Tao Feng,Hongmei Pei,Rong Ma,Youliang Tian and Xiaoqin Feng

1Lanzhou University of Technology,Lanzhou,730050,China

2College of Computer Science and Technology,Guizhou University,Guizhou,China

3School of Computer,Xiandian University,Xi’an,China

Abstract:Data privacy is important to the security of our society,and enabling authorized users to query this data efficiently is facing more challenge.Recently,blockchain has gained extensive attention with its prominent characteristics as public,distributed,decentration and chronological characteristics.However,the transaction information on the blockchain is open to all nodes,the transaction information update operation is even more transparent.And the leakage of transaction information will cause huge losses to the transaction party.In response to these problems,this paper combines hierarchical attribute encryption with linear secret sharing,and proposes a blockchain data privacy protection control scheme based on searchable attribute encryption,which solves the privacy exposure problem in traditional blockchain transactions.The user’s access control is implemented by the verification nodes,which avoids the security risks of submitting private keys and access structures to the blockchain network.Associating the private key component with the random identity of the user node in the blockchain can solve the collusion problem.In addition,authorized users can quickly search and supervise transaction information through searchable encryption.The improved algorithm ensures the security of keywords.Finally,based on the DBDH hypothesis,the security of the scheme is proved in the random prediction model.

Keywords:Blockchain;privacy protection;attribute encryption;access control;searchable-encryption

1 Introduction

Blockchain technology,as an undisturbed,chronologically verifiable chain-like storage architecture,provides a new method for data security and privacy protection,and its application in power balance trading platforms has also received extensive attention.For example,Xia et al.[1]analyzed the trading mechanism of the electricity surplus market.In order to make information symmetrical and fair,they designed smart contracts for multi-party bidding of power resources based on blockchain technology,and realized decentralized transaction decisions.Literature[2]summarizes the related applications and research of existing blockchain technology,and focuses on the application of blockchain traceability technology in various fields.According to the above research and investigation,blockchain will help improve solutions in multiple areas such as the Internet of Things,smart cities and supply chains.However,the ledger that records and stores transaction information in blockchain technology is open to any node that joins the blockchain network.Through mathematical analysis of transaction records in the global ledger,attackers may pose a threat to users’ transaction privacy and identity privacy[3].Transaction privacy threats refer to certain threats that contain detailed information about transactions.For example,an attacker can obtain some valuable information through in-depth analysis of a series of transactions of a specific account,transaction details,related accounts,and capital ows.Identity privacy threat mainly refers to the potential threat of the identity of the trader.In addition,on the basis of analyzing the transaction data,the attacker can obtain the identity information of the trader by combining some background knowledge.Jordan[4]uses cluster analysis to analyze transaction data in the blockchain and determine different addresses belonging to the same user.This is a good example of the use of analyzing transaction data to obtain the identity of a trader.In addition,since all transactions performed by users are permanently recorded in the blockchain,once the transaction is implemented,all relevant transaction information will be leaked.In addition,as the blockchain is increasingly used in daily payments,attackers can use off-chain information[5]to infer the identity of the account in the blockchain.

In the traditional blockchain,the user’s account transaction information is directly stored in the block without using encryption technology,so the user’s account is completely open to all nodes.At the same time,when a user initiates a transaction,the transaction amount in the transaction information is completely disclosed.The verification node on the blockchain performs mathematical analysis on the user’s transaction amount and account balance to verify whether the transaction is legal.Although this method realizes the decentralization of the blockchain and cannot be tampered with,the user’s account privacy[6]will be completely exposed.In response to these problems,there are some blockchain privacy protection mechanisms.Therefore,Shen Tu et al.[7]proposed a more effective blind signature hybrid scheme based on elliptic curve encryption algorithm m in reference.This scheme is simple and easy to operate,and is usually suitable for various digital currencies,but it is a centralized currency scheme.After that,in the hybrid scheme,Gao et al.[8]uses cryptographic techniques such as blind signatures to protect privacy issues,but this scheme increases computational costs,and the implementation of token processing by a third party inevitably increases additional service overhead.Some scholars also use ring signatures to protect the privacy of the blockchain.For example,Noether et al.[9]proposed an improved ring-based secret transaction scheme,which can hide the amount in reference.In this scheme,a large number of ring signatures are placed in multiple layers of linkable spontaneous anonymous group signatures[10],and its solution can protect identity privacy and transaction privacy.Although ring signature provides strong anonymity,it has three limitations:

1.Its transaction event volume is huge,each transaction event is nearly several kilobytes,which increases the storage space of the entire blockchain record.

