Data security sharing method based on CP-ABE and blockchain

Abstract

Although the data trading platform has accelerated the flow of data, the current data trading platform still has many problems. According to the characteristics of the blockchain technology, from the aspects of the attack behavior in the blockchain and the security application of the blockchain technology in power transactions, this paper studies the security of the blockchain. Moreover, this article focuses on the privacy protection of the ciphertext strategy in the CP-ABE scheme, and protects the privacy information of the access strategy by designing appropriate ciphertext and key structures and access structure forms. In addition, the system efficiency is improved by computing outsourcing, and solutions to problems in outsourcing computing are proposed. Meanwhile, two efficient and flexible support policy hidden multi-authorization center access control schemes are constructed. Finally, this study analyzes the performance of the model through controlled experiments. The research results show that this scheme has excellent performance.

Keywords

CP-ABE blockchain data security data sharing

1 Introduction

Network security problems have always troubled people and caused greater losses to users. In 2016, hackers hacked into the US presidential election voting system and the Hilary mail system. Moreover, the criminals used the vulnerability of the website to invade the information network of Shandong candidates. Hackers can paralyze the entire network by attacking the network center. They can also enter the network center to tamper with data, steal and falsify identity information, lure users into network traps, and use centralized databases and single points of failure to attack network. The rapid development of Internet technology is accompanied by more and more attention to Internet security issues. At present, computer network security still hides large hidden dangers and is greatly threatened. In response to network security problems, it is necessary to take effective measures to protect computer network security. Macroscopically, improving the level of computer network security will greatly promote the development of my country’s overall computer technology. However, in the face of endless security problems such as information leakage and data loss, traditional security methods cannot effectively prevent the occurrence of network attacks and incalculable losses to users. Therefore, researching and adopting new technologies to meet the actual security needs is a current problem [1]. When the application of cloud computing technology, big data technology, Internet of Things and other technologies is in full swing, blockchain technology, as a heavyweight information technology, has attracted more and more attention [2], and has been favored in various fields. Innovative enterprises, technology giants, cross-border alliances and even central banks and governments of various countries have invested in the research and application of blockchain technology [3]. In 2016, the Central Securities Exchange (NSD) of the Russian Federation announced a pilot project based on blockchain technology. In July 2016, IBM opened a blockchain innovation research center in Singapore. In July 2017, Tsinghua University established the Blockchain Technology Joint Research Center. The open source projects of R3 and HyperLedger abroad are relatively well-known, devoted to the research and experiment of asset contracts, energy transactions, Internet of Things and other aspects, and realize the exchange of value in virtual and digital forms. Blockchain technology is being studied and valued due to its advantages of being decentralized, safe, and difficult to tamper with. The Bitcoin trading platform based on blockchain technology has been operating safely and autonomously since its birth. This aroused great interest from researchers and began to pay attention to the underlying blockchain technology. Blockchain is a decentralized and de-intermediate distributed database, and a credible data network technology. Moreover, it is the core supporting technology of the digital encryption currency system represented by Bitcoin and provides a technical foundation for the construction of trusted and peer-to-peer data security sharing [4]. The characteristics of blockchain technology include transparency, decentralization, distrust, collective maintenance (unchangeable), anonymity, etc. It uses data encryption, time stamping, distributed consensus and economic incentives to ensure the safety of operations. Based on the distributed system, the nodes in the network can achieve point-to-point data sharing, coordination and collaboration, which provides a solution to the problems of high cost, low efficiency and insecure data storage that are common in centralized organizations. The analysis of security technology based on blockchain was developed under this background and demand.

The information age has arrived, and more and more emerging technologies are emerging, and technology can better serve us and solve many of the difficulties we are facing. However, when we are faced with the cross-domain interconnection of different types of databases, there is a problem how to safely, efficiently store, transfer, and share sensitive data. When the amount of data in some areas is large and the amount of data in some areas is small, how to balance the problems that need to be solved urgently. With the development of science and technology, these problems become more and more difficult to ignore. In the information age, all kinds of data are spread across terminal devices, networks, and clouds. The owner and custodian of the data are often not one person, but the authenticity and security of the data during the transmission process are solely the responsibility of the custodian.

