TY - GEN
T1 - Enhancing Permissioned Blockchains with Controlled Data Authorization
AU - Liu, Qichang
AU - Zhang, Xufeng
AU - Duan, Sisi
AU - Zhang, Haibin
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024.
PY - 2024
Y1 - 2024
N2 - Blockchains provide data with availability and integrity. Many applications, however, also require strong confidentiality, a goal that conventional blockchains fail to achieve. This work enhances permissioned blockchains based on Byzantine fault tolerance (BFT) with the ability to manage confidential data in a controlled manner. For this goal, we formally define threshold encryption with controlled authorization (ECA). In an ECA scheme, writers can send transaction messages to readers via servers (e.g., blockchain servers). There are many challenges for ECA — decoupling writers and readers, message confidentiality, reliability of the system, and the tolerance of malicious behaviors. We define the syntax for the ECA system and formalize three security notions for ECA, namely token verifiability, t-robustness, and t-collusion resistant CPA security. We propose an ECA scheme and provide formal proofs of these notions for our proposed ECA scheme. Our ECA scheme decouples writers and readers with the help of servers. The token verifiability guarantees all the servers obtain the right tokens from writers. The t-robustness makes sure our ECA scheme runs well even if t malicious servers implement active attacks. The t-collusion resistant CPA security guarantees message privacy from servers, even if t servers collude with each other to implement active attacks. Finally, we offer an efficient ECA construction satisfying all these security notions.
AB - Blockchains provide data with availability and integrity. Many applications, however, also require strong confidentiality, a goal that conventional blockchains fail to achieve. This work enhances permissioned blockchains based on Byzantine fault tolerance (BFT) with the ability to manage confidential data in a controlled manner. For this goal, we formally define threshold encryption with controlled authorization (ECA). In an ECA scheme, writers can send transaction messages to readers via servers (e.g., blockchain servers). There are many challenges for ECA — decoupling writers and readers, message confidentiality, reliability of the system, and the tolerance of malicious behaviors. We define the syntax for the ECA system and formalize three security notions for ECA, namely token verifiability, t-robustness, and t-collusion resistant CPA security. We propose an ECA scheme and provide formal proofs of these notions for our proposed ECA scheme. Our ECA scheme decouples writers and readers with the help of servers. The token verifiability guarantees all the servers obtain the right tokens from writers. The t-robustness makes sure our ECA scheme runs well even if t malicious servers implement active attacks. The t-collusion resistant CPA security guarantees message privacy from servers, even if t servers collude with each other to implement active attacks. Finally, we offer an efficient ECA construction satisfying all these security notions.
KW - Confidentiality
KW - Controlled authorization
KW - Fine-grained access control
KW - Permissioned blockchain
KW - Threshold encryption
UR - http://www.scopus.com/inward/record.url?scp=85200506761&partnerID=8YFLogxK
U2 - 10.1007/978-981-97-5101-3_1
DO - 10.1007/978-981-97-5101-3_1
M3 - Conference contribution
AN - SCOPUS:85200506761
SN - 9789819751006
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 3
EP - 23
BT - Information Security and Privacy - 29th Australasian Conference, ACISP 2024, Proceedings
A2 - Zhu, Tianqing
A2 - Li, Yannan
PB - Springer Science and Business Media Deutschland GmbH
T2 - 29th Australasian Conference on Information Security and Privacy, ACISP 2024
Y2 - 15 July 2024 through 17 July 2024
ER -