A blockchain based access control scheme with hidden policy and attribute

Abstract

Attribute-based access control, which can provide fine-grained and flexible privacy protection, is widely used in practice. Traditional attribute-based access control schemes require the intervention of a trusted third party, which will cause single point of failure. Due to its decentralized nature, blockchain is now considered as a promising way to solve the above issue. The basic idea of existing blockchain-based access control schemes is to code the access policy into a smart contract. However, the transparency of the blockchain makes it easier for the adversary to explore the public information to launch a privacy attack. In this paper, we propose an attribute-based access control scheme which benefits from the smart contract technology while ensuring the privacy of attributes and policies. An additive homomorphic cryptosystem is utilized to encrypt attributes and access policies. The scheme uses multiple blockchain nodes to collectively decrypt the data, and uses zero-knowledge proof technology to ensure the correctness of the decryption result. Therefore, the smart contract is able to make the authorization decision without actually seeing attributes or policies. We have implemented the proposed access control scheme on Hyperledger Fabric. Simulation results show that the computation overhead introduced by encryption/decryption and zero-knowledge proof is reasonable.