2 Related work

The literature [5] proposed a blockchain method for access control management and secure data storage. This solution stores encrypted data in a trusted third-party escrow service and records event logs on the blockchain. However, there is no trusted third party in the real world, which brings the risk of data disclosure, and it also faces many difficulties for data owners to upload data to the cloud. The literature [6] proposed a blockchain-based data sharing system and used Ethereum’s smart contracts as the basis to propose a distributed information management system, called MedRec, which is used as a decentralized record management system for EMR. They provide miners with access to the original data and reward the data to the bookkeeper. However, the efficiency of data usage is not satisfactory, and it is illegal to collect patient data and use them as rewards. The literature [7] introduced in detail the disadvantages of using cloud storage technology to establish a data sharing system in the medical field. Moreover, the literature also raised the possible challenges of using blockchain technology in medical data sharing such as privacy protection. In another field, the existing time synchronization solutions can certainly achieve time synchronization, but most of the solutions are time stamps that can be utilized by malicious nodes in the network. If the slave nodes need to synchronize with the master node through multiple hops, they cannot resist attacks from malicious time stamps. The malicious timestamp can infect or act as an intermediate node, walk around the slave node with the wrong precise time, and spread the wrong time from the slave node to other nodes, which will cause the entire system time to be unavailable. Similar to other distributed systems, literature [8] proposed a robust flood time synchronization protocol (FTSP) suitable for low communication bandwidth. This protocol is suitable for medium-sized multi-hop networks and has strong robustness to topology changes and node failures. Moreover, the protocol is particularly suitable for applications requiring strict accuracy in wireless platforms with limited resources. However, the security of data usage is not satisfactory, and malicious time stamps can easily replay or bind attacks on the system. The literature [9] introduced in detail the security authentication version of NTP, called ANTP, which is used to prevent asynchronous attacks. It is designed to minimize public key operations on the server side by rarely using public key cryptography to perform key exchanges, and then only rely on symmetric cryptography to process subsequent time synchronization requests. Symmetric cryptosystem is the core of the scheme security, so it actually determines that the scheme’s ability to resist attacks is limited. The characteristics of the blockchain’s ledger disclosure are verifiable and the data cannot be tampered with, which naturally has an advantage in the security and trustworthiness of private data. The various nodes of the system coordinate and cooperate with each other to achieve the safe and efficient sharing of private data [10]. However, there are problems such as the efficiency of encryption and decryption, and the low efficiency of data upstream and downstream.

In terms of blockchain security, attacks against blockchain mainly include double-flower attacks, selfish mining, witch attacks, and eclipse attacks. According to the existing research literature, the selfish mining attack is a mining strategy that selectively publishes blocks and is a mining pool composed of some mining nodes. Foreign scholars mainly study and analyze selfish mining from the aspects of mining strategy and prevention strategy. A selfish miner can increase his relative mining income by hiding blocks. Related research shows that transactions conducted without the confirmation of the block are unsafe. The more confirmed the number, the safer the transaction [11]. Eyal and Sirer of Cornell University first proposed the concept of selfish mining and studied it. When using selfish mining attacks, a mining pool that initially had only 33% of the mining power can gradually obtain more than 50% of the mining power [12]. In the early days of research, selfish mining was considered as a block discard attack [13]. The literature [14] discussed the influence of propagation delay factors on the effectiveness of blockchain attacks in selfish mining attacks. For selfish mining, literature [15] proposed a measure that uses unforgeable timestamps to prevent selfish mining. The literature [16] adopted a subversive mining strategy to design a specific and practical block to resist attacks. In order to ensure the security of the system, the literature [17] studied the computing power threshold of selfish mining and proposed a strategy to limit the computing power of selfish mining, which is similar to the research in this paper. The literature [18] proposed a backward compatible defense block hiding mechanism, and a block that has not been published will be ignored.

3 Scheme construction

This section details a series of algorithm steps of the access control scheme proposed in this chapter, including system initialization, attribute anonymization, data encryption, access authorization, data decryption, and user revocation.

System initialization will complete system parameter settings, including global initialization and attribute authorization center initialization.

Global initialization can be expressed as: $(GlobalSetup (λ) \to {GP, aid, uid})$ (1)

CA first selects a system safety parameter λ, and then selects two multiplicative cyclic groups G and G_T of prime order p. We set g to be the generator of G and G_T, and set e : G × G → G_T to bilinear mapping. CA chooses two hash functions: H : { 0, 1 } ^* → G_T maps the identity identifier to group elements, and H′ : G_T → Z_p maps the group elements to integers. Then CA chooses random number η ∈ Z_p to generate global common parameter GP [19]: $GP = {p, G, G_{T}, e, g, g^{η}, H, H^{l}}$ (2)

In addition, all AA and users must register with CA to obtain globally unique identifiers aid and uid that prove their legal identity.

