An anonymous attribute-based multi-key searchable encryption method based on blockchain
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- UNIV OF JINAN
- Filing Date
- 2025-03-20
- Publication Date
- 2026-06-19
AI Technical Summary
Existing attribute-based searchable encryption schemes are inadequate in protecting access policies. Unauthorized users may infer sensitive information through access policies, which is especially problematic in fields with high privacy requirements, such as healthcare, leading to a high risk of privacy breaches.
The system employs a blockchain-based anonymous attribute multi-key searchable encryption method. Attribute keys are distributed to doctors through an authoritative central system. Patients encrypt and upload their medical data to the InterPlanetary File System and store it on the blockchain. Doctors generate trapdoors based on the attribute keys to perform queries, ensuring that the access policy is hidden and encrypted. The blockchain verifies the data and returns the ciphertext.
It significantly enhances data privacy protection and access security, improves the accuracy and efficiency of data retrieval, and provides an efficient and reliable data sharing environment.
Smart Images

Figure CN120217414B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network information security technology, specifically to a blockchain-based method for anonymized, multi-keyword searchable encryption. Background Technology
[0002] The rapid development of blockchain technology has brought convenience to many users. With its decentralized, transparent, and immutable characteristics, blockchain can provide efficient distributed computing services while ensuring data security and privacy. However, despite its strong security, blockchain still carries the risk of privacy breaches, especially when processing data containing sensitive information. Therefore, to ensure data privacy and security, data owners typically encrypt their data before outsourcing it to the blockchain, ensuring that privacy and security are maintained even when the data is stored on the blockchain.
[0003] In traditional technologies, simply encrypting data cannot completely solve the privacy protection issues in blockchain applications. To further enhance data security and privacy, researchers have developed attribute-based searchable encryption schemes. These schemes combine attribute-based encryption and search encryption technologies, allowing users to perform controlled searches on encrypted data, thereby retrieving specific information without disclosing the data content. This capability not only makes data retrieval more efficient but also significantly strengthens user privacy protection by restricting access permissions.
[0004] However, most existing attribute-based searchable encryption schemes have significant shortcomings in protecting access policies. Access policies are usually embedded in encrypted data in plaintext, which may allow unauthorized users to infer sensitive information through access policies. This vulnerability could have serious consequences, especially in fields with extremely high privacy requirements such as healthcare. Summary of the Invention
[0005] In order to solve the above-mentioned technical problems, this application proposes the following technical solution:
[0006] In a first aspect, embodiments of this application provide a blockchain-based anonymous attribute multi-keyword searchable encryption method, including:
[0007] S1, After the authoritative center system is initialized, it distributes attribute keys to doctors who request registration. The authoritative center system is used to realize user registration and key distribution.
[0008] S2, the patient encrypts and uploads medical data to the InterPlanetary File System, encrypts the returned hash address and symmetric key, and then sends all the generated ciphertext along with the generated index to the blockchain for verification and storage;
[0009] S3, the doctor generates a trapdoor based on the attribute key and query keyword and sends it to the blockchain for querying. After the blockchain-side encrypted index successfully matches the trapdoor, the corresponding ciphertext is returned.
[0010] S4, the doctor decrypts the ciphertext to obtain the hash address and symmetric key, then obtains the encrypted medical data based on the hash address, and finally decrypts it using the symmetric key to obtain the medical data.
[0011] In one possible implementation, after initialization, the authority center system distributes attribute keys to doctors requesting registration, including:
[0012] S11, the authority center inputs security parameters to initialize the system and generates a system public key, public parameters and a master key. The system public key and public parameters are used to distribute to all users, and the master key is stored by the authority center.
[0013] S12, when a doctor registers in the system, the authoritative center enters the user's identity, system public key and master key, generates identity information and sends it to the blockchain. At the same time, the authoritative center updates the system public key and master key to ensure the security of the system.
[0014] S13, the doctor submits a set of attributes to the authoritative center, and the authoritative center inputs the master key, public parameters, public key and attribute set to obtain the attribute key and sends it to the doctor.
