A data security storage and access control method of attribute classification and grading

By storing file hashes on the blockchain and encrypting sensitive data using the TR-MA-CPABE algorithm, combined with hierarchical access control and white-box tracing technology, the problems of high blockchain storage costs and privacy leaks are solved, achieving secure storage and transparent supervision in the mineral resources industry.

CN115964751BActive Publication Date: 2026-06-26JIANGXI UNIV OF SCI & TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
JIANGXI UNIV OF SCI & TECH
Filing Date
2023-02-10
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Existing blockchain data storage systems are costly and prone to user privacy leaks when storing large files, and lack effective access control and tracking mechanisms, making it difficult to meet the security and transparency requirements of the mining resources industry.

Method used

The system uses the InterPlanetary File System (IPFS) to store file hash values ​​and encrypts sensitive data on the blockchain. It leverages a traceable and revocable multi-agency attribute encryption algorithm based on ciphertext policy (TR-MA-CPABE) combined with hierarchical access control and white-box tracing technology to achieve fine-grained access control and malicious user tracking.

Benefits of technology

It reduces the storage pressure on blockchain, achieves secure protection of privacy information and dynamic access control, can track malicious users, prevent information leakage, reduce computing and communication costs, and support secure storage and supervision in the mining resources industry.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115964751B_ABST
    Figure CN115964751B_ABST
Patent Text Reader

Abstract

A kind of attribute classification and grading data security storage and access control method includes a central authority CA, N attribute authorities AAs and X sub-authorities aas, user, agency administrator, product transaction traceability public blockchain, information security supervision alliance blockchain and interstellar file system IPFS.The present application stores massive unstructured data and encrypted information using IPFS, only stores the file addressing hash generated by IPFS on the blockchain, reduces the data storage pressure and security risk of the blockchain;A multi-agency ciphertext policy-based attribute encryption algorithm is constructed to meet the needs of privacy information protection and dynamic fine-grained access control of the system;The combination of multi-authority hierarchical authorization and central authority disperses the system overhead, making it easier to supervise;Accurate tracking of malicious users is achieved, and users and attributes can be revoked immediately without updating keys or ciphertexts.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of information security technology, and relates to blockchain technology in the field of information security, as well as attribute-based encryption algorithms based on ciphertext policies developed by multiple institutions and methods for evaluating the security of algorithms in cryptography. Background Technology

[0002] Over the past decade, the continuous expansion of investment and market size in the non-ferrous metals industry has accelerated the explosive growth of mineral resource development and transaction data. Therefore, there is an urgent need for a secure data storage and sharing platform to improve information disclosure transparency and mining rights efficiency. However, traditional data sharing platforms have some drawbacks, such as high costs, difficulties in data ownership confirmation, and a lack of incentive mechanisms. Furthermore, the lack of openness and transparency in the industrial chain and transaction processes, coupled with frequent illegal activities such as unauthorized mining and smuggling of mineral resources, necessitates leveraging emerging information technologies to promote digital and intelligent innovative management in the mineral resources industry. Driven by technologies such as the Internet of Things, artificial intelligence, big data, and 5G communication, mine informatization is developing towards intelligent application services.

[0003] Unlike traditional centralized database systems and cloud service providers, which bear the risks of single points of failure, malicious tampering, and threats to trust, emerging blockchain technology utilizes cryptography and consensus mechanisms to provide a decentralized, persistent, immutable, and auditable way to record transactions and information exchanges. Therefore, it is an effective method for solving trust and traceability issues. However, with the rapid increase in the amount of stored data, the performance and capacity of blockchains have gradually declined, and the cost of storing large files is also high. To address these challenges, we focus on the peer-to-peer distributed file system, the InterPlanetary File System (IPFS), which has the ability to store large amounts of data with high throughput, while only storing the digital fingerprints of files returned by IPFS on the blockchain. Nevertheless, any user who knows the addressable cryptographic hash of a file can download and distribute it in IPFS without any restrictions, making it vulnerable to leakage of user privacy information or data misuse. Furthermore, due to the lack of access control mechanisms, leakage of privacy information is a pain point of existing distributed data storage systems. Therefore, encrypting sensitive data before uploading to IPFS and implementing fine-grained access control over cryptographic text is crucial. Currently, attribute-based encryption (ABE) is a promising solution to the above problems.

[0004] Attribute-based encryption (ABE) was first proposed in the "Fuzzy Identity-Based Encryption" section of the *Annual International Conference on the Theory and Applications of Cryptographic Techniques*, 2005, pp. 457-473. In this fuzzy form, a user's public key consists of role-based descriptive attributes, representing their identity. The user's private key and ciphertext are also associated with these attributes. Decryption no longer targets a single user but a group, achieving a one-to-many encryption mechanism and expressive access control. Depending on whether the access policy is tied to the decryption key or the ciphertext, ABE can be divided into key-policy-based attribute encryption schemes (KP-ABE) and ciphertext-policy-based attribute encryption schemes (CP-ABE). CP-ABE allows data owners to define access control policies, which consist of attributes describing user identity characteristics and logical operators or thresholds such as AND and OR, embedded in the ciphertext. The generation of the user's decryption key requires attribute participation, making it suitable for access control applications. In the KP-ABE scheme, the access policy embedded in the decryption key is specified by the information recipient, while the attributes are extracted from the ciphertext.

[0005] With the introduction of two variants of ABE in 2005—Attribute-based Encryption for Fine-grained Access Control of Encrypted Data (KP-ABE) and Ciphertext-policy Attribute-based Encryption (CP-ABE)—in the *Proceedings of the 13th ACM conference on Computer and communications security* 2006, 89-98, “Attribute-based encryption for fine-grained access control of encrypted data” and the *IEEE symposium on security and privacy* 2007, 321-334, “Ciphertext-policy attribute-based encryption”, respectively, to achieve better expressiveness, efficiency, and flexibility, the aforementioned single-authority ABE scheme cannot meet the needs of practical distributed storage environments because users can only share data within the management domain of the authoritative authority. Subsequently, Hong Zhong et al. proposed a decentralized multi-authority attribute-based encryption (MA-ABE) access control scheme with policy hidden for cloud storage in Soft Computing 2018, 22(1), but its computational overhead and storage cost are very high. Soumya Banerjee et al. proposed a highly scalable CP-ABE-based access control scheme with constant-size key and ciphertext for IoT deployment in Journal of Information Security and Applications 2020, 53, "Multi-Authority CP-ABE-Based user access control scheme with constant-size key and ciphertext for IoT deployment". This scheme has a constant-size key and ciphertext, saving storage space, but its access policy expressibility is limited.In The Journal of Supercomputing, 2020, 76(7), “An attribute-based encryption scheme with multiple authorities on hierarchical personal health record in cloud”, Rui Guo et al. constructed a hierarchical CP-ABE scheme with multiple authorities. This scheme can solve the key escrow problem, but does not implement the traitor tracking function.