2.The inherent disadvantage of ring signatures is that the size of the signature is proportional to the number of participants.Therefore,in reality,each transaction has only a limited number of outputs(for example,by default,each transaction has 4 outputs).

3.The hidden amount increases the difficulty of review,that is,it not only verifies whether a secret cryptocurrency is generated during the transaction,but also determines the additional amount at a specific moment.

Chen et al.[11]proposed an anti-quantum proxy blind signature scheme based on lattice cryptography,which provides user anonymity and non-traceability for distributed applications of BIoT.The proposed proxy blind signature scheme can completely solve the unforgeable problem without authorization to protect user privacy.Chiesa et al.[12]proposed the Zerocash scheme,which introduced zk-SNARK[13],a non-interactive zero-knowledge proof technology in cryptography that converts into digital currency,which can ensure the unlinkability of transactions And confidentiality,while it supports any amount of money.However,the disadvantage of this scheme is that if an attacker obtains the secret data introduced at the beginning,the token may be forged.Subsequently,in order to solve the privacy problem in the public chain off-chain payment protocol,many studies have constructed of ine payment protocols,such as two-way micro-payment channels[14]Lightning Network and Spirtes[15].However,in these schemes,both parties in the transaction must use the relay node to complete the transaction,and the transaction information is public to the relay node,so the privacy of both parties in the transaction will be exposed to the relay node.For of ine payment privacy issues,there are some studies,such as the Tumble Bit solution proposed by Alshenibr et al.[16].This solution can hide payment channel information from relay nodes.In addition,Tumble Bit solutions are generally suitable for compatible Bitcoin systems.But the time and efficiency costs are relatively high.Green et al.[17]proposed the Bolt scheme,which ensures that payments under the same channel are independent of each other,and the payment time does not require block confirmation to reach the second level.If someone pays through the payment channel provided by the payee,the payee will receive a notification.There are still many problems to be solved in the security of payment protocols.

A privacy protection mechanism for blockchain retrieval based on searchable keywords is proposed[18],which realizes the private search of authorized keywords without changing the retrieval order.But the keywords in this scheme are relatively short,they cannot resist collusion,and can communicate privately between nodes.Aiming at data sharing privacy,Do et al.[19]proposed a distributed data storage system using blockchain technology and a private keyword search scheme,which provides authorization for data owners and supports dedicated keyword search for encrypted data sets.However,this program has not yet implemented document revocation and Boolean search.The data storage incentive mechanism of wireless sensor network(WSN)[20],which uses double chains,one chain is used to store the data of each node,and the other chain is used to control data access.In addition,the reserved hash function is used to compare the stored data with the new data block.New data can be stored in the node closest to the existing data,and only different sub-blocks can be stored,which can greatly save the storage space of network nodes.However,the confidentiality of the data was not discussed.Using the DCOMB method,literature[21]proposed a blockchain-based IoT data query model.This model combines the IoT data stream with the timestamp of the blockchain to improve the interoperability of data and the versatility of the IoT database system.The data query model in this solution can quickly query the public key corresponding to the data stream.The query is in a fully encrypted environment,which can ensure the privacy and security of IoT data.However,the data prereading process will take extra time,and MySQL query performance will cost more.

In the above scheme,the data privacy problem has not been completely resolved.Therefore,it is urgent to solve its privacy problem.The contribution of this paper is as follows:

1.In this paper,the public key searchable encryption method is used to encrypt the transaction privacy data in the blockchain,which solves the privacy leakage problem caused by the disclosure of all data in the traditional public blockchain,meanwhile,realizes the privacy of protecting the sensitive information of the blockchain transaction.

2.The use of attribute encryption technology combined with secret sharing enables fine grained access control of transaction ciphertext in the blockchain.

3.In addition,the users who have access to transaction can quickly search ciphertext,which realizes the supervision of transaction information.

The Organization of the paper is structured as follows:In Section 1,we introduce the research on the privacy of blockchain;We introduce the basic cryptographic primitives in Section 2;In Section 3,the system model in general and the security model of security requirements are proposed;In Section 4,the specific construction of the scheme is described;In Section 5,we analyze the security of the scheme in detail;We compare the related work in Section 6;In Section 7,we summarize our scheme.