[0015] In one possible implementation,
[0016] S11 includes: Authoritative Center (AC) will provide security parameters. As input, the algorithm selects two prime numbers of order. p Multiplicative cyclic groups G1 and G T And define a bilinear mapping e: G1×G1→G T Let g be a generator of group G1; Less than p The set of positive integers , Define the following five hash functions: , , , , In the specific calculation of the hash function H1, the input... as well as After concatenating the strings, a hash operation is performed; the authoritative center AC randomly selects... And calculate common parameters. The master key of the output system is set to The output public key is The global parameters of the output system are: Para= ;
[0017] S12 includes: when the authoritative center AC receives a doctor's registration request, selecting a random number. The authoritative center AC calculates intermediate results. Finally, the authoritative central control (AC) updates the system's public and master keys, thus obtaining the public key. and master key The authoritative center (AC) will also collect identity information. Send the UL content as part of the list to the blockchain BC;
[0018] S13 includes: taking the system's global parameters Para, public key PK, master key MSK, and attribute set S as input, where S = [S1, ..., Sn]; executed by the authoritative center AC to generate the doctor's key, and the authoritative center AC calculating intermediate results. Calculate key attribute component Output the doctor's attribute key as SK= ...
[0019] In one possible implementation, the patient encrypts and uploads medical data to the InterPlanetary File System (IPS), encrypts the returned hash address and symmetric key, and then sends all the generated ciphertext along with the generated index to the blockchain for verification and storage, including:
[0020] S21, the patient uses a symmetric key to encrypt medical data and uploads the encrypted data to the InterPlanetary File System to obtain the hash address of the ciphertext;
[0021] S22, after selecting a set of keywords and access strategies, hide the access strategies and generate an index;
[0022] S23, the patient encrypts the ciphertext hash address and symmetric key into ciphertext;
[0023] S24 Finally, the patient sends the ciphertext, index, and signature to the blockchain, which then verifies the signature and stores it.
[0024] In one possible implementation,
[0025] S21 includes: randomly selecting a symmetric key K and encrypting medical data m; the patient uploads the encrypted data to the InterPlanetary File System; and the hash address M of the encrypted file is returned.
[0026] S22 includes: taking the system's global parameter Para, public key PK, key set W, and access policy T as input, assuming access policy T = [T1, ..., T]. n and the key set W = [W1, ..., W] n The algorithm uniformly selects random numbers. ,set up The hidden form of the computation access policy is: First, calculate the index vector. The output index is: ;
[0027] S23 includes: encrypting the hash address M and the symmetric key K into ciphertext, and calculating the ciphertext vector. Output ciphertext ;
[0028] S24 includes: selecting a random number Calculate the results separately ; Output ciphertext signature ;Secret Index encrypted CT and digital signature The data is transmitted to the blockchain BC; after receiving the data, the blockchain nodes first encrypt the index. Perform a hash operation on the ciphertext CT to obtain Blockchain BC performs bilinear pairing verification: A blockchain node will encrypt the index if and only if this equation holds true. Encrypted CT and Digital Signature Valid data is stored in a distributed ledger. In one possible implementation, the doctor generates a trapdoor based on an attribute key and a query keyword and sends it to the blockchain for querying. Once the encrypted index on the blockchain side successfully matches the trapdoor, it returns the corresponding ciphertext, including:
[0029] S31, the doctor selects the keywords they are interested in, inputs the keywords and attribute keys to generate a trapdoor, and then sends the trapdoor to the blockchain to make a query request;
[0030] S32: After receiving the doctor's trapdoor, the blockchain checks whether the user's unique identifier is in the user list. If it does not exist, it returns failure. If it exists, it restores the hidden access policy and verifies whether it matches. If the verification passes, the system restores the random elements in the encryption process and verifies the search request by matching keywords. If the keywords match successfully, it returns the encrypted search results; otherwise, it returns failure. Finally, it returns the ciphertext to the doctor.