[0006] In the original CP-ABE scheme, users are anonymous and described only by some attributes. There is no connection between the user's decryption key and their actual identity. Therefore, the system cannot track malicious users who deliberately leak their keys for profit, and the problems of key leakage and holding users accountable are very prominent. To solve these problems, Kai Zhang et al. provided an efficient and traceable large-universe multi-authority CP-ABE scheme in Science China Information Sciences 2018, 61(3), “Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-boxtraceability”, which supports any monotonous access structure and does not require an identity record table to track user identity. Zhenhua Liu et al. proposed a black-box traceable CP-ABE scheme in IEEE Systems Journal 2022, “Black-Box Accountable Authority CP-ABE Scheme for Cloud-Assisted E-Health System”, which can identify the owner of a forged decryption device and the malicious activities of the authority, thus completely solving the problem of traitor tracking. Kamalakanta Sethi et al., in their paper "Practical traceable multi-authority CP-ABE with outsourcing decryption and access policy update" published in the Journal of Information Security and Applications, 2020, 51, designed a novel multi-authority CP-ABE scheme that supports white-box tracing, ciphertext policy updates, outsourcing decryption, and high space efficiency.

[0007] Even with tracking mechanisms embedded in these ABE schemes, traitors cannot be removed from the system once tracked. In fact, revoking a user's attribute in an ABE system is more difficult because different users' attribute sets may overlap. Shangping Wang et al., in PLOS One 2018, 13(10), "Traceable ciphertext-policyattribute-based encryption scheme with attribute level user revocation for cloud storage," designed an ABE scheme for attribute-level user revocation and fine-grained access control against malicious users, in which the trusted authority can track traitors and send their identities to the attribute administrator. Youcef Imine et al., in Journal of Network and Computer Applications 2018, 122, "Revocable attribute-based access control in multi-authority systems," proposed a scalable, revocable, decentralized ABE scheme that enables immediate use of the algorithm and attribute revocation without requiring key updates. In their paper "Traceable-then-revocable ciphertext-policy attribute-based encryption scheme" published in *Future Generation Computer Systems*, 2019, 93, Zhenhua Liu et al. proposed an efficient traceable-then-revocable CP-ABE. This scheme only requires updating the ciphertext portion associated with the revocation list after revocation, providing forward security. However, its traceability is weaker than black-box traceability. In their paper "Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation" published in *Information Sciences*, 2019, 479, Shengmin Xu et al. introduced a new cryptographic primitive called "re-randomized ABE," which aims to prevent decryption key leakage and ciphertext delegation.Chunpeng Ge et al., in "Revocable attribute-based encryption with data integrity in clouds" published in IEEE Transactions on Dependable and Secure Computing 2021, introduced a practical revocable attribute-based encryption technique that protects data confidentiality and integrity. Dezhi Han et al., in "A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection" published in IEEE Transactions on Dependable and Secure Computing 2020, 19(1), proposed a traceable and revocable CP-ABE scheme based on privacy protection, but this system has a limit on the number of times attribute names can appear. Summary of the Invention

[0008] The purpose of this invention is to propose a data security storage and access control method based on attribute classification and hierarchical division. It utilizes the InterPlanetary File System (IPS) to store massive amounts of unstructured data and encrypted information, while storing only the file addressing hashes generated by IPS on the blockchain. This reduces the data storage pressure and security risks of the blockchain. Furthermore, this invention constructs a traceable and revocable multi-agency attribute encryption algorithm based on ciphertext policy (TR-MA-CPABE) to meet the needs of privacy protection and dynamic, fine-grained access control. In addition, the system model combining hierarchical authorization by multiple authorities with a central authority disperses system overhead and makes the platform easier to monitor. More importantly, the solution of this invention achieves accurate tracking of malicious users through white-box tracking technology and can instantly revoke users and attributes without updating keys or ciphertext.

[0009] This invention discloses a data security storage and access control method based on attribute classification and hierarchy, comprising a central authority (CA), N attribute authorities (AAs), X sub-authorities (aas), users, authority administrators, two blockchains—the Product Transaction Traceability Public Blockchain (PTTPB) and the Information Security Regulatory Consortium Blockchain (ISRCB), and the InterPlanetary File System (IPFS). Users can be employees of mining groups and government regulatory departments, or employees of other companies, entering the system as system visitors. Administrators are mid-to-senior level leaders of their respective organizations. Upon logging in, users first register their identity information and obtain a public key. When uploading private data, access control policies must be defined. The system uses a traceable and revocable multi-agency attribute encryption algorithm based on a ciphertext policy (TR-MA-CPABE) to encrypt the private data before uploading it to IPFS. The smart contract uploads the file address hash returned by IPFS to the blockchain. Users must authenticate their identity with their respective authority and obtain an attribute private key. After obtaining the required data file in the system, if it is an encrypted file, the user uses the attribute private key to request decryption from the authority administrator. If the request is successful, the original information is obtained. Authoritative institutions can use user registration information to create an identity-public key association table to track malicious users and identify the responsible parties for malicious events such as key leaks and privacy information disclosures. This invention meets the requirements of security, openness, and traceability for mineral resource data storage, effectively resists collusion attacks between users, and not only changes the existing closed and centralized storage and sharing scheme for big data in the mineral resource industry, but also reduces the computational overhead and communication costs of information encryption, achieving flexible and personalized access control.

[0010] Specifically, the present invention is achieved through the following technical solutions.

[0011] The data security storage and access control method based on attribute classification and hierarchical division of this invention comprises the following steps:

[0012] (S01): The central authority CA initializes the system, publishes the system public parameter PK, retains the system master key MK, directly authorizes the attribute authority AAS, and distributes the key seed s to it. k As a foundational component for generating institutional keys, AAs are initialized using key seeds distributed by CAs to generate institutional attribute sets. Public-private key pairs (ASK) k APK k It also indirectly authorizes its subsidiary authority, AAS, to issue key seeds. x AAS performs organization initialization and generates the attribute set for organization management. and public / private key pairs (aSK) x ,aPK x );

[0013] After inputting an implicit security parameter λ to determine the size of the finite group, the central authority (CA) runs a global initialization algorithm, first selecting two cyclic groups G1 and G2 of prime order r. T For a group, the generator g∈G1, and the bilinear mapping e:G1×G1→G T And randomly select S group elements h1, h2, ..., h S ∈G1. Then, the algorithm generates a pseudo-random function F and a strongly collision-resistant hash function H:{0,1}. * →G1 and two random elements α,β∈Z r Furthermore, it selects key seeds s1, s2, ..., s for N pseudo-random functions. N Assigned to AAs as the base part of the AAs key. The system's public key PK and master key MK are generated according to formulas (1) and (2):

[0014] PK = {G1, G} T ,e,r,g,H,e(g,g) α ,g β} (1)

[0015]

[0016] The CA uploads public parameters to the Information Security Regulatory Consortium Blockchain (ISRCB). The CA's public-private key pair is (CSK=MK, CPK=PK).

[0017] The property structure is initialized according to the following steps:

[0018] Each AA k or aa x Run the AASetup algorithm to generate an organization attribute set and a public / private key pair. AA k or aa x Input the key seed s obtained from its superior authority. k or s x Generate a public / private key pair:

[0019]

[0020]

[0021] (S02): Users use their private identity identifier (UID) representing their true identity to contact their affiliated authority (CA or AA). k or aa xRegister your identity and obtain a public key (UPK). Your affiliated authority dynamically maintains an identity association table (I) and an attribute label table (A) for subsequent identity tracking and attribute revocation. Afterward, the user requests an attribute certificate and attribute private key (decryption key) from their affiliated authority. If you are a temporary system visitor without any affiliated authority, you can only request these from a Certificate Authority (CA).