2 Preliminary Knowledge

2.1 Bilinear Mapping

2.2 Determining the Bilinear Diffie–Hellman Assumption(DBDH)

2.3 Lsss Linear Secret Sharing Scheme

3 System Model

The block chain data privacy access control system model based on searchable attribute encryption is shown in Fig.1,which includes four types of participating entities:Data owner,verification nodes,user and miner node,Trading generates is shown in Fig.2.

Figure 1:System model

Data Owner:Firstly,initializing generates the index key and the trapdoor key,extracts the keywords of the transaction,then uses the index key to encrypt the index and form the index ciphertext;Secondly,encrypt the trapdoor key to form the trapdoor key ciphertext and share the data.Finally,using the secure signature algorithm signs the transaction and encrypts,meanwhile,data owners appends the indexes keyword to the ciphertext file of the transaction ciphertext.Above all the data owner can be a user on the blockchain for Bitcoin transactions or a miner.

Figure 2:Trading generates

User:The registration system generates an identity identifier RID corresponding to the real identity and a private key corresponding to the user attribute.In addition,user decrypts the trapdoor key ciphertext and gains the user key to generate a trapdoor,and sends the blockchain to request the transaction ciphertext.

Verification Nodes:Verify the correctness of the user’s identity and permissions,and calculate the user’s attribute and private key parameters and permission parameters in the attribute collection to distribute the trapdoor key ciphertext,and distribute the user key UK to the legitimate user.

Miner Node:The miner node broadcasts all the transaction information during this period,and each node performs verification and joins the blockchain after verification.The trapdoor and the index sent by the data owner are calculated and matched,then the transaction ciphertext will be sent to the data consumer after the matching is successful.

3.1 Threat Model

The solution proposed in this paper only the Verification Node is completely credible,the private key can be generated and distributed honestly for the user.Most miner nodes are honest but curious.In addition,users may collude to decrypt data that they do not have access to.

3.2 Security Model

The security model refers to the game between the opponent and the challenger.The game is described as follows:

IND-CPA security model

Initialization:Challenger A runs the initialization algorithm to generate the public parameters and master key,and sends the public parameters to the adversary.

Phase 1:The adversary C continually repeats the corresponding set of attributesS1,…,Sq,where none of the attributes satisfy the access structure.

Challenge:The enemy C picks two messagesM0,M1and sends them to the challenger A.The challenger A randomly picks a byteb∈ 0,1{ }and encrypts the message M of the access structure,then the challenger A sends the ciphertext to the rival C.

Phase 2:Phase 1 is repeated guess:The guess of the enemy C inputb,if the opponent guessesb′=b,the enemy C will win the game.The advantage of rival C in this game is defined asAdv=｜Pr(b=b′)-1/2｜.

Definition 1:If the advantageAdv=｜Pr(b=b′)-1/2｜of the above game is negligible in the time of all polynomials,the proposed solution can be IND-CPA security.

IND-CKA security model

Initialization:Repeat the initialization of the above security model.

Phase 1:The adversary adaptively proposes the following polynomial query.

Hash Ask:The adversary can ask the random oracleH.

Trapdoor request:The adversary can request any keyword trapping.

Challenge:The adversary submits two keywords and gives the challenger C,the limit is that the enemy can’t ask for the keyword.

Phase 2:Phase 1 is repeated.

Guess:The opponent A outputs the guessb′ofb,if the opponent guessesb′=b,the enemy C will win the Game.The advantage of rival C in this game is defined asAdv=｜Pr(b=b′)-1/2｜.

Definition 2:If the advantage of the above game is negligible at the time of the polynomial,the proposed scheme can be IND-CKA security.

4 Specific Construction

In this part,we present the specific implementation process of the blockchain data privacy protection access control method algorithm based on searchable attribute encryption.

a)Registration

The user submits a registration application to the system,obtains the identity RID and the user attribute set corresponding to the real identity information,and the data owners(transaction users)register to obtain the key and the identity identifier.

