Research On Access Control And Data Editing Mechanism Of Blockchain

Blockchain can store data in a chain structure to ensure that the data is true and immutable,so that it can establish trust in a complex environment,which is conducive to solving data tracing,anti-counterfeiting,and accountability in the fields of the Internet of Things and supply chain.However,in the Internet of Things and the supply chain,the requirements for data access control are more complicated.The current blockchain mechanism cannot meet these requirements.The performance is as follows: On the one hand,while the data owner is sharing production data,because the data involves in the case of business secrets,data owners only want to share data with a subset of users,which is a forward access control,while restricting access by other unauthorized users;at the same time,data users need to perform reverse access control verification on whether the data attributes published by the data owners meet the requirements.The existing classic blockchain solution has only a simple identity verification mechanism,which cannot meet the abovementioned users' needs for simultaneous access control in both forward and reverse directions.On the other hand,in the process of access control,enterprises often need to increase or cancel data access authorization to other enterprises to protect their own interests,which requires changes to the access strategy,and the change of access control policy depends on the support of editable function of block data.Therefore,it is extremely important to design a blockchain that can provide two-way access control and data editing functions without compromising the credibility of blockchain data.In response to the above problems,this paper studies the two-way access control mechanism of the blockchain and the editable blockchain,and designs a feasible solution in combination with specific use scenarios.The main tasks are as follows:(1)Aiming at the problem of requiring two-way access control mechanism in blockchain application scenarios,a distributed outsourcing dual strategy ABE(Attribute-Based Encryption)scheme is proposed.In this scheme,the dual strategy ABE is designed first to meet the user's requirement of two-way access control.Secondly,in order to adapt to the distributed environment of the blockchain,a distributed key generation protocol is introduced on the basis of the dual strategy ABE to realize distributed authorization.Thirdly,in order to reduce the computing pressure brought by the dual strategy ABE to lightweight devices in the Internet of Things and other fields,a ciphertext encryption and decryption outsourcing solution was designed based on the dual strategy ABE to meet the application demand of more and more lightweight devices in the future.Finally,the security analysis shows that the scheme is polynomial safe under the chosen-plaintext attack.(2)Aiming at the problem that the change of the blockchain access control strategy requires the support of the blockchain editing function,an editable blockchain scheme based on record verification tree and multisignature is designed.First of all,in order to realize the modification and deletion of block records,a binary and trigeminal hybrid tree is designed in the block structure.The leaf nodes of the tree contain two verification parameters for verification records and edit requests to ensure the record and edit requests,respectively.Secondly,in order to ensure the credibility of the block data editing,the scheme requires stakeholders to approve the editing request and sign multiple signatures before editing the data owned by users,so as to effectively limit the user's data editing behavior.Finally,the security analysis and experimental results show that the scheme in this paper can achieve credible,legal and safe modification and deletion of data while ensuring the integrity of the block structure.