[0022] The system uses the user's private key from their authoritative institution, a pseudo-random function, and a random index. Generate a public key for the user as follows:

[0023]

[0024] In addition, the authoritative body managing this user records the user's identity information (UID, UPK) in an identity association table maintained by the organization, which is used to monitor the behavior of system users and track the identity of malicious users.

[0025] If a user wants to obtain a certain attribute, they need to apply for an attribute certificate (AC) from their respective authority using their identity identifier (UID) and public key (UPK). The attribute certificate contains the certificate version, serial number, certificate holder, attribute information, certificate validity period, signature information, and signature algorithm. The certificate issuance rules vary depending on the confidentiality level of the attribute being applied for. Issuing a standard attribute certificate only requires the signature of one authority administrator, but issuing a secret-level attribute certificate requires the signatures of t authority administrators, where t is preset by the attribute authority.

[0026] The generation of user attribute private keys is divided into direct generation and indirect generation, depending on the authoritative body to which the user belongs. The specific steps are as follows:

[0027] Direct generation: If the user is an employee of the CA or a system visitor who is not affiliated with any authority, they can directly apply to the CA for an attribute certificate and obtain an attribute key by entering their identity identifier (UID), public key (UPK), attribute certificate (AC), and attribute set. CA executes the following algorithm:

[0028]

[0029] Indirect generation: If the user belongs to AA k or its subsidiary aa x He must obtain the attribute certificate and attribute private key from his affiliated institution. AA k Calculate the private key for user attributes:

[0030]

[0031] aa x The user attribute private key is generated using the following formula:

[0032]

[0033] (S03): When uploading data, the data owner first selects tags or keywords as file classification attributes and decides whether the file needs to be encrypted. Public files visible to all users or secret files decryptable only by a subset of users are uploaded to the public IPFS network, obtaining an encrypted hash (digital fingerprint) generated from the file content returned by IPFS. This digital fingerprint is then uploaded to the PTTPB, a public blockchain for product transaction traceability. Conversely, private information is encrypted and uploaded to a private IPFS network, and the file's digital fingerprint is uploaded to the ISRCB. After the data is uploaded to the blockchain, the file's digital fingerprint, keywords, and corresponding block ID are stored as a data entry in the ISRCB, generating a block ID'. Simultaneously, this data entry and its corresponding block ID' are broadcast in the system as a system announcement and stored in the local database. When a user uploads private information m, it must first be encrypted, and an access control policy τ is established to specify which attributes the user can decrypt.

[0034] The data owner runs an encryption algorithm, inputting information m, system public parameters PK, and access policy τ = (M, ρ). Here, M is an l-row, d-column linear secret-sharing scheme matrix generated by a hierarchical threshold access tree, and ρ is a mapping function that associates each row of M with an attribute chosen by the data owner. This means that each row of M corresponds to an attribute.

[0035] The algorithm first selects a random vector. The values ​​in the vector will be used to share the secret element s. For each i∈[1,l], compute λ. i =M i ·v, where M i The i-th row vector corresponding to M.

[0036] The algorithm calculates the ciphertext portion:

[0037]

[0038] C'=g s (10)

[0039]

[0040] The data owner will use the final ciphertext CT = {C,C',C} i The access strategy is uploaded to IPFS. Since ρ is not present in CT, IPFS and the user cannot know the attributes corresponding to the access matrix, thus achieving the goal of hiding the access strategy.

[0041] (S04): The data requester retrieves the required data entry (file's digital fingerprint, keywords, and corresponding block ID, block ID') by entering keywords in the system announcement. The block ID' is used to verify the authenticity of the data. The requester then obtains the corresponding file from IPFS using the digital fingerprint and verifies the file's integrity using the block ID. If the file is encrypted, the requester uses the ciphertext CT, identity identifier UID, public key UPK, and attribute private key USK to request decryption from the organization administrator. Successful decryption retrieves the original information m. The specific decryption process is as follows:

[0042] (1) First, query the identity association table I. t ={(UID,UPK)} i,i∈[1,U] The system verifies whether the identity information provided by the user is true and accurate, and checks whether the user's private key component K is the one who requested the decryption of the data by calculating the user's private key component K.

[0043] (2) Secondly, the user's attribute set is checked by querying the system attribute undo list (SARL). If any system attributes have been revoked, the revoked attribute is removed from the user's attribute set; otherwise, proceed to the next step. Then, the attribute tagging table is used. Formula (12) is used to check whether any attribute of the data requester has been revoked:

[0044]

[0045] (3) Assumption The target vector is (1,0,...,0). According to LSSS (Linear Secret Sharing Scheme), if the user's attribute set satisfies the threshold tree string corresponding to the access policy, then we can find a set of constants {ω}. i ∈Z r} i∈I , so that the equation ∑ i∈I ω i M i = (1,0,...,0) holds true. According to M, if {λ i Let} be any valid share of the secret s, then ∑ i∈I ω i λ i =s.

[0046] If this decryption process is performed by a CA, its calculation is as follows:

[0047]

[0048] If the decryption is performed by a secondary organization AA k If executed, it will generate:

[0049]

[0050] If it is a third-level organization aa x If the decryption operation is performed, then the following calculation is performed:

[0051]

[0052] Finally, the data requester can obtain the original information m using the formula m = C / D.

[0053] (S05): When an authoritative body discovers a malicious user and needs to trace their identity, it executes an identity tracing algorithm. If their public key is known, the administrator can query the identity association table I. t By obtaining his UID (User Identifier), his true identity can be obtained. If the private key of a malicious user is known, the administrator of his organization can calculate his public key using his private key and then query the identity association table to track the user's identity.

[0054] (S06): After identifying a malicious user, the CA can choose to cancel their account, revoke all their permissions, or revoke certain attributes, making those attributes invalid only for them, while other users still retain the right to use those attributes. Simultaneously, the CA has the right to revoke a system attribute, making that attribute invalid in the system, preventing all users with that attribute from using it. Secondary and tertiary attribute authorities can revoke a specific attribute of a user under their jurisdiction.

[0055] (1) Global Revocation of User Permissions. The CA checks whether the user's identity-key pair (UID, UPK) is in the system's revocation list (GRL). If it is, the user will be denied access to the system. Therefore, the CA can revoke all of a user's permissions immediately by adding the user's identity-key pair to the GRL.

[0056] (2) System Attribute Revocation. The CA also maintains a System Attribute Revocation List (SARL) for revoking system attributes. Its basic components are all attribute revocation lists (ARLs) generated by AASs and uploaded to the Information Security Regulatory Consortium blockchain (ISRCB). The CA only needs to add the system attribute to be revoked... i Adding it to SARL will achieve the purpose of undoing.