b)Initialization

c)Transaction generation and signature

Transaction user A generates transaction information,encrypts its own identity,runs the wallet signature algorithm and signs it with the private key corresponding to the wallet address,then sends it to transaction user B.The user signature is calculated as follows:

d)Index generation

The trader extracts the keyword from the transaction plaintext information,and encrypts the keyword with the index keygμand the random number τ,μ.The keywords of the transaction information are calculated as follows:

h)Key generation

i)Decryption

5 Security Certificate

6 Analysis and Comparison

6.1 Privacy Protection Analysis

Content privacy:This paper uses the ciphertext policy-based attribute encryption mechanism algorithm to encrypt trapdoor key information,which is more secure than symmetric encryption algorithms.By encrypting trapdoor key information with the LSSS linear secret sharing structure and encrypting transaction information with searchable encryption,we can ensure the privacy of both parties’ content.In the process of generating the private key,the random number and the identifier RID of the user interaction are introduced.Even if different users collude with each other,they cannot obtain the private key without permission.Therefore,even if there is collusion,illegal users cannot obtain the transaction information and the secret of sharing.

Identity privacy:Use the verification node in the blockchain data privacy protection access control method based on searchable attribute encryption.The verification node stores the trapdoor key ciphertext.The transaction user A does not need to be online at any time,and randomly generates key UK and identity RID for each user.In the process of interaction,the RID sequence represents the identity of the user,which protects the identity privacy of the user.

Searching privacy:Our scheme’s search mechanism is against multiple attacks.In the process of index generation,the transaction party A uses the random number μ to encrypt the indexed keyword,and the node on the blockchain cannot perform the internal keyword guessing attack by matching the candidate keyword with the trapdoor.In the trapdoor generation phase,we use random numbers to hide the search keywords,which prevents malicious nodes from performing keyword replay attacks after trapdoor cracking.Therefore,blockchain network nodes and attackers cannot obtain useful information about keywords.Therefore,our solution guarantees the privacy of the keyword without reducing the security of the previous algorithm.

Attribute privacy:The verification node implements fine-grained access control,and the verification node authorizes the user of the blockchain by verifying theVR,which avoids the risk of submitting the access structure to the blockchain network.This mechanism protects the attributes of the linear access structure developed by the counterparty.

6.2 Scheme Comparison

The literature[7]applied the elliptic curve encryption algorithm to propose a more efficient blind signature hybrid scheme,which protects the privacy of transaction information.In literature[9],the transaction amount is hidden by the ring signature,and a secret transaction scheme based on ring signature is proposed,thus protecting transaction privacy and identity privacy.Literature[12]presented a zero cash scheme using public key encryption to protect transaction privacy.In Literature[18],public key cryptography is used to propose a blockchain retrieval privacy protection mechanism based on searchable keywords.Literature[19]proposed a distributed data storage system using blockchain technology and a privacy keyword search scheme.It can be seen from Tab.1 that this paper adopts the access control method of searchable hierarchical attribute encryption,which not only hides the transaction amount for the nodes without access rights on the blockchain,but also the permission of the blockchain user node can quickly and efficiently query valid information of the transactions through trapdoor keywords.

6.3 Performance Comparison

In this section,we analyze the performance of the solution.We use E for exponential operation and P for linear operation.H represents a hash operation,and m represents the number of users.In Tab.2,we present the performance calculations for our scheme and Reference[18–19].

Table 1:Comparison of this article and existing privacy protection schemes

Table 2:Performance calculation comparison

7 Conclusion

Since the global ledger that uses blockchain technology to store transaction information is open to any node joining the blockchain network,it is necessary to further strengthen and improve the data privacy of the blockchain.A blockchain data privacy protection access control scheme based on searchable attribute encryption is proposed.This scheme uses attribute encryption based on ciphertext strategy to encrypt trapdoor keys,and then uses searchable encryption to encrypt transactions on the blockchain.User authorization allows authorized users to access transaction information.It not only realizes the privacy protection of transaction information on the blockchain,but also enables authorized users to efficiently access transaction information.Under the random oracle model,the safety and effectiveness of the scheme are proved.

Acknowledgement:Thanks to teacher Feng for his guidance on the scheme of my paper,thanks to teacher Youliang Tian for his proposal on the modification of my paper,and finally thanks to Xiaoqin Feng and Rong Ma for the revision of the overall grammar of my paper.

Funding Statement:This research was supported by The National Natural Science Foundation of China(No.61462060,No.61762060)and The Network and Information Security Innovation Team of Gansu Provincial Department of Education Lanzhou University of Technology(No.2017C-05).Tao Feng is the corresponding author.

Con icts of Interest:The authors declare that they have no con icts of interest to report regarding the present study.