[0031] In one possible implementation,
[0032] S31 includes: combining the global parameter Para, the public key PK, the doctor's key SK, and the set of keywords of interest. As input, keyword set Set as: Select random number Calculate the trapdoor vectors respectively ; Calculate the trapdoor keyword set component The output trapdoor is ;
[0033] S32 includes: the blockchain BC receiving the trapdoor sent by the doctor. When dealing with the unique identifier IDu of the data user DUu, BC first checks if IDu exists in the UL list; if it does not exist, the user is not allowed to search, and the algorithm outputs ⊥; otherwise, the blockchain BC will restore the ciphertext encrypted using the hidden access policy: Then verify the intermediate results. Is it related to the index vector? The equations must be true and true; if the equation is false, the algorithm terminates immediately and outputs an error identifier. If the condition is met, the verification fails; otherwise, the intermediate element is calculated. Upon receiving D, the blockchain BC performs keyword matching verification, checking whether the following equation holds true: During the keyword matching and verification phase, a multi-keyword indexing mechanism is employed, where the index structure contains n keywords, and the search trapdoor contains... One keyword, satisfying The system employs the following rules when performing keyword matching verification: if any match is successful, the keyword test is considered successful; the blockchain BC will then transmit the new ciphertext. Returned to the doctor, among which Otherwise, it will return. .
[0034] In one possible implementation, the doctor generates a trapdoor based on the attribute key and query keyword and sends it to the blockchain for querying. Once the encrypted index on the blockchain side successfully matches the trapdoor, it returns the corresponding ciphertext, including:
[0035] S41, the doctor enters their attribute key and ciphertext, decrypts to obtain the ciphertext hash address and symmetric key, and sends the ciphertext hash address to the InterPlanetary File System;
[0036] S42, after receiving the ciphertext hash address, the InterPlanetary File System (IPS) sends the encrypted ciphertext to the doctor, who then uses a symmetric key to decrypt the ciphertext and obtain the medical data.
[0037] In one possible implementation,
[0038] S41 includes: taking the system's global parameter Para, key SK, and encrypted text CT' as input, and calculating intermediate results to obtain medical data m. Then the symmetric key is calculated. and ciphertext hash address .
[0039] S42 includes: the doctor sending the encrypted hash address M to the InterPlanetary File System to obtain encrypted data, and using the symmetric key K to decrypt and obtain medical data m.
[0040] In this embodiment, policy information is encrypted and protected during data access, ensuring that attackers cannot obtain sensitive information through policy analysis. This design not only significantly enhances data privacy protection but also fundamentally improves data access security. Furthermore, by integrating blockchain technology, the InterPlanetary File System, and optimized hidden access policies, not only is the privacy and security of data access improved, but efficient and reliable data retrieval and sharing are also achieved, providing users with a more user-friendly and reliable data sharing environment. Multi-keyword search optimization significantly improves the accuracy and efficiency of data retrieval. Attached Figure Description
[0041] Figure 1 A schematic diagram of a system framework provided for an embodiment of this application;
[0042] Figure 2 A flowchart illustrating a blockchain-based anonymous attribute multi-keyword searchable encryption method provided in this application embodiment;
[0043] Figure 3 This is a schematic diagram of the interaction process provided in the embodiments of this application. Detailed Implementation
[0044] The present solution will now be described in conjunction with the accompanying drawings and specific embodiments.
