the replica node ensures that the master node leader does not send two messages with the same number but different contents;

(3) stage Prepare: all nodes sign the message and broadcast the prefix message to other nodes, and if the same node receives at least 2f +1 prefix messages from different nodes, the node enters a Commit stage; this stage is to get a consensus on a series of messages sent by the leader; determining which message of the leader is being agreed upon;

(4) and a Commit stage: all nodes broadcast commit messages, when 2f +1 commit messages including the nodes are received, enough nodes count the commit stage, namely, consensus is achieved;

(5) a Reply stage: the node returns the response of the request to the user, and when the user receives more than f +1 different responses, the request is confirmed to be successful.

7. The method of claim 1, wherein the attribute-based encryption algorithm comprises four steps, namely system initialization, key distribution, data encryption and data decryption.

Images