Professional Documents
Culture Documents
ABSTRACT Digital data certified by reputable organizations hold significant value and are often shared or
stored on the internet. However, several challenges arise: (1) How to ensure the anonymity of
organizations issuing certificates? (2) How to securely store valuable digital data within the system? and (3)
How can individuals verify the reliability of shared data while maintaining content confidentiality, and how
to ensure the safety, transparency, and fairness of the data sharing process? To address these challenges,
we propose a comprehensive framework comprising data producing, data storing, and data sharing
schemas. In the data producing schema, we implement a group signature scheme for a consortium of
reputable organizations offering similar services. Each organization within the group processes raw data
from a data owner to generate valuable digital data and issues a certificate on the ciphertext of this data.
In the data storing schema, the data owner uploads their data to the public Inter-Planetary File System
network and records the access address of the stored data along with the corresponding certificate on the
blockchain ledger. In the data sharing framework, every participant within the system has the capability to
confirm the trustworthiness of shared data prior to initiating a data sharing request with the data owner.
The data sharing process is facilitated through a smart contract, and involved parties are required to
escrow funds to incentivize honesty. The data storing and sharing schemas ensure various security
properties, including confidentiality, integrity, privacy, non-repudiation, and anonymity, thereby
addressing the aforementioned challenges comprehensively.
3
one object with an empty link field. Otherwise, the argument arg, output 1 if and only if arg was
file is divided into 256 KB chunks, managed using generated by tracing or 0 indicating failure.
the Merkle DAG (Merkle Directed Acyclic Graph)
A group signature scheme must satisfy the
data structure.
security requirements [39]: Unforgeability,
anonymity, unlinkability, no framing, and
C. GROUP SIGNATURE
unforgeability of tracing verification.
Group signatures, as introduced by Chaum and van
TABLE 1. Notations
Heyst [38], enable a member of a group to sign a
message anonymously on behalf of the group. Notation Description
λ Security parameter
Verifiers can confirm the validity of the signature
n Number of group members
without knowing which specific group member [n] The set of 1,...,n
performed the signing. A typical group signature H The cryptographic hash function
scheme consists of three main components: group k String concatenation
members, a group manager, and a revocation make_proc(x) The function produces a raw data x to
digital data
manager. The group manager oversees the
:≡ The procedure can be executed through
establishment and management of the group,
human intervention.
while the revocation manager handles the process
Rand_Key(·) Random key generation algorithm
of revoking the anonymity of group members who Ek(x) Symmetric encryption of x using key k
have signed a particular signature. Upon Dk(x) Symmetric decryption of x using key k
registration and approval by the group manager, a PCS(x,k) The public-key cryptosystem with a
group member gains the ability to sign digital data message x and a key k
on behalf of the group.Definition 1. (Group IV. THE PROPOSED SCHEMES
signature). A group signature scheme GS = In this section, we will propose the system model,
(KeyGen,Sign,Verify,Tracing,Vertracing) consists of threat model, security features, system setup, and
the following five algorithms [39]: proposed schemes. The paper provides the
notations used, listed in Table.
• (gpk,gmk,grk,gsk) ← KeyGen : On
input 1 and 1 , output the group’s public key
λ n
A. SYSTEM MODEL
gpk, the membership manager’s secret key Fig. 1 presents our system model. There are four
gmk, the revocation manager’s secret key grk, parties in our schemes.
and gsk is an n-element vector of keys with (i) Data owner: DO is a person who owns
gsk[i] being the secret signing key of element raw data (RD),DO provides RD to a particular DP
i, for generating MD. DO has the right to store and
1 ≤ i ≤ n. share MD, unaltered or modified, for those in
• σ ← Sign(gpk,gsk[i],M): Given the group’s need.
public key gpk, a secret key gsk[i] of the i-th (ii) A group of DPs: Which is created by the
group member, and a message M, issue a group manager, each DP is an organization that
signature σ. has the function and means for generating MD
• 0,1 ← Verify(gpk,M,σ): Given the group’s from the DO’s RD. Data Processor (DP) does not
public key gpk, a message M, and a signature possess ownership of Metadata (MD) and thus
σ, output 1 if the signature is valid, otherwise lacks the authority to offer or utilize MD without
0. the consent of the Data Owner (DO).. DPs in the
• (i,arg) ← Tracing(σ,M,grk,gpk): Given a group provide the same type of service.
signature σ, a message M, the revocation (iii) Data user: DU is a person or organization
manager’s secret key grk, and the group’s who wouldlike to use MD created by DP.
public key gpk, outputs an identity i ∈ [n] and (iv) Decentralized storage (DS): DS mainly
an argument arg. stores EMDand returns the address of EMD to DU.
• 0,1 ← Vertracing(σ,M,gpk,i,arg): Given a
We use a public IPFS as DS.
signature σ, a message M, a group public key (v) Blockchain system: We use BC to reserve
gpk, an identity i of a group member, and an informationof MD and achieve data sharing. The
4
group manager predefined policies in the smart systems.. Such nodes’ compromise the
contracts to ensure data sharing securely. confidentiality of stored data.