Property authorization center initialization $(AuthSetup (GP, aid) \to {{ATK}_{aid}, {SK}_{aid}, {PK}_{aid}})$ (3)

In the system, the attributes managed by each AA are different from each other. AA with identifier aid is defined as AA_aid, and the set of attributes it manages is S_aid. When AA_aid is initialized, for each attribute x in S_aid, the random number α_aid, β_aid, h_x, γ_x ∈ Z_p is selected, and then the attribute public key and attribute private key of AA_aid are calculated as follows: ${PK}_{aid} = {e {(g, g)}^{α_{aid}}, e {(g, g)}^{β_{x}}, g^{h_{x}}}$ (4) ${SK}_{aid} = {α_{aid}, β_{x}, h_{x}, γ_{x}}$ (5)

Finally, AA_aid randomly selects φ_aid, ψ_aid ∈ Z_p and calculates the attribute conversion key: ${ATK}_{aid} = {g^{φ_{aid}}, ψ_{aid}}$ (6)

Attribute conversion: $(AttrTrans (GP, {ATK}_{aid}, S) \to S')$ (7)

When the system executes the user attribute conversion algorithm, it inputs the global common parameter GP, attribute conversion key ATK_aid, and attribute set S. For each attribute x in the attribute set S, the following calculation is performed: $S' = {x' | x' = e (g^{φ_{aid}}, H {(x)}^{ψ_{aid}})}$ (8)

Each attribute in S is anonymized, so that anonymized attribute set S′ is obtained. The algorithm can achieve anonymization of attributes to protect the sensitive information contained in the attributes, thereby protecting the privacy information contained in the access strategy [20].

Data encryption $(Encrypt (GP, {PK}_{aid}, M, T) \to CT)$ (9)

First, the data owner DO sends the attribute set corresponding to the access policy T to the AA, and the AA performs the attribute conversion algorithm to calculate the anonymous attribute set $S_{T}^{'}$ corresponding to the access policy and sends it to the DO.

A is defined as the secret sharing matrix of l × n, and function ρ maps one row of the matrix to an attribute in $S_{T}^{'}$ . Then, DO chooses a secret random number s ∈ Z_p and a random vector $v = (s_{1}, s_{2}, \dots, s_{n}) \in Z_{p}^{n}$ , among them, s₁, s₂, ⋯ , s_n is used to share the secret s. Then the random vector $ω \in Z_{p}^{n}$ is selected, the first term of which is 0. A_i is defined as the i-th row of matrix A, and λ_i = A_i · v, ω_i = Aω is calculated. For i∈ { 1, 2, ⋯ , n }, the random number μ_i ∈ Z_p is selected, and the ciphertext is calculated:

$CT = {\begin{matrix} (A, ρ) & C_{0} = Me (g, g) \sum_{aid} α_{aid} s \\ C' = g^{s} & C_{v} = H' (e (g, g) \sum_{aid} α_{aid} s) \\ C_{1, i} = g^{η λ_{i}} g^{- h_{ρ (i)} μ_{i}} & C_{2, i} = g^{μ_{i}} \\ D_{1, i} = e {(g, g)}^{β_{ρ (i)} μ_{i}} & D_{2, i} = g^{γ_{ρ (i)} μ_{i}} g^{ω_{i}} \end{matrix}}$ (10)

In the ciphertext, C′, C_1,i, and C_2,i are attribute ciphertexts for decryption, D_1,i and D_2,i are used for attribute authentication, and C_v is used to verify the correctness of the outsourced decryption calculation. Then, the ciphertext will be sent to the cloud server for storage.

End users who want to request data from the cloud server need to obtain system access authorization first. The end user’s access authorization is achieved through the attribute authorization center issuing keys related to their attributes to the user. The following is the detailed process of the key generation algorithm [21].

Key generation $(\begin{matrix} KeyGen (GP, uid, {SK}_{aid}, S) \to \\ {{UAK}_{x, aid}, {ProxK}_{aid, uid}, {USK}_{uid}} \end{matrix})$ (11)

When an end user whose user identifier is uid wants to access data, the private key belonging to the end user is first obtained from the relevant AA.

The difference from the traditional scheme is that in this scheme, when the authorization center AA_aid assigns an attribute set S_aid,uid to the end user EU_aid,

AA_aid must first perform an attribute conversion algorithm to anonymize each attribute in S_aid,uid to obtain an anonymous attribute set S′_aid,uid, and send the set to the cloud server. On the cloud server, S′_aid,uid associated with the user identity identifier uid will be stored in the attribute database belonging to EU_aid. When the user requests decryption, the proxy server will read the anonymous attribute related to the user from the database.