[0057] (3) User attribute cancellation. When a user's attribute is cancelled... i When revocation is required, the authority to which he belongs will calculate p. i '=p i *UPK and update the attribute tag table for

[0058] The Traceable and Revocable Multi-Institutional Ciphertext Policy Attribute Base (TR-MA-CPABE) algorithm proposed in this invention not only ensures the security and privacy of information exchange processes but also resists potential collusion attacks. Utilizing white-box tracking technology, it achieves malicious user identity tracking, enabling the revocation of user permissions or attributes without additional computational overhead. This invention realizes secure storage, fine-grained access control, and effective government supervision of data across the mineral resource industry chain, while also promoting the digital intelligent management and transformation and upgrading of the mining industry. The TR-MA-CPABE algorithm of this invention has been proven to be secure under Indistinguishability (IND-CPA) attacks based on the decision-making Bilinear Diffie-Hellman (d-BDH) assumption. The distributed storage and access control system model built using decentralized blockchain technology and IPFS overturns the current state of the mineral resource industry, such as centralized data storage and difficulties in secure sharing of privacy information. It solves the trust crisis caused by the proliferation of false information on the internet, the lack of transparency in supply chain information, and the single traceability channel for mineral products—pain points in the digital and intelligent construction of the mineral resource industry. Data stored on the blockchain possesses characteristics such as persistence and immutability, while data stored in IPFS cannot be deleted. Furthermore, the TR-MA-CPABE algorithm ensures the traceability of user identities and the revocation of permissions. When user disputes arise due to data, data ownership can be quickly established, identifying and making it impossible for malicious actors to deny their actions. Security analysis and performance evaluation demonstrate that this invention has significant advantages in terms of security, practicality, computational overhead, and communication costs. Attached Figure Description

[0059] Figure 1 This is a diagram showing the formation of an access tree structure with hierarchical access control relationships.

[0060] Figure 2 This is a flowchart of the encryption process for the CP-ABE algorithm using the LSSS access structure.

[0061] Figure 3 This is a flowchart of the decryption process for the CP-ABE algorithm using the LSSS access structure.

[0062] Figure 4 A system model diagram for secure storage and access control of mineral resource data.

[0063] Figure 5 Flowchart of algorithms for secure storage and access control of mineral resource data.

[0064] Figure 6 This is a comparison chart of the computational overhead of attribute private key generation in the traceable and revocable multi-agency CP-ABE algorithm of this invention.

[0065] Figure 7This is a comparison chart of the computational overhead of the data encryption process in the traceable and revocable multi-agency CP-ABE algorithm of this invention.

[0066] Figure 8 This is a comparison chart of the computational overhead of the ciphertext decryption process in the traceable and revocable multi-agency CP-ABE algorithm of this invention.

[0067] Figure 9 This is a comparison chart of the computational overhead of user tracking in the traceable and revocable multi-agency CP-ABE algorithm of this invention.

[0068] Figure 10 This is a comparison chart of the communication overhead of system common parameters in the traceable and revocable multi-agency CP-ABE algorithm of this invention.

[0069] Figure 11 This is a comparison diagram of the communication overhead of the system master key in the traceable and revocable multi-agency CP-ABE algorithm of this invention.

[0070] Figure 12 This is a comparison diagram of the communication overhead of attribute private keys in the traceable and revocable multi-agency CP-ABE algorithm of this invention.

[0071] Figure 13 This is a comparison chart of the communication overhead of ciphertext in the traceable and revocable multi-agency CP-ABE algorithm of this invention.

[0072] Figure 14 This is a comparison chart of the computational overhead of the traceable and revocable multi-agency CP-ABE algorithm of this invention and the classic DCPABE algorithm. Detailed Implementation

[0073] The present invention will be further described below with reference to the accompanying drawings and specific embodiments.

[0074] 1. The model structure layout of the present invention.

[0075] like Figure 1 The specific parameters for the overall structure of this invention are defined as follows:

[0076] Central Authority (CA): In the system of this invention, the CA assumes the functions of creation and supervision, possessing the highest management authority. Its main responsibilities include system initialization and monitoring management, distributing key seeds to attribute agencies, distributing public keys and attribute private keys to users under its jurisdiction, and dynamically maintaining a user identity association table for tracking identities and an attribute flag table for revoking user attributes. Simultaneously, it can mediate user conflicts and has the authority to rectify the entire system in the event of significant attacks or losses. Assuming the CA is a fully trusted entity with high computing power and communication capabilities, in the mineral resources industry application scenario of this invention, the Ministry of Land and Resources assumes this role.

[0077] Attribute Authorities (AAs or AAS): In the system proposed in this invention, an AA is an independent trusted node with second-level management authority, undertaken by a mineral resource enterprise group. An AA is a sub-organization of the AA, enjoying third-level management authority. An AA can indirectly authorize the AASs under its jurisdiction to distribute key seeds to the AAS organizations. An AAS or AAS is responsible for issuing attribute certificates and generating private keys to users with its employee status. Furthermore, an AA also has the right to track users within its management domain and revoke attributes in the organizational attribute set it maintains.

[0078] Users: Users include data owners and data requesters, as defined below:

[0079] (1) Data owner: has data that can be uploaded to the system, such as mining information, mineral purity, unit price, total quantity, quota, etc., mineral product sales data, formulates a formula consisting of attributes and thresholds as an access control policy for privacy data, encrypts the information according to the access policy, and then uploads the ciphertext to the InterPlanetary File System.

[0080] (2) Data requester: Query the data you need in the system, obtain the digital fingerprint (addressed cryptographic hash) of the data from the corresponding blockchain, and then download the data from IPFS. If the data is in encrypted form, use your private key to request decryption from the administrator of the institution.

[0081] Administrators: Each authoritative organization has a group of administrators comprised of mid-to-senior level leaders who act as authorized representative nodes. Any administrator can handle regular attribute requests and user attribute private key requests, and is responsible for data decryption.

[0082] Blockchain: The system proposed in this invention comprises two blockchains: the Product Transaction Traceability Public Blockchain (PTTPB) and the Information Security Regulatory Consortium Blockchain (ISRCB). In PTTPB, various mineral resource enterprises and research institutions can trade fairly and freely with unrestricted access. However, only mining groups and mineral resource research institutions certified and approved by a CA can access the ISRB, and the stored information is subject to CA oversight.

[0083] InterPlanetary File System (IPFS): IPFS clusters are divided into public and private clusters. A public IPFS cluster is an open, transparent, distributed network that allows any computer node to connect and access data. Nodes in a private IPFS cluster only connect to nodes that share a secret, and these nodes do not respond to external access. In the solution of this invention, each mining group or research institution stores private data such as internal confidential information, account and transaction information in its private IPFS cluster, and stores the returned file hash value in ISRCB to ensure data security and facilitate government oversight. On the other hand, publishable information such as enterprise qualification information, product price or packaging information, mining and logistics information is stored in the public IPFS cluster, and the file addressing hash value is stored in PTTPB.

[0084] Hierarchical Access Tree: In most existing CP-ABE schemes, access policies are single and independent, leading to repetitive and tedious computational work. To address this challenge, the paper "Attribute-based Hierarchical Access Control with Extendable Policy" in IEEE Transactions on Information Forensics and Security 2022, 17 combines access policies with hierarchical access control relationships and encrypts them simultaneously. For example, if we want to encrypt a series of data m1, m2, m3, m4 with different access policies, the traditional approach is to encrypt them separately. However, if these access policies have a hierarchical relationship, such as... Figure 1 As shown, we can integrate them into an access policy τ and encrypt the data at the same time.

