Research On Key Technologies Of Data Sharing Based On Multi-Authority Attribute-based Proxy Re-encryption

Attribute-Based Encryption(ABE)schemes uses bilinear pairing-based cryptography and a secret sharing mechanism that represents a specific access strategy to encrypt data.The data can only be decrypted by users who have the corresponding key of the attribute set.It is widely used in access control of shared storage.The multi-authority ABE scheme has multiple attribute authorities,increasing the source of attributes and decentralize the authorities' master keys,which improves the diversity of access strategies and encryption security;the attribute-based proxy re-encryption allows users to securely outsource the computation of data sharing to a third party,reducing local computing and increase access control flexibility.The multi-authority attribute-based proxy re-encryption scheme combines the advantages of the two types of schemes to provide data sharing encryption methods with more security,more flexible access control,and richer access strategies.It has important research significance.However,there is no work yet to propose this type of scheme.To solve the above problems,this paper adopts a specific secret obfuscation method to construct ciphertext,and proposes a multi-authority attribute-based proxy re-encryption scheme.Based on the proposed scheme,the paper implements a private medical data sharing system in distributed environments.The work in the article is mainly divided into the following three parts:(1)The paper proposed a Multi-Authority Ciphertext-Policy Attribute-Based Proxy Re-Encryption(MA-CP-ABPRE)scheme.The scheme uses the public key of the authorities to obfuscate the secret value,constructs a specific ciphertext structure and proxy re-encryption related functions,and allows the owner with data access to outsource the computing task to a third-party proxy to perform re-encryption to generate a new ciphertext that can be decrypted to the receiver.The data owner and authorization center in the system have the ability to control the availability of re-encryption.The authorities can update and revoke users' attributes.The paper proved the safety of the scheme.(2)The paper realized a medical data secure sharing system based on MA-CP-ABPRE.Aiming at the problem of the secure sharing of user private medical data in a distributed multi-user and multi-medical institution scenario,this article combines the MA-CP-ABPRE scheme,blockchain technology and distributed identity identifier technology to propose B/S architectured private medical data sharing system framework,and implements the system's identity and access control module,smart contract module,and re-encrypted data sharing module.(3)The feasibility and effectiveness of the above scheme and system are verified through experiments.It mainly includes:functional testing and performance testing of the MA-CP-ABPRE scheme,smart contract functional testing of the private medical data sharing system,and system workflow testing.Experiments show that this scheme has similar computational complexity in each phase compared to the scheme that does not support proxy re-encryption.Data sharers using proxy re-encryption can save about 50%of local computing time.The smart contract in the private medical data sharing system implements the designed functions.All parties in the system can view basic account information through the system page,and complete operations and transactions of data sharing.