For each attribute x ∈ S′_aid,uid, AA_aid generates an attribute authentication key: ${UAK}_{x, aid} = g^{β_{x}} H {(uid)}^{γ_{x}}$ (12)

Then, AA_aid calculates separately $\begin{matrix} P_{x, aid} = g^{h_{x} / σ_{uid}} \\ K_{aid, uid} = {(g^{α_{aid}} g^{η})}^{1 / σ_{uid}} \\ L_{uid} = g^{1 / σ_{uid}} \end{matrix}$ (13)

Thus, the proxy decryption key is obtained: ${ProxK}_{aid, uid} = {P_{x, aid}, K_{aid, uid}, L_{uid}}$ (14)

Finally, AA_aid chooses a random number σ_uid ∈ Z_p and calculates the user decryption key belonging to EU_aid: ${USK}_{uid} = {σ_{uid}}$ (15)

After completing the above calculation, AA_aid sends the user decryption key USK_uid to EU_aid, and sends the key set {ProxK_aid,uid, UAK_x,aid} to the cloud server.

Through the above process, user EU_aid is authorized to perform data access according to the permissions corresponding to his attribute set.

When an end user whose user identifier is uid initiates an access request, PS needs to read the user’s attribute set and proxy key from the cloud server. In order to prevent illegal users from maliciously requesting proxy decryption and occupying PS’s computing resources, in this solution, the CSP will first run the attribute authentication algorithm to match the correct anonymous attribute and proxy key for the user, and then run the proxy decryption algorithm after passing the authentication. The ciphertext is decrypted, and finally the plaintext is recovered by the user.

The following will introduce the details of attribute authentication, proxy decryption, proxy decryption result verification, and user decryption algorithm.

Attribute authentication $(UserAuthen (GP, GT, uid, {UAK}_{x, uid}) \to v_{uid})$ (16)

After receiving the data access request, the CSP selects the constant set {c_i∈ Z_p } to make ∑c_iA_i = (1, 0, ⋯ , 0). The following calculation is performed to obtain the authentication result indicator: $\begin{matrix} v_{user} = \prod_{i} {(\frac{D_{1, i} e (H (uid), D_{2, i})}{e ({UAK}_{ρ (i), uid}, C_{2, i})})}^{c_{i}} \\ = \prod_{i} e (H (uid), g^{ω_{i} c_{i}}) \end{matrix}$ (17)

When v_uid = 1, CSP finds the attribute set S′_uid matching uid and the relevant proxy key, and then sends it to PS. PS executes the proxy decryption algorithm; otherwise, v_uid ≠ 1, it failure to match the correct anonymous attribute and proxy key indicates that the request was maliciously initiated by an illegal user, and CSP will reject the request.

Proxy decryption $(ProxyDec (GP, CT, v_{uid}, {ProxK}_{aid, uid}) \to CT')$ (18)

The prerequisite for proxy decryption algorithm execution is v_uid = 1. When the conditions are met, PS chooses the constant set ${{\tilde{ω}}_{i} \in Z_{p}}$ . If {λ_i} is a legal share of secret s, then $\sum {\tilde{ω}}_{i} λ_{i} = s$ . $\begin{matrix} {CT}_{aid} = \frac{e (C', K_{aid, uid})}{\prod_{i} (e (C_{1, i}, L_{uid}) e (C_{2, i}, P_{ρ (i), uid})) {\tilde{ω}}_{i}} \\ = e {(g, g)}^{s α_{aid} / σ_{uid}} \end{matrix}$ (19)

Then the partially decrypted ciphertext is calculated: $CT' = \prod_{aid} = e {(g, g)}^{s α_{aid} / σ_{uid}} = e {(g, g)}^{\sum_{aid} α_{aid} s / σ_{uid}}$ (20)

Then the PS sends the obtained agent decrypted ciphertext to the user.

Proxy decryption verification $(ProxyVerify (CT, CT', GP) \to v_{Proxy})$ (21)

Since the proxy server is semi-trusted, part of the decrypted ciphertext may be attacked when it is sent to the end user, so that the part of the decrypted ciphertext received by the end user is wrong, and the correct plaintext cannot be recovered. And once this happens, the end user cannot know.

Therefore, the scheme in this chapter proposes a verification method for confirming the correctness of partially decrypted ciphertext. The specific process is as follows.

The input is ciphertext CT and partially decrypted ciphertext CT′. The user calculates whether the following equation holds: $C_{v} = H' (CT')$ (22)

If the equation holds, then we set v_Proxy = 1, which means that the result of the outsourcing calculation is correct. Otherwise, v_Proxy = 0, which means that the proxy server returned the wrong part of the decrypted ciphertext.

User decryption: $(UserDec (GP, CT, CT', {USK}_{uid}) \to M)$ (23)

After receiving the CT′, the end user uses the user’s decryption key USK_uid to perform the following calculations: $CT'' = CT'^{σ_{uid}}$ (24)

Then the user runs the proxy decryption verification algorithm to get the verification result v_Proxy. If v_Proxy = 1, it indicates that the decryption result of the proxy is successfully verified, and the end user performs the following calculations: $M = C_{0} / CT''$ (25)

After the above calculation, the user gets the data plaintext M requested for access.