[0045] See Figure 1 The entities participating in this embodiment include:
[0046] **Center of Authority (AC):** A fully trusted entity responsible for generating the system's master key, public key, and public parameters. Based on doctors' needs, the AC creates and securely distributes keys to them, ensuring the security and reliability of key management. **Blockchain (BC):** A semi-trusted entity primarily responsible for storing encrypted data and processing user requests. By utilizing smart contracts, the blockchain can automatically execute predefined rules and logic, ensuring the correct implementation of the scheme. The immutability and transparency of smart contracts provide the system with a high degree of trust and security. **InterPlanetary File System (IPFS):** As a semi-trusted entity, IPFS is responsible for distributed storage of patients' encrypted data. When it receives a doctor's data address request, IPFS returns the corresponding encrypted file. IPFS's distributed storage feature effectively avoids single points of failure, improving data availability and system fault tolerance. **Patient:** The patient is a trusted entity with full control over their own data and is the controller of encrypted data access permissions. The patient is responsible for creating an encrypted index and uploading the encrypted medical data to IPFS to obtain a data address. Subsequently, the patient generates a digital signature to verify the integrity and authenticity of the data and uploads the encrypted index, ciphertext, signature, and user list to the blockchain. The patient's actions ensure the privacy and security of the data. The doctor, a semi-trusted entity, obtains encrypted data by providing a trapdoor to the blockchain and an encrypted data address to IPFS to obtain the encrypted file. The doctor can access the medical data after decryption. However, the doctor might attempt to gain unauthorized access to the medical data.
[0047] Based on the above participating entities, see Figure 2 and Figure 3 The blockchain-based anonymous attribute multi-keyword searchable encryption method provided in this embodiment includes:
[0048] S1. After initialization, the authoritative center system distributes attribute keys to doctors requesting registration. The authoritative center system is used to implement user registration and key distribution.
[0049] In this embodiment, S1 includes: S11, the authoritative center inputs security parameters to initialize the system and generates a system public key, public parameters, and a master key. The system public key and public parameters are used to publish to all users, and the master key is stored by the authoritative center. S12, when a doctor registers in the system, the authoritative center inputs the user's identity, system public key, and master key, generates identity information and sends it to the blockchain. At the same time, the authoritative center updates the system public key and master key to ensure system security. S13, the doctor submits a set of attributes to the authoritative center. The authoritative center inputs the master key, public parameters, public key, and attribute set to obtain an attribute key and sends it to the doctor.
[0050] Specifically, S11 includes: the authoritative center (AC) will assign security parameters. As input, the algorithm selects two prime numbers of order. p Multiplicative cyclic groups G1 and G T And define a bilinear mapping e: G1×G1→G T Let g be a generator of group G1. Less than p The set of positive integers , Define the following five hash functions: , , , , In the specific calculation of the hash function H1, the input... as well as After concatenating the strings, a hash operation is performed. The authoritative center (AC) randomly selects... And calculate common parameters. The master key for the output system is set to... The output public key is... The global parameters of the output system are: Para= ;
[0051] S12 includes: when the authoritative center AC receives a doctor's registration request, selecting a random number. The authoritative center AC calculates intermediate results. Finally, the authoritative central control (AC) updates the system's public and master keys, thus obtaining the public key. and master key The authoritative center (AC) will also collect identity information. Send the UL content as a list to the blockchain BC.
[0052] S13 includes: taking the system's global parameters Para, public key PK, master key MSK, and attribute set S as input, where S = [S1, ..., Sn]. This is executed by the authoritative center AC to generate the doctor's key, and the authoritative center AC calculates intermediate results. Calculate key attribute component Output the doctor's attribute key as SK= .
[0053] S2, the patient encrypts and uploads medical data to the InterPlanetary File System, encrypts the returned hash address and symmetric key, and then sends all the generated ciphertext along with the generated index to the blockchain for verification and storage.
[0054] In this embodiment, step S2 includes: S21, the patient encrypts medical data using a symmetric key and uploads the encrypted data to the InterPlanetary File System to obtain the hash address of the ciphertext. S22, after selecting a set of keywords and an access policy, the access policy is hidden and an index is generated. S23, the patient encrypts the ciphertext hash address and the symmetric key into ciphertext. S24, finally, the patient sends the ciphertext, index, and signature to the blockchain, which verifies the signature and then stores it.
[0055] Specifically, S21 includes: randomly selecting a symmetric key K and encrypting medical data m, the patient uploading the encrypted data to the InterPlanetary File System, and returning the hash address M of the encrypted file.