• Data Sharing: There are DO, DU, IPFS and BC
systems involved. We assume DO and DU are
untrusted, IPFS and BC systems are similar to
Data Storing scheme. Specifically, DO may
provide the invalid decryption key of EMD to
DU, and DU may submit a dispute resolution
request while it has received the valid
decryption key of EMD.
C. SECURITY FEATURE
System security features as follows:
• Confidentiality: Only authorized individuals
can access the content of EMD stored on BC
and IPFS..
FIGURE 1. Our general system model • Integrity: DO is unable to tamper with the
data received from DP.
• Privacy: Based on data stored on BC,
Our system offers Data Producing, Data Storing, everyone cannot know which DP DO
and Data Sharing defined as follows: cooperated.
• Data Producing: Which is a manual • Non-repudiation: Parties cannot deny
procedure, where RD from DO as input, it transactions they have submitted in the data
outputs MD and some related information sharing scheme.
(generated by DP) to DO. • Anonimity: Everyone cannot know the real
• Data Storing: Using EMD and the relevant name of participants take part in the data
information provided by the Data Owner (DO) storing and sharing schemes, and cannot
as input, the system stores EMD on IPFS and distinguish which DP generated MD.
initiates a blockchain transaction to store the
access address of EMD (on IPFS) along with D. SYSTEM SETUP
the related information. 1) THE GROUP OF DPs
The group manager chooses a security parameter λ
• Data Sharing: Upon receiving a store and the group signature scheme GS to generate
transaction on the blockchain as input, the keys for n group member. Specifically, the group
system verifies the integrity of the Metadata manager has a public/private key pair (PKGM,SKGM);
(MD) and executes the smart contract to the revocation manager owns a public key PKRM
enable Data Users (DU) to access the and a private key SKRM; gsk[i] and IdDP[i] are a
Metadata.. private key and an identifier of the i-th group
member respectively, where 1 ≤ i ≤ n; and along
B. THREAT MODEL with the group public key (GPK).
In each of our schemes, we consider the following
threat model. 2) THE BLOCKCHAIN SYSTEM
• Data Producing: DO and DP are involved. We DO, DU, and the group manager each initializes an
assume both DO and DP are trusted. account on BC system. Particularly, DO owns a
• Data Storing: DO, IPFS, and BC systems are public key PKDO and a private key SKDO; DU also has
involved. We presume DO is trusted, and that a public key PKDU and a private key SKDU; Similarly,
IPFS nodes and BC nodes faithfully adhere to the group manager has a public/private key pair
the predefined protocol. However, it's (PKBCGM,SKBCGM). On the BC network, users use
acknowledged that these nodes may have their public key as a BC address, for instance PKDU
access to the contents of data stored on the is as DU’s BC address, each transaction must be
5
signed by the transaction’s initiator. The BC system Step 4: DP encrypts DP's IdDP and K using PKDO
provides the public BC address. and PCS provided by the system. The output is
labeled as DPInfo
Step 5: DP encrypts DP’s IdDP and K using PKDO
and PCS provided by the system, resulting in
DPInfo.. Step 6: DP encrypts DPInfo and IdMD
using PKRM and PCS.. The output is denoted by
EId.
Step 7: DP generates a signature on EMD using
the Sign algorithm of GS, alongside the group
public key gpk and the group member secret
key of DP, referred to as gks[i]. The resulting
output is denoted by SD.
Step 8: The certificate of MD (denoted by CERT)
includes SD and EId.
Step 9: The algorithm produces EMD, CERT,
and DPInfo as outputs.
Top of Form
. (3) DP sends EMD, CERT, and DPInfo to DO
via a secure channel.
FIGURE 2. Our proposed data producing scheme
(4) After receiving data from DP, DO verifies the
E. DATA PRODUCING
accuracy of MD and DPInfo as follows: Step 1: DO
In the data producing scheme, DO transfers RD to
decrypts DPInfo using SKDO and PCS
a particular DP in the group, for instance the i-th
IdDP[i] k K ← PCS(DPInfo,SKDO)
DP. After receiving RD, DP performs the Produce
algorithm to generate MD, CERT, and DPInfo. To Step 2: DO compares IdDP[i] with the DP’s
guarantee the confidentiality of MD within the information that DO knew before. If they are the
data storing and sharing schemes, DP encrypts MD same, go to the next step. Otherwise, stop
to create EMD and subsequently generates a CERT verifying.
for EMD.. Later, DP sends these result data to DO Step 3: DO decrypts EMD using K and the
via the security channel. After receiving the results decryption algorithm:
data, DU verifies the accuracy of MD and DPInfo.
MD ← DK(EMD)
In this scheme, DO and DP are considered to know
each other, therefore, it is not necessary to secure Step 4: DO recalculates an identifier for MD:
the identity of each other. This means that DO
knows the identifier of the DP and the group public IdMD ← H(MD)
key of the group of DPs. The data producing
scheme is described in Fig. 2, Steps involved: Algorithm 1: Produce
8
16: end FIGURE 6. The transactions in the Share_Data contract
12
13