Shengmin Xu,Jianting Ning,Jinhua Ma,Guowen Xu,Jiaming Yuan,Robert H. Deng

DOI: https://doi.org/10.1007/978-3-030-88418-5_16

2021-01-01

Abstract:Policy-based chameleon hash (PCH) is a cryptographic building block which finds increasing practical applications. Given a message and an access policy, for any chameleon hash generated by a PCH scheme, a chameleon trapdoor holder whose rewriting privileges satisfy the access policy can amend the underlying message without affecting the hash value. In practice, it is necessary to revoke the rewriting privileges of a trapdoor holder due to various reasons, such as change of positions, compromise of credentials, or malicious behaviours. In this paper, we introduce the notion of revocable PCH (RPCH) and formally define its security. We instantiate a concrete RPCH construction by putting forward a practical revocable attribute-based encryption (RABE) scheme which is adaptively secure under a standard assumption on prime-order pairing groups. As application examples, we show how to effectively integrate RPCH into mutable blockchain and sanitizable signature for revoking the rewriting privileges of any chameleon trapdoor holders. We implement our RPCH scheme and evaluate its performance to demonstrate its efficiency.

Jinhua Ma,Shengmin Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/TIFS.2022.3156808

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Immutability has been widely accepted as a fundamental property protecting the security of blockchain technology. However, this property impedes the development of blockchain because of the abuse of blockchain storage and legal obligations. To mitigate this issue, a novel construction of blockchain, called redactable blockchain, was introduced. It enables a central authority to issue the rewriting privilege to a particular party who can rewrite a registered object, e.g., a block or a transaction, in a controlled way. Unfortunately, the central authority must be fully trusted and is an obvious target suffering from various attacks. In this paper, we introduce a redactable blockchain controlled at a fine-grained level in a decentralized setting. In our solution, the rewriting privilege is issued by multiple authorities for reducing the vulnerability of the centralized setting. To formalize our solution, we introduce a novel cryptographic notion, called decentralized policy-based chameleon hash (DPCH), with the formal definition and security model. By applying several simple cryptographic tools, such as chameleon hash, digital signature, and multi-authority attribute-based encryption, we present the generic construction of DPCH along with rigorous security proofs. By applying RSA-based chameleon hash and BLS short signature, we give a practical instantiation of DPCH with performance evaluation. The comprehensive evaluation shows that our solution has superior performance than the state-of-the-art solution.

Yiming Li,Shengli Liu

DOI: https://doi.org/10.1007/978-3-031-57725-3_10

2024-01-01

Abstract:Chameleon hash (CH) is a trapdoor hash function. Generally it is hard to find collisions, but with the help of a trapdoor, finding collisions becomes easy. CH plays an important role in converting a conventional blockchain to a redactable one. However, most of existing CH schemes are too weak to support redactable blockchains. The currently known CH schemes serving for redactable blockchains have the best security of so-called “full collision resistance ( f-CR )”, but they are built either in the random oracle model or rely on heavy tools like the simulation-sound extractable non-interactive zero-knowledge (SSE-NIZK) proof system. Moreover, up to now there is no CH scheme with post-quantum f-CR security in the standard model. Therefore, no CH can support redactable blockchains in a post-quantum way without relying on random oracles. In this paper, we introduce a variant of CH, namely tagged chameleon hash (tCH). Tagged chameleon hash takes a tag into hash evaluations and collision finding algorithms. We define two security notions for tCH, restricted collision resistance ( r-CR ) and full collision resistance ( f-CR ), and prove the equivalence between r-CR and f-CR when tCH works in the one-time tag mode. We propose a tCH scheme from lattices without using any NIZK proof, and prove that its restricted collision resistance is reduced to the Short Integer Solution (SIS) assumption in the standard model. We also show how to apply tCH to a blockchain in one-time tag mode so that the blockchain can be compiled to a redactable one. Our tCH scheme provides the first post-quantum solution for redactable blockchains, without resorting to random oracles or NIZK proofs. Besides, we also construct a more efficient tCH scheme with r-CR tightly reduced to SIS in the random oracle model, which may be of independent interest.