[0056] S22 includes: taking the system's global parameter Para, public key PK, key set W, and access policy T as input, assuming access policy T = [T1, ..., T]. n and the key set W = [W1, ..., W] n The algorithm uniformly selects random numbers. ,set up The hidden form of the computation access policy is: First, calculate the index vector. The output index is: .
[0057] S23 includes: encrypting the hash address M and the symmetric key K into ciphertext, and calculating the ciphertext vector. Output ciphertext .
[0058] S24 includes: selecting a random number Calculate the results separately Output ciphertext signature ;Secret Index encrypted CT and digital signature The data is transmitted to the blockchain BC. Upon receiving the data, the blockchain nodes first perform an encrypted index... Perform a hash operation on the ciphertext CT to obtain Blockchain BC performs bilinear pairing verification: A blockchain node will encrypt the index if and only if this equation holds true. Encrypted CT and Digital Signature Valid data is stored in a distributed ledger.
[0059] S3, the doctor generates a trapdoor based on the attribute key and query keywords and sends it to the blockchain for querying. After the encrypted index on the blockchain side successfully matches the trapdoor, the corresponding ciphertext is returned.
[0060] In this embodiment, step S3 includes: S31, the doctor selects a keyword of interest, inputs the keyword and attribute key to generate a trapdoor, and then sends the trapdoor to the blockchain for a query request. S32, after receiving the doctor's trapdoor, the blockchain checks if the user's unique identifier is in the user list. If it does not exist, it returns failure. If it exists, it restores the hidden access policy and verifies whether it matches. If the verification passes, the system restores the random elements from the encryption process and verifies the search request by matching keywords. If the keywords match successfully, it returns the encrypted search results; otherwise, it returns failure. Finally, it returns the ciphertext to the doctor.
[0061] Specifically, S31 includes: combining the global parameter Para, the public key PK, the doctor's key SK, and the set of keywords of interest. As input, keyword set Set as: Select random number Calculate the trapdoor vectors respectively Calculate the trapdoor keyword set component. The output trapdoor is... .
[0062] S32 includes: the blockchain BC receiving the trapdoor sent by the doctor. When dealing with the unique identifier IDu of the data user DUu, BC first checks if IDu exists in the UL list. If it does not exist, the user is not allowed to search, and the algorithm outputs ⊥. Otherwise, the blockchain BC will restore the ciphertext encrypted using the hidden access policy: Then verify the intermediate results. Is it related to the index vector? The equations must be equal. If the equation is not true, the algorithm terminates immediately and outputs an error identifier. If the value is zero, the verification failed. Otherwise, the intermediate element is calculated. Upon receiving D, the blockchain BC performs keyword matching verification, checking whether the following equation holds true: In the keyword matching and verification phase, a multi-keyword indexing mechanism is employed, where the index structure contains n keywords, and the search trapdoor contains... One keyword, satisfying The system employs the following rules when performing keyword matching verification: if any match is successful, the keyword test is considered successful. The blockchain BC will then transmit the new ciphertext. Returned to the doctor, among which Otherwise, it will return. .
[0063] S4, the doctor decrypts the ciphertext to obtain the hash address and symmetric key, then obtains the encrypted medical data based on the hash address, and finally decrypts it using the symmetric key to obtain the medical data.
[0064] In this embodiment, step S4 includes: S41, the doctor inputs their attribute key and ciphertext, decrypts it to obtain a ciphertext hash address and a symmetric key, and sends the ciphertext hash address to the InterPlanetary File System (IPS). S42, after receiving the ciphertext hash address, the IPS sends the encrypted ciphertext to the doctor, who then uses the symmetric key to decrypt the ciphertext and obtain the medical data.
[0065] Specifically, S41 includes: taking the system's global parameters Para, key SK, and ciphertext CT' as input, and calculating intermediate results to obtain medical data m. Then the symmetric key is calculated. and ciphertext hash address S42 includes: the doctor sending the encrypted hash address M to the InterPlanetary File System to obtain encrypted data, and using the symmetric key K to decrypt and obtain medical data m.