[0085] An efficient method for converting threshold-gate access tree strings to LSSS matrices:

[0086] The paper "On Efficiently Transferring the Linear Secret-Sharing Scheme Matrix in Ciphertext-Policy Attribute-Based Encryption" in IACR Cryptol.ePrint Arch. 2010, 374, proposes a method for efficiently generating an LSSS access control matrix from a threshold access tree. For example, consider a subset C1 = {c1,c2,c3,c4,c5,c6,c7,c8} of a system attribute set, with corresponding attribute values ​​C1 = {'Primary', 'Mineral', 'Product', 'Transaction', 'Contract', 'Leadership', 'Manager', 'Engineer'}. Now, the data owner provides a threshold tree string T = ((c1,c2,c3,2), (c4,c5,1), (c6,c7,c8,1),3) as the access control policy for the ciphertext. T represents the access control policy in the user attribute set. The system contains at least two attributes from c1, c2, and c3, one attribute from c4 and c5, and one attribute from c6, c7, and c8. The algorithm for converting the access strategy T into the LSSS matrix M first initializes the LSSS matrix M = (1) 1×1 The transformation process for the vector L = (T) is as follows:

[0087] 1)M=(1),L=((c1,c2,c3,2),(c4,c5,1),(c6,c7,c8,1),3).

[0088]

[0089]

[0090]

[0091]

[0092] Based on the characteristics of LSSS, for the authorization set that satisfies the access policy represented by the threshold tree string. It is possible to find a solution that satisfies the equation vector set

[0093] Figure 2 This describes the process of encrypting and decrypting information using CP-ABE and the aforementioned conversion methods.

[0094] 2. The mineral resource data security storage and access control scheme of the present invention.

[0095] The specific implementation process of the mineral resource data security storage and access control scheme proposed in this invention is as follows: Figure 3 As shown, the specific implementation process of the attribute-based encryption algorithm using a traceable and revocable multi-agency ciphertext policy is as follows:

[0096] (1) System initialization: After inputting an implicit security parameter λ to determine the size of the finite group, the central authority (CA) runs a global initialization algorithm, first selecting two cyclic groups G1 and G2 of prime order r. T For a group, the generator g∈G1, and the bilinear mapping e:G1×G1→G T And randomly select S group elements h1, h2, ..., h S ∈G1. Then, the algorithm generates a pseudo-random function F and a strongly collision-resistant hash function H:{0,1}. * →G1 and two random elements α,β∈Z r Furthermore, it selects key seeds s1, s2, ..., s for N pseudo-random functions. N Assigned to AAs as a foundational part of the AAs key. The system's public key and master key are:

[0097] PK = {G1, G} T ,e,r,g,H,e(g,g) α ,g β} (16)

[0098]

[0099] The CA uploads public parameters to the Information Security Regulatory Consortium Blockchain (ISRCB). The CA's public-private key pair is (CSK=MK, CPK=PK).

[0100] (2) Attribute Authority Initialization: Each AA k or aa x Run the AASetup algorithm to generate an organization attribute set and a public / private key pair. AA k or aa x Input the key seed s obtained from its superior authority. k or s x Generate a public / private key pair:

[0101]

[0102]

[0103] (3) User Registration: Users send their identity identifier (UID) representing their true identity to the CA to obtain the system's public key. Visitors not affiliated with any organization can request a private key from the CA. The algorithm utilizes the CA's private key, a pseudo-random function, and a random exponent. Generate a public key for the user as follows:

[0104]

[0105] In addition, the organization records users' identity information (UID, UPK) in an identity association table to monitor the behavior of system users and track the identities of malicious users.

[0106] (4) Attribute Certificate Application: Users can apply for an attribute certificate AC from their affiliated organization using their identity identifier UID and public key UPK. The attribute certificate contains the certificate version, serial number, certificate holder, attribute information, certificate validity period, signature information, and signature algorithm. The certificate issuance rules vary depending on the confidentiality level of the applied attribute. For the issuance of ordinary attribute certificates, only one organization administrator's approval and signature are required, but the issuance of secret-level attribute certificates requires t (preset by the attribute organization) organization administrators' signatures.

[0107] (5) User attribute key generation:

[0108] Direct generation: If the user is an employee of the CA or a system visitor who does not belong to any organization, they can directly apply to the CA for an attribute certificate and obtain an attribute key by entering their identity identifier (UID), public key (UPK), attribute certificate (AC), and attribute set. CA executes the following algorithm:

[0109]

[0110] Indirect generation: If the user engages in AA k or its subsidiary aa x He must obtain the attribute certificate and attribute private key from his affiliated institution. AA k Calculate the private key for user attributes:

[0111]

[0112] aa x The user attribute private key is generated using the following formula:

[0113]

[0114] (6) Data Encryption: The data owner inputs information m, system public parameters PK, and access policy τ = (M, ρ). The access policy consists of an l-row, d-column matrix M and a mapping function ρ, where ρ associates the rows of M with attributes selected by the data owner, meaning that each row of M corresponds to an attribute. Furthermore, M is a linear secret-sharing scheme matrix generated by a hierarchical threshold gate access tree.

[0115] First, select a random vector. The values ​​in the vector will be used to share the secret element s. For each i∈[1,l], compute λ. i =M i ·v, where M i The i-th row vector corresponding to M.

[0116] Calculate the ciphertext portion:

[0117]

[0118] C'=g s (25)

[0119]

[0120] The data owner will use the final ciphertext CT = {C,C',C} i The access strategy is uploaded to IPFS. Since ρ is not present in CT, IPFS and the user cannot know the attributes corresponding to the access matrix, thus achieving the goal of hiding the access strategy.

[0121] (7) Data decryption:

[0122] 1) First, query the identity association table I. t ={(UID,UPK)} i,i∈[1,U] The system verifies whether the identity information provided by the user is true and accurate, and checks whether the user's private key component K is the one who requested the decryption of the data by calculating the user's private key component K.

[0123] 2) Secondly, check the user's attribute set by querying the system attribute undo list (SARL). If any system attributes have been revoked, the revoked attribute will be removed from the user's attribute set; otherwise, proceed to the next step. Next, the attribute tagging table will be used. Use the following formula to check if any attribute of the data requester has been revoked:

[0124]

[0125] 3) Assumption The target vector is (1,0,...,0). According to LSSS, if the user's attribute set satisfies the threshold tree string corresponding to the access policy, then we can find a set of constants {ω}. i ∈Z r} i∈I , so that the equation ∑ i∈I ω i M i = (1,0,...,0) holds true. If λ i If ∑ is any valid share of the secret s, then ∑ i∈I ω i λ i =s (Note: There may be multiple different ω) i (Satisfies the equation).

[0126] If decryption is performed by a CA, its computation is as follows:

[0127]

[0128] If it is a secondary institution AA k Performing decryption will generate:

[0129]

[0130] If it is a level three institution AA x If decryption is performed, then the following calculations are performed:

[0131]

[0132] Finally, the data requester can obtain the original information m using the formula m = C / D.

[0133] (8) User Identity Tracking: When an authoritative body discovers a malicious user and needs to track their identity, it executes an identity tracking algorithm. If their public key is known, the administrator can query the identity association table I. t By obtaining his UID (User Identifier), his true identity can be determined. If a malicious user's private key is known, the administrator of their organization can calculate their public key using that private key and then query an identity association table to track the user's identity. For example, a CA can calculate UPK = K / g. α g β To obtain the user's public key.

[0134] (9) User and attribute revocation:

[0135] 1) Global User Revocation. The CA checks if the user's identity-key pair (UID, UPK) is in the system's revocation list (GRL). If it is, the user will be denied access to the system. Therefore, the CA can instantly revoke all of a user's permissions by adding the user's identity-key pair to the GRL.

