Ciphertext Policy Attribute-Based Encryption Mechanism Based On Blockchain For Cloud Storage

With the development of cloud computing technology,cloud storage security has attracted much attention,and cloud storage security access control technology has also become a current research hotspot.Ciphertext Policy Attribute-Based Encryption(CP-ABE)is especially suitable for cloud storage environment because it realizes one-to-many data sharing.However,most of the current cloud storage data sharing schemes combined with CP-ABE use a centralized authority for key generation and distribution,which is vulnerable to single-point attacks and collusion attacks.At the same time,CP-ABE is difficult to support flexible changes of access control policies,and lacks the ability to track keys.Blockchain technology has the characteristics of decentralization and non-tampering.Based on this,the thesis investigates the attribute-based encryption mechanism of cloud storage ciphertext policy based on blockchain technology.The main research work includes:1.Aiming at the security problems of authorized agencies in traditional CP-ABE,a decentralized CP-ABE scheme based on blockchain technology is proposed.The scheme uses blockchain to replace the original authority,and uses smart contracts to perform operations such as key generation and key distribution.Furthermore,in view of the key abuse problem in the CP-ABE scheme,the Shamir secret sharing scheme is introduced to reconstruct the CP-ABE.Finally,it is proved that the scheme can effectively resist single-point attack,collusion attack,chosen-plaintext attack,key forgery attack,and ensure the security of key escrow and forward security of key tracking.At the same time,in terms of key tracking performance,the efficiency has been significantly improved.2.On the basis of work 1,an access control policy change algorithm based on access tree structure is further presented,and a CP-ABE scheme based on blockchain technology that supports policy change is proposed.The policy change algorithm obtains the changed node set by comparing the new and old access control policy trees,and calculates the new ciphertext of its leaf nodes according to the access control condition which corresponding to the node,and obtains the attribute base ciphertext after the policy change.The security protocol of the scheme is designed,and the algorithm is constructed.Security analysis shows that the proposed scheme not only realizes flexible policy changes,but also ensures the forward and backward security of policy changes.3.The system design and implementation are carried out for the scheme proposed in this thesis.The prototype of the solution was completed through open source technologies such as Truffle,React and Web3.And modules such as data upload,data download,and policy change were implemented.Finally,the feasibility of the scheme is verified.