[0066] In this application embodiment, "at least one" refers to one or more, and "more than one" refers to two or more. "And / or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent the existence of A alone, the simultaneous existence of A and B, or the existence of B alone. A and B can be singular or plural. The character " / " generally indicates that the preceding and following related objects have an "or" relationship. "At least one of the following" and similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one of a, b, and c can represent: a, b, c, ab, ac, bc, or abc, where a, b, and c can be single or multiple.
[0067] The above description is merely a specific embodiment of this application. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the protection scope of this application. The protection scope of this application should be determined by the protection scope of the claims.
Claims
1. A blockchain-based anonymous attribute-based multi-key searchable encryption method, characterized in that, include: S1, After the authoritative center system is initialized, it distributes attribute keys to doctors who request registration. The authoritative center system is used to realize user registration and key distribution. S2, the patient encrypts and uploads their medical data to the InterPlanetary File System (IPS). The returned hash address and symmetric key are then encrypted, and all resulting ciphertext, along with the generated index, is sent to the blockchain for verification and storage, including: S21, the patient uses a symmetric key to encrypt medical data and uploads the encrypted data to the InterPlanetary File System to obtain the hash address of the ciphertext; this includes: randomly selecting a symmetric key. The medical data 'm' is encrypted, and the patient uploads the encrypted data to the InterPlanetary File System, which returns the hash address of the encrypted file. ; S22, after selecting a set of keywords and access policies, hide the access policies and generate an index, including: the system's global parameter Para, public key... Keyword set and access policies As input, assume the access policy and keyword set The algorithm uniformly selects random numbers. ,set up The hidden form of the computation access policy is: First, calculate the index vector. The output index is: ,in: It is a bilinear mapping. For hash functions, For the group generator, It is a random positive integer; S23, the patient encrypts the ciphertext hash address and symmetric key into ciphertext, including: encrypting the hash address... and symmetric keys Encryption into ciphertext is achieved by calculating the ciphertext vector. Output ciphertext ; S24, Finally, the patient sends the ciphertext, index, and signature to the blockchain. The blockchain verifies the signature and then stores it, including: selecting a random number. Calculate the results separately ; Output ciphertext signature Encrypted Index ciphertext and digital signatures The data is transmitted to the blockchain BC; after receiving the data, the blockchain nodes first encrypt the index. and ciphertext Perform a hash operation to obtain Blockchain BC performs bilinear pairing verification: A blockchain node will encrypt the index if and only if this equation holds true. ciphertext and digital signatures The valid data is stored in the distributed ledger; , , , , It is a component of the global parameter para. For the public key Components; S3, the doctor generates a trapdoor based on the attribute key and query keyword and sends it to the blockchain for querying. After the blockchain-side encrypted index successfully matches the trapdoor, the corresponding ciphertext is returned. S4, the doctor decrypts the ciphertext to obtain the hash address and symmetric key, then obtains the encrypted medical data based on the hash address, and finally decrypts it using the symmetric key to obtain the medical data.