Jianhao Li,Hui Ma,Jiabei Wang,Zishuai Song,Wenhan Xu,Rui Zhang

DOI: https://doi.org/10.1109/tifs.2023.3245406

IF: 7.231

2023-03-08

IEEE Transactions on Information Forensics and Security

Abstract:The immutability of blockchains is critical for cryptocurrencies, but an imperative need arises for the redaction of on-chain data due to privacy-protecting laws like GPDR. Recently, Ateniese et al. (EuroS&P 2017) proposed an elegant solution to this problem based on chameleon hash functions, followed by many subsequent works. While these works offered a solution to the permissioned blockchain, the approaches were not efficient enough for the permissionless setting, in terms of either security (which may cause inconsistent historical transactions) or performance (only up to a few hundred nodes). In this paper, we investigate this problem and present Wolverine, a redactable permissionless blockchain. First, we present a formal redactable blockchain model, carefully considering transaction consistency. Next, towards a practical scheme, we introduce the novel concept of non-interactive chameleon hash (NITCH). NITCHs dynamically distribute a trapdoor key among a group and each party in the group can compute its partial share without communicating with others. Anyone who possesses enough shares can then find a valid hash collision. To prevent the static group from being compromised after a sufficiently long time, we provide a generic transform from NITCHs to decentralized random beacons (DRBs) and design a committee evolution protocol based on DRBs that refresh the group after every fixed interval of time. Based on NITCH and the committee evolution protocol, we construct Wolverine which offers important features such as scalability, transaction consistency, and public accountability. Finally, we demonstrate the practicality of Wolverine by giving a proof-of-concept implementation based on Bitcoin in Golang.

computer science, theory & methods,engineering, electrical & electronic

Junke Duan,Wei Wang,Licheng Wang,Lize Gu

DOI: https://doi.org/10.1109/tifs.2024.3436925

IF: 7.231

2024-08-20

IEEE Transactions on Information Forensics and Security

Abstract:Immutability is widely recognized as one of the blockchain's key security attributes. However, in recent years, incidents involving the use of blockchain for disseminating illegal or malicious information have raised concerns over its strict immutability. To address these issues, redactable blockchains are proposed as a novel solution, permitting authorized content redactions without compromising the structural integrity of the blockchain. Unfortunately, current solutions are unable to restrict the abuse of redaction privilege, except for relying on a trusted authority or committee, which contradicts the trustlessness principle of blockchain. In this paper, we propose a controlled redactable blockchain protocol that allows for a limited number of redactions and supports a transparent setup. The cryptographic tools enabling this functionality are our proposed t-times chameleon hash (t-CH) and signature (t-CS) schemes, where generating more than t collisions will expose the trapdoor. We present security models, discrete logarithm-based instantiations, and formal security proofs for both t-CH and t-CS. Subsequently, we present the construction of our redaction protocol in both permissioned and permissionless settings. Finally, we experimentally demonstrate the effectiveness of the proposed protocol in practice.

computer science, theory & methods,engineering, electrical & electronic

Meng Jia,Jing Chen,Kun He,Ruiying Du,Li Zheng,Mingxi Lai,Donghui Wang,Fei Liu

DOI: https://doi.org/10.1109/tifs.2022.3192716

IF: 7.231

2022-08-09

IEEE Transactions on Information Forensics and Security

Abstract:Blockchain is a technology with decentralization and immutability features and has been employed for auditing by many applications. However, immutability sometimes limits the application of blockchain technology. For example, vulnerable smart contracts on blockchain cannot be redacted due to immutability. The existing redactable blockchain solutions either have a low efficiency or violate the decentralization feature. Moreover, those solutions lack mechanisms for tracing redaction history and checking block consistency. In this paper, we present an efficient redactable blockchain with traceability in the decentralized setting. Specifically, we propose a decentralized chameleon hash function for redactable blockchain that every redaction must be approved by multiple blockchain nodes. We also design a redactable blockchain structure that maintains all redactions of a block and encodes the redacted blocks into an RSA accumulator. Then, we propose an efficient block consistency check protocol based on the RSA accumulator. Finally, we conduct experiments and compare our scheme with another decentralized redactable blockchain to demonstrate that our solution is efficient in practice.

computer science, theory & methods,engineering, electrical & electronic

Yanxue Jia,Shi-Feng Sun,Yi Zhang,Zhiqiang Liu,Dawu Gu

DOI: https://doi.org/10.1145/3433210.3453091

2021-01-01

Abstract:The immutability of blockchain is crucial to the security of many blockchain applications, while it is still desired or even legally obliged to allow for redacting the contents of blockchain for some scenarios. In this work, we revisit the conflict between the immutability and redaction of blockchain, and put forward a new fine-grained redactable blockchain with a semi-trusted regulator, who follows our protocol but has a tendency to abuse his power. To the best of our knowledge, it is the first blockchain that not only supports the supervision of blockchain content, but also allows users themselves to manage their own data. To this end, we introduce a new variant of chameleon-hash function, named stateful Chameleon Hash with Revocable Subkey, which is important for building our redactable blockchain and may be of independent interest. We also propose a black-box construction from standard chameleon-hash functions, and prove its security properties under our proposed security notions. At last, we provide a proof-of-concept implementation. The evaluation results demonstrate that our redactable blockchain is practical and can be adopted with small additional overhead compared to the immutable blockchain.