User revocation: $(User Re voke (L_{K}, L_{Sattr}, uid) \to L_{K}, L_{Sattr})$ (26)

When the cloud server receives the user’s cancellation instruction (a user’s user identifier uid), the key set {ProxK_aid,uid, UAK_x,uid} and attribute set S_uid belonging to the user will be deleted from the corresponding database on the cloud server to obtain the updated proxy key and attribute list (L′_K, L_S′attr).

After the two pieces of data are deleted, the proxy server cannot obtain the corresponding key, and cannot perform outsourced decryption. Therefore, the end user will not be able to obtain part of the decrypted ciphertext, and the plaintext cannot be recovered. In this way, the user’s access rights are revoked. In addition, the user does not need to update the key and re-encrypt the ciphertext during the revocation process, so it is very efficient [21].

4 Case analysis

(1) Data decryption calculation

For i ={ 0, 1, 2, ⋯ , n }, Σ_iω_iλ_i = s is known. Then

\begin{matrix} {CT}_{aid} = \frac{e (C', K_{aid, uid})}{\prod_{i} (e (C_{1, i}, L_{uid}) e (C_{2, i} P_{ρ (i), uid,})) {\tilde{ω}}_{i}} \\ \frac{e = (g^{s}, g^{σ_{aid}} g^{η})^{1 / σ_{uid}}}{\prod_{i} (e (g^{η λ_{i} g^{- h} ρ (i)}, g^{1 / σ_{uid}}) e (g^{μ_{i}}, g^{h_{x} / σ_{uid}})) {\tilde{ω}}_{i}} \\ = e (g, g)^{s σ_{aid} / σ_{aid}} \end{matrix}

(27)

Therefore $\begin{matrix} \frac{C_{0}}{{CT}^{' σ_{aid}}} = \frac{C_{0}}{(\prod_{aid} {CT}_{aid})^{σ_{aid}}} \\ = \frac{Me (g, g) Σ_{aid σ_{{aid}^{s}}}}{e (g, g) Σ_{aid σ_{{aid}^{s}}}} \\ = M \end{matrix}$ (28)

(2) Attribute authentication calculation

According ω_i = A_i · ω, we can know that ω · (1, 0, ⋯ , 0) = 0. Then, $\begin{matrix} v_{user} = \prod_{i} {(\frac{D_{1, i} e (H (uid), D_{2, i})}{e ({UAK}_{ρ (i), uid}, C_{2, i})})}^{c_{i}} \\ = \prod_{i} (\frac{e {(g, g)}^{β_{ρ (i)} μ_{i}} e (H (uid), g^{γ_{ρ (i)} μ_{i}} g^{ω_{i}})}{e (g^{β_{x}} H {(uid)}^{γ_{x}}, g^{μ_{i}})}) c_{i} \\ = \prod_{i} {e (H (uid), g)}^{c_{i} A_{i} ω} \\ = e {(H (uid), g)}^{ω \cdot (1, 0, \dots)} \\ = 1 \end{matrix}$ (29)

In summary, this solution satisfies the correctness.

Next, the security analysis of the program is carried out, which mainly includes access policy hiding analysis, data confidentiality analysis, anti-collusion analysis, and CPA security certification.

(1) Access policy hiding

This solution has designed a method of escrow and authentication of anonymized attributes on the basis of anonymization of attributes, so as to realize the privacy protection of the access policy more safely. It mainly includes the following two aspects.

1) Attribute anonymization

In this scheme, a one-way anonymous key agreement protocol is used to anonymize each attribute x to x′ = e ((g^{φ
_uid}) ^{ψ
_aid}, H (x)). Due to the confusion of index ψ_aid, without key material H (x) ^{ψ
_aid}, no entity can derive x through x′. Before AA publishes attributes, each attribute is anonymized by an attribute conversion algorithm, and after the attribute is published, it will be stored securely in the cloud server.

2) Anonymous attribute authentication

This scheme designs an attribute authentication algorithm, and introduces authentication materials D_1,i, D_2,i, and H (uid) in the ciphertext and attribute authentication key, respectively. There is an intermediate result of e (H (uid) , g₁) ^{ω
_i} during the authentication process. Only when the identifier uid of the end user requesting decryption is the same as the uid contained in the key material can the authentication result v_user = 1 be calculated. At this time, the verification is successful, otherwise the verification fails, and CSP cannot start the proxy decryption service. This ensures that the anonymous attribute hosted on the cloud server can be correctly matched with the user, thereby ensuring that the PS only responds to the decryption request of the legitimate user. The process of attribute authentication is secure, and at the same time, this process does not reveal any information about user attributes.