[0136] 2) System Attribute Revocation. The CA also maintains a System Attribute Revocation List (SARL) for revoking system attributes. Its basic components are all attribute revocation lists (ARLs) generated by AAS and uploaded to the Information Security Regulatory Consortium blockchain (ISRCB). The CA only needs to add the system attribute to be revoked... i Adding it to SARL will achieve the purpose of undoing.

[0137] 3) User attribute cancellation. When a user's attribute is cancelled... i When revocation is required, the authority to which he belongs will calculate p. i '=p i *UPK and update the attribute tag table for

[0138] 3. Safety analysis of the present invention.

[0139] In this section, we demonstrate that the proposed scheme is secure under both choice of access policy and choice of plaintext attack (SAP-CPA) through the following IND-SAP-CPA game.

[0140] Theorem 1: If the decision bilinear Diffie-Hellman (d-BDH) difficulty assumption holds, then under the choice of access strategy and choice of plaintext attack, no adversary can break the TR-MA-CPABE scheme in polynomial time with a non-negligible advantage.

[0141] Suppose we have a probabilistic multinomial-time (PPT) adversary. It has a significant advantage in selective security games targeting our solution. We demonstrated how to build a simulator. To solve the decision-making d-BDH problem. Flip a fair coin μ, given y = (g, g a ,g b ,g s If μ = 1, the simulator is set to W = e(g,g). abs Otherwise, the simulator sets W=R, where R is G. T One of the random elements.

[0142] initialization: Choose to challenge an access structure (M) * ,ρ * ).Then, Random selection And by assuming e(g,g) α =e(g a ,gb )·e(g,g) α Implicitly set α = α' + ab. For each x ∈ [1, S], where S is the number of system attributes, choose a random value. If there exists i satisfying ρ * (i) = x, then let:

[0143]

[0144] In the equation above, i is M * The row number, j is M * The number of columns. Let's assume...

[0145] Phase 1: In this phase Answer from Attribute key lookup, M * By submitting Query the corresponding attribute key, where Access structure M that does not meet the challenge * Let c = -UID-1, β = a, then we can cancel out g, which we don't know how to simulate. ab .then It can be calculated:

[0146] UPK = F α (UID) = g -α (32)

[0147] K = g a (33)

[0148]

[0149] Next, Send USK to

[0150] Challenge: This phase describes the construction of the challenge ciphertext. Give Two pieces of information, m0 and m1, Flip a coin μ∈{0,1} and calculate:

[0151] C = m μ ·W·e(g s , gα') (35)

[0152] C'=g s (36)

[0153] Select random number Using vectors Let's share secrets. Therefore, we cannot simulate g. as This will be negated. Furthermore, components of the challenge ciphertext can be generated:

[0154]

[0155] at last, Output the challenged ciphertext CT = {C, C', C} i ,SARL,M}.

[0156] Phase Two: Same as Phase One.

[0157] guess: Ultimately, it will output a guess about μ, μ′, if μ = μ′. Output 0 indicates otherwise, An output of 1 indicates that it considers W to be a random group element in G1.

[0158] When W is a tuple, and A perfect simulation was achieved, and the following conclusions can be drawn:

[0159]

[0160] When W is a random group element, and Completely unaware of information m μ You can get therefore, It can win the IND-SAP-CPA game with a significant advantage.

[0161] In conclusion, any polynomial-time opponent's advantage in winning the IND-SAP-CPA game is negligible.

[0162] Theorem 2: The scheme presented in this invention provides layered encryption and resistance to collusion attacks, and provides decryption services only to decryption key holders who meet the ciphertext access policy and whose decryption keys have not been revoked by the system.

[0163] Proof: Suppose that the colluders merge the attributes they possess into a single attribute set S, such that it satisfies the equation ∑ i∈S ω i M i = (1,0,...,0). However, because their public keys UPK are different, the owner information on the attribute certificates is inconsistent, which will be detected by the organization administrator when verifying the attribute certificates. When a user requests to decrypt the ciphertext, they need to enter their own UID, UPK, and USK. These three variables must correspond one-to-one and be verifiable, thus confirming that the decryption request was initiated by the holder of the decryption key. In conclusion, there is no possibility of collusion between multiple users.

[0164] 4. Performance evaluation of the present invention.

[0165] Table 1 evaluates the performance of the mineral resource data security storage and access control scheme designed in this invention, and compares it with existing research schemes (Wang S et al. in PLOS One 2018, 13(10) "Traceable ciphertext-policyattribute-based encryption scheme with attribute level user revocation for cloud storage"; Han D et al. in IEEE Transactions on Dependable and Secure Computing 2020, 19(1) "A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection"; Banerjee S et al. in Journal of Information Security and Applications 2020, 53 "Multi-Authority CP-ABE-Based user access control scheme with constant-size key and ciphertext for IoT deployment"; Guo R et al. in The Journal of Supercomputing 2020, 76(7) "An attribute-based encryption scheme with multiple authorities on hierarchical personal health record in Compared to cloud computing, this invention uses a traceable and revocable multi-agency CP-ABE algorithm to achieve secure storage and access control services for mineral resource data. It utilizes blockchain and IPFS technologies to decentralizedly store immutable data, ensuring data immutability and traceability. While protecting data privacy, it also enables one-to-many "personalized" encrypted communication and access control. Furthermore, this solution effectively resists collusion attacks, traces the identity of malicious users, and revokes user permissions or attributes, making it more suitable for mineral transaction supervision and product traceability applications. Simultaneously, the improved algorithm employs a more efficient LSSS access structure and a multi-authority layered encryption system architecture, distributing the workload of the central agency, reducing system computational overhead, and achieving an Indistinguishability-indistinguishability (IND-CPA) security level under chosen-plaintext attacks.In short, the solution proposed in this invention achieves more comprehensive functions and has a wider range of application scenarios.

[0166] Table 1 Performance Evaluation

[0167]

[0168]

[0169] 5. Computational cost analysis of this invention.

[0170] The computational overhead generated during the secure storage and access control of mineral resource data mainly includes the key generation process, data encryption process, ciphertext decryption process, and user tracking process. Table 2 shows the computational overhead of the mineral resource data security storage and access control service of this invention and existing solutions (Shangping Wang et al. in PLOS One 2018, 13(10) "Traceable ciphertext-policy attribute-based encryption scheme with attributelevel user revocation for cloud storage"; Dezhi Han et al. in IEEE Transactions on Dependable and Secure Computing 2020, 19(1) "A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection"; Soumya Banerjee et al. in Journal of Information Security and Applications 2020, 53 "Multi-Authority CP-ABE-Based user access control scheme with constant-size key and ciphertext for IoT deployment"; Rui Guo et al. in The Journal of Supercomputing 2020, 76(7) "An attribute-based encryption scheme with multiple authorities on hierarchical personal health record in The comparison result of "cloud"), where E represents the exponential operation on the multiplicative cyclic group, P represents the bilinear operation, M represents the multiplication operation, S represents the number of system attributes, l represents the number of attributes in the access policy, u represents the number of user attributes, q represents the number of attributes in the user attribute set that satisfy the access policy, c is the length of the minimum cover set associated with the revocation list, n refers to the number of transport nodes with at least one threshold child node in the threshold access tree, h represents the access level in the access tree, v is the number of child nodes of a transport node, m is the number of files in the encryption stage, n k This indicates that it was issued by the authoritative organization AA. kThe number of managed attributes. The algorithm simulation experiment was run on an Ubuntu 16.04LTS system with 8GB of memory and an Intel i5 processor with a frequency of 1.80GHz. The software runtime environment was JDK 11.0.10, IntelliJ IDEA 2020.3.1 and JPBC 2.0.0.

