Attribute-Based Private Data Sharing With Script-Driven Programmable Ciphertext and Decentralized Key Management in Blockchain Internet of Things

Abstract

In this article, we address the problem of secure sensitive data sharing for the specified recipients in Blockchain Internet of Things (BIoT). To do it, we present a cryptographic solution to meet the requirements of decentralization and convenience through key management and programmable ciphertext. First, we design a new ciphertext-policy decentralized-key attribute-based encryption (CP-DK-ABE) scheme. After the master secret key is shared into all full nodes in the form of threshold secret sharing, a decentralized multiparty computation protocol is used to generate the user’s private key in an interactive way. Meanwhile, the attribute subkeys associated with the private key can be reconstructed by obtaining a fragment from each of full nodes, so as to achieve the cooperative management of attribute key through all of full nodes. Furthermore, following the blockchain’s script system, we introduce five new opcodes to represent ciphertext in the programmable format. Such a mechanism provides flexible capability to represent the logical relationship of the access control policy among attribute subciphers in the CP-DK-ABE ciphertext by the scripting language. As a result, the processes of encryption and decryption are implemented entirely by the script interpreter on the blockchain node, thereby greatly improving the convenience of programming in BIoT devices. In addition, we prove that the proposed CP-DK-ABE scheme is key private and semantically secure for a limited number of corrupted full nodes under the decisional linear and bilinear Diffie–Hellman assumption, respectively.