In short, on the one hand, this solution anonymizes user attributes and access policies; on the other hand, for this anonymized attribute, this solution designs an authentication scheme to ensure the verifiability of the attribute. In this way, it is ensured that the attribute information is not leaked, and the efficiency and security of the data access system are not reduced. Therefore, this solution meets the privacy protection of the access policy.

(2) Data confidentiality

For illegal users, as described in the attribute verifiability analysis described above, they cannot pass the user authentication process, so they cannot request the anonymous attribute set promulgated by the AA from the CSP and cannot perform the proxy decryption process. It is impossible to restore the ciphertext to the correct plaintext, thus ensuring the data confidentiality of the system.

For users whose attribute set does not satisfy the access policy in the ciphertext, ω_i ∈ Z_p cannot be found to make Σ_iω_iλ_i=s. Analysis of the correctness of decryption calculations shows that users who do not meet the access policy will not be able to complete the proxy decryption operation and will not be able to obtain part of the decrypted ciphertext. So that the final decryption cannot be completed.

5 Model building

Common consensus mechanisms are classified according to the application scenarios of public chains, alliance chains, and private chains. This section mainly classifies consensus mechanisms from the scope of the consensus mechanism. The consensus mechanism is a mechanism that the blockchain system relies on to achieve consistency, and all participating nodes will be in the node pool. According to the role of the node, the consensus mechanism can be divided into three parts: transaction consensus, accounting consensus and verification consensus, as shown in Fig. 1. 1. Transaction consensus: The transaction node first processes the transaction on the blockchain, changes the read and write status of the transaction, then generates a transaction request to execute the smart contract, and broadcasts the transaction request to the blockchain network. 2. Accounting consensus: After receiving the transaction request, the accounting node executes the smart contract according to the transaction request, stores the resulting contract execution result and transaction request in the brought-out block, and broadcasts the block.3. 3. Verification consensus: After the block is broadcast, the verification node verifies the rationality of the block. Generally, it takes 6 blocks to verify. If the block is legal, the block is valid, and the block is on the chain.

Fig. 1

Classification of consensus nodes.

We classify the existing main consensus mechanisms according to transaction consensus, accounting consensus and verification consensus, as shown in Fig. 2.

Fig. 2

Classification of consensus mechanism.

For the hierarchical verification processing of transaction information, the system architecture is shown in Fig. 3, which mainly includes five parts: users, transaction consensus, accounting consensus, verification consensus and blockchain.

Fig. 3

System architecture.

In this process, in order to achieve transaction consensus, accounting consensus and verification consensus, we adopt a supervisable consensus mechanism based on improved DPOS+PBFT.

The scheme based on multi-channel off-chain transaction processing is shown in Fig. 4, which mainly includes 4 modules: user, smart contract, miner and blockchain.

Fig. 4

System structure diagram of transaction processing in multi-channel chain.

The blockchain ledger is the core of the model, and has the characteristics of openness, transparency, and tamper resistance. The list of transactions screened by the miners is connected through the Merkle tree in the blockchain ledger. If the total number of transactions is assumed to be n, the specific process of processing n transactions is as follows: (1) We assume that T = T1,T2,⋯Tn is transaction information; (2) H(T) = F(H (first half of T), H (second half of T)); (3) H is a hash function, and F is a one-way function;4. In the blockchain, H = F = SHA256. Note: When n is not an index value of 2, the half-hash transaction can be directly uploaded from the hash value corresponding to the child node to the hash value corresponding to the parent node. The formation of Merkle is shown in Fig. 5.

Fig. 5

Merkle formation process.

Multi-channel and single-channel based HTLC are combined, as shown in Fig. 6. Because the principle of each channel is the same as the HTLC of a single channel, both need only use the same random number R and hashed number H(R).

Fig. 6

Multi-channel HTLC transaction structure diagram.

If A wants to pay 1.5 BTC to B through the three channels above, each channel pays 0.5 BTC to B. At this time, the assumed handling fee is 0.01 BTC, and the actual handling fee for third parties is much lower than this. The transaction process is shown in Fig. 7, which ensures the security of the transaction process.

Fig. 7

HTLC transaction process diagram.

In the process of time synchronization, if the adjacent node of the time source is a malicious node, it may cause a very bad impact. Since the subsequent nodes cannot distinguish the time received from other nodes by themselves, they need to seek the help of the system. If the system cannot help the node to identify the time inaccuracy, the node will have a time synchronization error, which may affect the time synchronization accuracy of subsequent nodes. We assume that some neighboring nodes of the time source are malicious. According to the difference between the malicious nodes and the time source, the analysis system may be affected. We compared this scheme with STETS and TPSN, and then analyzed the safety performance of this scheme through simulation results. The results are shown in Fig. 8 and Table 1.