[0171] This invention selects the A-type curve from Java's JPBC library for experimental simulation. The A-type pairing is constructed in the field F of prime number q = 3 mod 4. q The curve y in 2 =x 3 +x, and the pairing is symmetric. Meanwhile, we conducted 1000 tests on the time consumed by the basic group operations used in the above comparison scheme, and the average results showed that the E, P, and M operations consumed 10.511ms, 5.874ms, and 0.143ms, respectively.

[0172] Table 2 Comparison of computational costs

[0173]

[0174]

[0175] Based on the time overhead of the basic group operations and the specific usage in the above schemes, we simulated and compared the time consumption of the algorithms of Wang et al., Han et al., Banerjee et al., and Guo et al. with that of our present invention when the number of attributes is 10-50. Figure 5-8 As shown.

[0176] (1) Key generation time comparison: From Figure 5 It can be seen that when u = 50, the time cost of the scheme of this invention and the schemes of Wang et al., Han et al., Banerjee et al., and Guo et al. in the user key generation stage is 10.797, 1618.837, 595.909, 546.715, and 596.91 ms, respectively. Compared with the schemes of Wang et al., Han et al., Banerjee et al., and Guo et al., this invention saves 99.33%, 98.19%, 98.03%, and 98.19% of the key generation time, respectively.

[0177] (2) Comparison of encryption times: Figure 6For l=50, the encryption time cost of the scheme of this invention and the schemes of Wang et al., Hanetal., Banerjee et al., and Guo et al. is 542.078, 2146.9, 2157.411, 2426.585, and 632.662 ms, respectively. Compared with the other four schemes, this invention saves 74.75%, 74.87%, 77.68%, and 14.32% of the encryption computation cost.

[0178] (3) Comparison of decryption times: In Figure 7 In the above, for q=50, the decryption time cost in the scheme of this invention and the schemes of Wang et al., Han et al., Banerjee et al., and Guo et al. is 831.141, 1172.379, 1464.946, 1932.485, and 1805.1 ms, respectively. Compared with the other four schemes, this invention saves 29.11%, 43.26%, 56.99%, and 53.96% of the decryption computational overhead.

[0179] (4) Comparison of user tracking time: Figure 8 A comparison of the time consumption of user tracking algorithms is described. The proposed scheme in this invention has only one multiplication time on the group, while the computational cost of the schemes by Wang et al. and Han et al. increases linearly with the number of user attributes. When u = 50, the time costs of the proposed scheme and the schemes by Wang et al. and Han et al. are 1.43, 653.083, and 883.094 ms, respectively. Compared with the above two schemes, the proposed scheme saves 99.78% and 99.84% of the tracking time, respectively.

[0180] 6. Communication Overhead Analysis of the Invention

[0181] Assume G1, G T and |Z r | represent groups G1, G2, and field Z, respectively. r The bit lengths are 1024 bits, 1024 bits, and 160 bits, respectively. The communication overhead generated during the secure storage and access control service of mineral resource data mainly manifests in system public parameters, master keys, user private keys, and ciphertext. Table 3 shows the comparison results of communication overhead.

[0182] Table 3 Comparison of Communication Overhead

[0183]

[0184]

[0185] (1) Comparison of common parameter spaces: In Figure 9 In this invention and the schemes of Wang et al., Han et al., Banerjeeet al., and Guo et al., the communication costs of common parameters are 3072, 55296, 6144, and 103424 bits, respectively. k = 50. Compared with the solutions of Wang et al., Han et al., and Banerjee et al., the solution of the present invention saves 94.44%, 50%, and 97.03% of the common parameter storage cost, respectively, but is slightly greater than the solution of Guo et al.

[0186] (2) Master key space comparison: Similarly, in Figure 10 In the middle, for n k =50. The master key sizes of this invention and the schemes of Wang et al., Han et al., Banerjee et al., and Guo et al. are equivalent to 1984,480, 640, 24160, and 9120 bits, respectively. The communication cost of this invention's scheme is higher than that of Wang et al. and Han et al., but compared with the schemes of Banerjee et al. and Guo et al., it saves 91.79% and 78.25%, respectively.

[0187] (3) User key space comparison: In Figure 11 In the above, when u = 50, the storage overhead of the user key in this invention and the schemes of Wang et al., Han et al., Banerjee et al., and Guo et al. are 53248, 105792, 62272, 52224, and 52224 bits, respectively. Compared with the schemes of Wang et al. and Han et al., the scheme proposed in this invention saves 49.67% and 14.49% of the user key storage cost, but the overhead is greater than that of the schemes of Banerjee et al. and Guo et al.

[0188] (4) Ciphertext Space Comparison: Finally, in Figure 12 In the above, for m=10, the ciphertext sizes of the present invention and the schemes of Wang et al., Hanetal., Banerjee et al., and Guo et al. are 16384, 27648, 28672, 26624, and 23552 bits, respectively. Compared with the other four schemes, the scheme of the present invention saves 40.74%, 42.86%, 38.46%, and 30.43% of the ciphertext space.

[0189] Clearly, the encryption / decryption algorithm of this invention significantly reduces computational costs because we utilize a more flexible LSSS structure, reducing bilinear pairing and exponentialization operations. Furthermore, from... Figure 6 and Figure 7 It can be seen that the data encryption and decryption time consumption in the solution of the present invention is minimized.

[0190] Figure 13 A comparison of the time costs of the main steps of the classic DCPABE algorithm proposed by Lewko A et al. in "Decentralizing attribute-based encryption" at the 2011 Annual international conference on the theory and applications of cryptographic techniques is given when the number of attributes is 5. It is clear that the time cost of the algorithm of the present invention is lower than that of the DCPABE algorithm, especially in the encryption and decryption stages.

[0191] The above analysis and experiments demonstrate that the solution presented in this invention exhibits significantly higher efficiency and greater versatility compared to solutions proposed by other scholars. It reduces the time overhead of data encryption, decryption, and user identity tracking, greatly enhancing user experience and the algorithm's practicality. Notably, this solution eliminates the computational overhead of ciphertext and key updates caused by attribute revocation, saving storage space occupied by updated ciphertext and keys.

