Research On Methods Of Identity Management And Data Sharing Based On Blockchain

With the rapid development of technologies such as big data and cloud computing,the degree of digital informatization of our society is getting higher.While online services begin to accumulate,the security threats facing online services are also becoming more serious.Fortunately,the emerging blockchain can establish a stable trust system between participants,while the distributed ledger of the blockchain makes all data and on-chain operating processes open and transparent.Identity management is the cornerstone of online services,and data sharing is the main goal of online services.This thesis conducts the following research work on identity management and data sharing in blockchain:1.In response to the current centralized digital identity management system being threatened by identity fragmentation and single points of failure,we proposed a zeroknowledge-proof-based digital identity management scheme in blockchain(BZDIMS).With the help of zero-knowledge proof,the BZDIMS realizes the secret issuance of user attributes and the unlinkability of identity and address in the transparent blockchain.The challengeresponse protocol in the scheme allows users to disclose their attribute ownership to the service provider selectively.The user's access to the service will not be redirected to the identity provider to protect the privacy of the user's behavior.Performance evaluation and security analysis show that the BZDIMS achieves effective identity privacy protection and a wider range of applications.2.Aiming at the centralized power caused by the single attribute authority(AA)in current attribute-based encryption(ABE)schemes and the problem that cloud servers are curious and even malicious,we design a blockchain-based revocable ABE data sharing scheme with multiple authorities(MA-RABE).In this solution,a group of AAs complete user attribute distribution,key generation and user management through the user binary tree and secret sharing.Besides,the scheme adopts the linear secret sharing scheme with the hidden policy so that other participants cannot obtain useful information from the policy embedded in the ciphertext.The solution also supports the cloud server to pre-decrypt the ciphertext,and the data user only needs to perform exponentiation operation once to obtain the plaintext from the pre-decryption result.Theoretical and performance analysis shows that the scheme has reliable security and lower user revocation and ciphertext update overhead.