Fig. 8

Comparison diagram of different system security.

Table 1

Comparison table of different system security

	STETS	TPSN	Our scheme		STETS	TPSN	Our scheme
1	4	0	90	26	39	46	94
2	7	2	90	27	41	48	95
3	10	4	90	28	41	50	95
4	10	6	91	29	43	52	95
5	10	9	91	30	44	54	95
6	14	10	91	31	45	55	95
7	18	13	91	32	46	58	96
8	19	17	91	33	46	58	96
9	21	17	91	34	47	58	96
10	24	18	91	35	48	59	96
11	25	18	92	36	52	59	97
12	27	27	92	37	54	61	97
13	29	30	92	38	58	61	97
14	32	31	92	39	59	67	97
15	32	31	92	40	59	68	98
16	33	32	92	41	63	69	98
17	33	33	93	42	65	76	99
18	33	34	93	43	66	77	99
19	33	34	93	44	67	78	99
20	34	35	93	45	69	79	99
21	34	36	93	46	70	82	99
22	36	38	93	47	71	83	100
23	37	41	94	48	72	83	100
24	37	43	94	49	74	90	100
25	38	45	94	50	75	94	100

Considering the consensus process and the convergence process are two independent processes.The simulation results show that when the number of nodes and the number of devices increase, it will lead to an increase in the convergence time of our scheme. In distributed time synchronization mode and flooding time synchronization mode, normal neighboring nodes can only synchronize with four nodes. In our solution, time nodes can synchronize with up to 200 nodes or devices at the same time. When the number of nodes is less than 200, the distributed time synchronization protocol requires multiple hops between nodes to complete time synchronization. In addition, the more hops required, the longer the time required. In an ideal situation, our scheme only needs one round to achieve time synchronization, which makes our scheme converge faster. When there are too many time nodes and terminal devices, the broadcast efficiency of time nodes will become one of the key factors limiting the convergence time. If the number of nodes requiring synchronization time in one round is greater than 200, then the time node needs another round to synchronize the time of the remaining nodes. The greater the number of time nodes or terminals to be synchronized, the less obvious the advantage. We conducted an experimental simulation on the computer, and the measured data is shown in Table 2 and Fig. 9.

Table 2

Comparison table of convergence time of different systems (Partial)

	STETS	TPSN	Our scheme		STETS	TPSN	Our scheme
1	0.018	0.031	0.038	26	1.100	0.907	0.675
2	0.043	0.104	0.042	27	1.161	0.911	0.729
3	0.075	0.109	0.080	28	1.313	0.932	0.733
4	0.126	0.135	0.119	29	1.317	0.933	0.743
5	0.146	0.215	0.151	30	1.319	0.986	0.771
6	0.181	0.230	0.192	31	1.351	0.989	0.775
7	0.188	0.271	0.198	32	1.442	0.993	0.781
8	0.220	0.290	0.203	33	1.445	1.015	0.821
9	0.299	0.300	0.234	34	1.532	1.052	0.879
10	0.334	0.315	0.274	35	1.568	1.088	0.918
11	0.427	0.337	0.305	36	1.637	1.111	0.945
12	0.470	0.369	0.307	37	1.880	1.116	0.970
13	0.520	0.370	0.369	38	1.901	1.296	0.977
14	0.561	0.416	0.375	39	1.969	1.340	1.063
15	0.567	0.419	0.388	40	1.973	1.492	1.134
16	0.642	0.486	0.401	41	1.983	1.525	1.135
17	0.644	0.539	0.416	42	1.988	1.525	1.143
18	0.655	0.578	0.436	43	2.060	1.536	1.151
19	0.717	0.593	0.457	44	2.081	1.556	1.188
20	0.866	0.711	0.458	45	2.136	1.581	1.197
21	0.886	0.764	0.478	46	2.154	1.690	1.199
22	0.895	0.778	0.484	47	2.161	1.714	1.212
23	0.900	0.791	0.597	48	2.254	1.730	1.243
24	0.922	0.869	0.652	49	2.263	1.767	1.258
25	0.987	0.882	0.663	50	2.294	1.811	1.268

Fig. 9

Comparison diagram of convergence time of different systems.