Claims

1. A data security storage and access control method based on attribute classification and hierarchical division, characterized in that: Follow these steps: (S01): The central authority CA initializes the system, publishes the system public parameter PK, retains the system master key MK, directly authorizes the attribute authority AAS, and distributes the key seed s to it. k As a foundational component for generating institutional keys, AAs are initialized using key seeds distributed by the CA to generate institutional attribute sets. And Institutional Public-Private Key Pairs (ASK) K APK K ), and indirectly authorizes its subsidiary authority AAS to issue key seeds s x AAS performs organization initialization and generates the attribute set for organization management. and public / private key pairs (aSK) x ,aPK x ); The central authority, CA, first inputs an implicit security parameter λ to determine the size of the finite group, and then selects two cyclic groups G of prime order r. 1, G T Generators of a group Bilinear mapping And randomly select S group elements Then, the algorithm generates a pseudo-random function F and a collision-resistant hash function. and two random elements ; In addition, it selects key seeds from N pseudo-random functions. Assigned to AAs as the base part of the AAs key; the system's public key PK and master key MK are generated according to formulas (1) and (2): (1) (2) The CA uploads public parameters to the Information Security Regulatory Consortium Blockchain (ISRCB); the CA's public and private key pair is (CSK=MK, CPK=PK). The property structure is initialized according to the following steps: Each attribute is authoritative by the AA k or sub-authoritative institution aa x Generate an organization attribute set and a public / private key pair; AA k or aa x Input the key seed s obtained from its superior authority. k or s x Generate a public / private key pair: (3) (4) (S02): Users use their private identity identifier (UID) representing their true identity to apply to their respective authoritative authority (CA) or AA. k or aa x Register your identity and obtain the public key UPK; The authoritative body to which a user belongs dynamically maintains an identity association table I and an attribute label table A to facilitate subsequent identity tracking and the revocation of user attributes; then the user applies to the authoritative body to which they belong for an attribute certificate and an attribute private key; If you are a temporary visitor to the system who does not belong to any authoritative organization, you can only apply to the CA; The system uses the user's private key from their authoritative institution, a pseudo-random function, and a random index. Generate a public key for the user as follows: (5) Where α is a random element; In addition, the authoritative organization managing this user records the user's identity information (UID, UPK) in an identity association table maintained by the organization, which is used to monitor the behavior of system users and track the identity of malicious users; If a user wants to obtain a certain attribute, they need to apply for an attribute certificate AC from their respective authority using their identity identifier UID and public key UPK. The attribute certificate contains the certificate version, serial number, certificate holder, attribute information, certificate validity period, signature information, and signature algorithm. The certificate issuance rules vary depending on the confidentiality level of the attribute being applied for. The issuance of a regular attribute certificate only requires the approval and signature of one authority administrator, but the issuance of a secret-level attribute certificate requires the signatures of t authority administrators, where t is preset by the attribute authority. The generation of user attribute private keys is divided into direct generation and indirect generation, depending on the authoritative body to which the user belongs. The specific steps are as follows: Direct generation: If the user is an employee of the CA or a system visitor who is not affiliated with any authority, they should directly apply to the CA for an attribute certificate and obtain the attribute key, entering their identity identifier (UID), public key (UPK), attribute certificate (AC), and attribute set. CA executes the following algorithm: (6) Indirect generation: If the user belongs to AA k or its subsidiary aa x He must obtain the attribute certificate and attribute private key from his affiliated institution; AA k Calculate the private key for user attributes: (7) aa x The user attribute private key is generated using the following formula: (8) (S03): When uploading data, the data owner first selects some tags or keywords as file classification attributes and decides whether the file needs to be encrypted; all publicly visible files or secret files that only some users can decrypt are uploaded to the public InterPlanetary File System (IPFS) network, and the encrypted hash digital fingerprint generated by the file content is returned by IPFS. Then, the digital fingerprint is uploaded to the Product Transaction Traceability Public Blockchain (PTTPB); on the other hand, privacy information is encrypted and uploaded to the private IPFS network, and the digital fingerprint of the file is uploaded to the ISRCB; after the data is uploaded to the blockchain, the digital fingerprint of the file, keywords and the corresponding block ID are stored as a data entry in the ISRCB, and the block ID' is obtained. At the same time, this data entry and the corresponding block ID' are broadcast in the system and stored in the local database as a system announcement; when a user uploads privacy information m, it must be encrypted first, and an access control policy τ is formulated to specify which attributes the user can decrypt; Data owner input information m, system public parameter PK, and access policy Where M is an l-row, d-column linear secret sharing scheme matrix generated by a hierarchical threshold access tree, and each row of M corresponds to an attribute; ρ is a mapping function that associates each row of M with the attribute chosen by the data owner; First, the system generates a random vector. , where s is the secret element; for each ,calculate M i The i-th row vector corresponding to M; Calculate the ciphertext portion: (9) (10) (11) The data owner will ultimately encrypt the text. Uploaded to IPFS; Since ρ is not present in CT, IPFS and users cannot know the attributes corresponding to the access matrix, thus achieving the purpose of hiding the access strategy; (S04): The data requester retrieves the required data from the system announcement by entering keywords: the file's digital fingerprint, keywords, and corresponding block ID and block ID'. The block ID' is used to verify the authenticity of the data. Then, the corresponding file is obtained from IPFS using the digital fingerprint, and the file is verified against tampering using the block ID. If the file is encrypted, the requester uses the ciphertext CT, identity identifier UID, public key UPK, and attribute private key USK to request decryption from the organization administrator. Successful decryption retrieves the original information m. The specific decryption process is as follows: (1) First, query the identity association table. It verifies whether the identity information provided by the user is true and accurate, and calculates the user's private key components. Verify whether the data decryption request is made by the holder of the decryption key. (2) Secondly, the user's attribute set is checked by querying the system attribute undo list (SARL). If any system attributes have been revoked, the revoked attribute is removed from the user's attribute set; otherwise, proceed to the next step. Then, the attribute tagging table is used. ; Use formula (12) to check whether any attribute of the data requester has been revoked: (12) (3) The target vector is (1,0,…,0); according to the linear secret sharing scheme LSSS, if the user's attribute set satisfies the threshold tree string corresponding to the access policy, a set of constants can be found. make the equation Established; It is the effective share of secret s, satisfying ; If this decryption process is performed by a CA, its calculation is as follows: (13) If the decryption is performed by a secondary organization AA k If executed, it will generate: (14) If it is a level three institution AA x If the decryption operation is performed, then the following calculation is performed: (15) Finally, the data requester obtains the original information m using the formula m=C / D; (S05): When an authoritative institution discovers a malicious user and needs to trace their identity, it executes an identity tracing algorithm; if their public key is known, the administrator can query the identity association table I. t By obtaining his identity identifier UID, his real identity can be obtained; if the private key of a malicious user is known, the administrator of the organization to which he belongs can calculate his public key through his private key, and then query the identity association table to track the user's identity. (S06): After tracking down the identity of a malicious user, the CA can choose to cancel his account, revoke all his permissions, or revoke some of his attributes, so that these attributes are invalid only for him, while other users still have the right to use these attributes; at the same time, the CA has the right to revoke a certain system attribute, so that this attribute is invalid in the system, and all users who have this attribute can no longer use it; secondary and tertiary attribute agencies have the right to revoke a certain attribute of the users under their jurisdiction. Global revocation for users: CA checks the user's identity-key pair. Whether the user is in the system's revocation list (GRL) or not, if so, will be denied access to the system; therefore, the CA can revoke all of a user's permissions instantly by adding the user's identity-key pair to the GRL. System Attribute Revocation: The CA also maintains a System Attribute Revocation List (SARL) for revoking system attributes. Its basic components are all attribute revocation lists (ARLs) generated by AAs and uploaded to the Information Security Regulatory Consortium blockchain (ISRCB). The CA only needs to add the system attribute to be revoked to the list. i Adding it to the SARL will achieve the purpose of undoing; User attribute revocation: When a user's attribute is revoked... i When revocation is required, the authority to which he belongs will calculate... And update the attribute tag table. for .