2. The blockchain-based anonymous attribute multi-keyword searchable encryption method according to claim 1, characterized in that, After initialization, the authoritative center system distributes attribute keys to doctors requesting registration, including: S11, the authority center inputs security parameters to initialize the system and generates a system public key, public parameters and a master key. The system public key and public parameters are used to distribute to all users, and the master key is stored by the authority center. S12, when a doctor registers in the system, the authoritative center enters the user's identity, system public key and master key, generates identity information and sends it to the blockchain. At the same time, the authoritative center updates the system public key and master key to ensure the security of the system. S13, the doctor submits a set of attributes to the authoritative center, and the authoritative center inputs the master key, public parameters, public key and attribute set to obtain the attribute key and sends it to the doctor. 3.The blockchain-based anonymous attribute-based and multi-key searchable encryption method of claim 2, wherein, S11 includes: The authoritative center AC will assign security parameters. As input, the algorithm selects two prime numbers of order. p Multiplication cyclic group and And define a bilinear mapping ;set up For the group Generators; Less than p The set of positive integers , Define the following five hash functions: , , , , The authoritative center AC is randomly selected. And calculate common parameters. The output system's master key is set to... The output public key is The global parameters of the output system are: Para= ; S12 includes: when the authoritative center AC receives a doctor's registration request, selecting a random number. Intermediate results calculated by the authoritative AC center Finally, the authoritative central control (AC) updates the system's public key and master key, thus obtaining the public key. and master key The authoritative center AC will also include identity information. Send the UL content as a list to the blockchain BC; S13 includes: storing the system's global parameter Para and public key. Master key and attribute set As input, where The process of generating the doctor's key is performed by the authoritative central AC, which also calculates intermediate results. Calculate key attribute component Output the doctor's attribute key. SK = . 4.The blockchain-based anonymous attribute-based and multi-key searchable encryption method of claim 3, wherein, The doctor generates a trapdoor based on the attribute key and query keywords and sends it to the blockchain for querying. Once the blockchain's encrypted index successfully matches the trapdoor, it returns the corresponding ciphertext, including: S31, the doctor selects the keywords they are interested in, inputs the keywords and attribute keys to generate a trapdoor, and then sends the trapdoor to the blockchain to make a query request; S32: After receiving the doctor's trapdoor, the blockchain checks whether the user's unique identifier is in the user list. If it does not exist, it returns failure. If it exists, it restores the hidden access policy and verifies whether it matches. If the verification passes, the system restores the random elements in the encryption process and verifies the search request by matching keywords. If the keywords match successfully, it returns the encrypted search results; otherwise, it returns failure. Finally, it returns the ciphertext to the doctor. 5.The blockchain-based anonymous attribute-based and multi-key searchable encryption method of claim 4, wherein, S31 includes: setting the global parameter Para and the public key. Doctor's Key SK and a set of keywords of interest As input, keyword set Set as: Select random number Calculate the trapdoor vectors respectively ; Calculate the trapdoor keyword set component The output trapdoor is ; S32 includes: the blockchain BC receiving the trap sent by the doctor. and the unique identifier of data user DUu At that time, BC first checked Does it exist in the UL list? If it doesn't exist, user search is not allowed, and the algorithm outputs ⊥; otherwise, the blockchain BC will restore the ciphertext encrypted using the hidden access policy. Then verify the intermediate results. Is it related to the index vector? The equations must be true and true; if the equation is false, the algorithm terminates immediately and outputs an error identifier. If the condition is met, the verification fails; otherwise, the intermediate element is calculated. Upon receiving At that time, the blockchain BC performs keyword matching verification, checking whether the following equation is true: During the keyword matching and verification phase, a multi-keyword indexing mechanism is employed, wherein the index structure includes... The keywords, and the search trap contains One keyword, satisfying The system employs the following rules when performing keyword matching verification: if any match is successful, the keyword test is considered successful; the blockchain BC will then transmit the new ciphertext. Returned to the doctor, among which Otherwise, it will return. . 6.The blockchain-based anonymous attribute-based and multi-key searchable encryption method of claim 5, wherein, The doctor generates a trapdoor based on the attribute key and query keywords and sends it to the blockchain for querying. Once the blockchain's encrypted index successfully matches the trapdoor, it returns the corresponding ciphertext, including: S41, the doctor enters their attribute key and ciphertext, decrypts to obtain the ciphertext hash address and symmetric key, and sends the ciphertext hash address to the InterPlanetary File System; S42, after receiving the ciphertext hash address, the InterPlanetary File System (IPS) sends the encrypted ciphertext to the doctor, who then uses a symmetric key to decrypt the ciphertext and obtain the medical data. 7.The blockchain-based anonymous attribute-based and multi-key searchable encryption method of claim 6, wherein, S41 includes: transferring the system's global parameters Para and the key. SK and ciphertext As input, in order to obtain medical data m, intermediate results are calculated. Then the symmetric key is calculated. and ciphertext hash address ; S42 includes: the doctor sending the encrypted hash address Send to InterPlanetary File System to retrieve encrypted data, using a symmetric key. Decrypt to obtain medical data m.