6 Conclusion

Blockchain model infrastructure,How to choose a reasonable consensus mechanism for different application scenarios, how to ensure system security and efficiency, and how to effectively solve the network congestion problem when the block capacity is limited have become some of the first problems to be solved. The accurate time distribution and protection scheme of the Internet of Things based on the blockchain is to ensure that the synchronized time is real and effective through the consensus mechanism of the blockchain. Moreover, it relies on the verifiable characteristics of the distributed ledger to ensure that the node will not maliciously tamper with the precise time to affect the time synchronization.

This article focuses on the privacy protection of the ciphertext strategy in the CP-ABE scheme, and protects the privacy information of the access strategy by designing appropriate ciphertext and key structures and access structure forms. Moreover, this study improves the system efficiency by computing outsourcing, and proposes solutions to the problems in outsourcing computing, and constructs two efficient and flexible multi-authorization center access control schemes that support policy hiding. The time service system in the scheme allows multiple time sources to provide time services for blockchain systems in different application scenarios. After simulation and analysis verification, it is found that the scheme has excellent performance.

Footnotes

Acknowledgments

This work was supported in part by Key Research and Development Program of Shandong under grant 2019GNC106034, in part by Facility Horticultural Laboratory Funding Project in Shandong universities under grant 2019YY003, and in part by Weifang University of Science and Technology Doctoral Fund Project under grant 2017BS19.”

References

Crosby

, Pattanayak

, Verma

, et al., Blockchain technology: Beyond bitcoin[J], Applied Innovation 2(6-10) (2016), 71.

Zheng

, Xie

, Dai

H.N.

, et al., Blockchain challenges and opportunities: A survey[J], International Journal of Web and Grid Services 14(4) (2018), 352–375.

Dinh

T.T.A.

, Liu

, Zhang

, et al., Untangling blockchain: A data processing view of blockchain systems[J], IEEE Transactions on Knowledge and Data Engineering 30(7) (2018), 1366–1385.

Risius

and Spohrer

, A blockchain research framework[J], Business & Information Systems Engineering 59(6) (2017), 385–409.

Yli-Huumo

, Ko

, Choi

, et al., Where is current research on blockchain technology?—a systematic review[J], PloS one 11(10) (2016), e0163477.

Khan

M.A.

and Salah

, IoT security: Review, blockchain solutions, and open challenges[J], Future Generation Computer Systems 82 (2018), 395–411.

Cong

L.W.

and He

, Blockchain disruption and smart contracts[J], The Review of Financial Studies 32(5) (2019), 1754–1797.

Sun

, Yan

and Zhang

K.Z.K.

, Blockchain-based sharing services: What blockchain technology can contribute to smart cities[J], Financial Innovation 2(1) (2016), 1–9.

Biais

, Bisiere

, Bouvard

, et al., The blockchain folk theorem[J], The Review of Financial Studies 32(5) (2019), 1662–1715.

10.

Guo

and Liang

, Blockchain application and outlook in the banking industry[J], Financial Innovation 2(1) (2016), 24.

11.

Abeyratne

S.A.

and Monfared

R.P.

, Blockchain ready manufacturing supply chain using distributed ledger[J], International Journal of Research in Engineering and Technology 5(9) (2016), 1–10.

12.

Dai

and Vasarhelyi

M.A.

, Toward blockchain-based accounting and assurance[J], Journal of Information Systems 31(3) (2017), 5–21.

13.

Bahga

and Madisetti

V.K.

, Blockchain platform for industrial internet of things[J], Journal of Software Engineering and Applications 9(10) (2016), 533–546.

14.

Fanning

and Centers

D.P.

, Blockchain and its coming impact on financial services[J], Journal of Corporate Accounting & Finance 27(5) (2016), 53–57.

15.

Treleaven

, Brown

R.G.

and Yang

, Blockchain technology in finance[J], Computer 50(9) (2017), 14–17.

16.

Xiong

, Zhang

, Niyato

, et al., When mobile blockchain meets edge computing[J], IEEE Communications Magazine 56(8) (2018), 33–39.

17.

Zhao

and Sun

, Government subsidies-based profits distribution pattern analysis in closed-loop supply chain using game theory, Neural Computing and Applications 32(6) (2020), 1715–1724.

18.

Halaburda

, Blockchain revolution without the blockchain?[J], Communications of the ACM 61(7) (2018), 27–29.

19.

Mengelkamp

, Notheisen

, Beer

, et al., A blockchain-based smart grid: towards sustainable local energy markets[J], Computer Science-Research and Development 33(1-2) (2018), 207–214.

20.

Gatteschi

, Lamberti

, Demartini

, et al., To blockchain or not to blockchain: That is the question[J], IT Professional 20(2) (2018), 62–74.

21.

Zhou

and Tan

, Electrocardiogram soft computing using hybrid deep learning CNN-ELM, Appl Soft Comput 86 (2020).