Ke Huang,Xiaosong Zhang,Yi Mu,Fatemeh Rezaeibagha,Xiaojiang Du

DOI: https://doi.org/10.1016/j.ins.2020.07.016

IF: 8.1

2021-02-01

Information Sciences

Abstract:Internet-of-Things (IoT) envisions communications between heterogeneous devices and utilization of the associated data for smart decision making. Blockchain bridges the gap between widely-distributed IoT devices and the need for a universal trust-layer. When applying blockchain for IoT, some concerns can arise. Among them, scalability is a crucial factor because it decides whether blockchain can keep empowering IoT in the long term . According to a recent survey by Ali et al., some newly launched blockchains are suffering from powerful attacks (e.g. 51% attack) when the computing pool is small, and the number of participated nodes is inadequate (USENIX 2016). To ensure the scalability of initially-deployed blockchains, a proper countermeasure is important to be devised. Ateniese et al. proposed the notion of the redactable blockchain (EuroS&P 2017) which allows block history to be rewritten by using chameleon hash. However, the distribution and management of trapdoor key is crucial for the scalability of chameleon hash as well as redactable blockchain. To deal with the above problems, we propose two cryptographic schemes as the new theoretic tools for blockchain redaction: time updatable chameleon hash (TUCH) and linkable-and-redactable ring signature (LRRS). The use of TUCH and LRRS schemes enables redaction to take place scalably and anonymously where the spontaneous ring is generated for redaction, which costs little expenditures to rewrite a block content. Specifically, the redaction will be processed without assigning and splitting trapdoor key among multiple users in a complex way, and achieve transaction anonymity for users . What is more, we briefly instantiate how to build a redactable blockchain with update and anonymity (SRB) with our proposed TUCH and LRRS. While security analysis confirms that our proposals are theoretically secure, the experimental results show that our proposals are efficient for implementation purposes.

computer science, information systems

Xiangyu Liu,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-55304-3_36

2022-01-01

Abstract:We define the security notion of strong collision resistance for chameleon hash functions in the multi-user setting (S-MU-CR security). We also present three specific constructions $$\mathsf {CHF}_{dl}$$ , $$\mathsf {CHF}_{rsa}$$ and $$\mathsf {CHF}_{fac}$$ of chameleon hash functions, and prove their tight S-MU-CR security based on the discrete logarithm, RSA and factoring assumptions, respectively. In applications, we show that tightly S-MU-CR secure chameleon hash functions can lift a signature scheme from (weak) unforgeability to strong unforgeability with a tight security reduction in the multi-user setting.

Shams Mhmood Abd Ali,Mohd Najwadi Yusoff,Hasan Falah Hasan

DOI: https://doi.org/10.3390/fi15010035

2023-01-13

Future Internet

Abstract:The continuous advancements of blockchain applications impose constant improvements on their technical features. Particularly immutability, a highly secure blockchain attribute forbidding unauthorized or illicit data editing or deletion, which functions as crucial blockchain security. Nonetheless, the security function is currently being challenged due to improper data stored, such as child pornography, copyright violation, and lately the enaction of the "Right to be Forgotten (RtbF)" principle disseminated by the General Data Protection Regulation (GDPR), where it requires blockchain data to be redacted to suit current applications' urgent demands, and even compliance with the regulation is a challenge and an unfeasible practice for various blockchain technology providers owing to the immutability characteristic. To overcome this challenge, mutable blockchain is highly demanded to solve previously mentioned issues, where controlled and supervised amendments to certain content within constrained privileges granted are suggested by several researchers through numerous blockchain redaction mechanisms using chameleon and non-chameleon hashing function approaches, and methods were proposed to achieve reasonable policies while ensuring high blockchain security levels. Accordingly, the current study seeks to thoroughly define redaction implementation challenges and security properties criteria. The analysis performed has mapped these criteria with chameleon-based research methodologies, technical approaches, and the latest cryptographic techniques implemented to resolve the challenge posed by the policy in which comparisons paved current open issues, leading to shaping future research directions in the scoped field.

Xiaofeng Chen,Ying Gao

DOI: https://doi.org/10.48550/arXiv.2205.07054

2022-05-14

Abstract:Redactable blockchains allow modifiers or voting committees with modification privileges to edit the data on the chain. Trapdoor holders in chameleon-based hash redactable blockchains can quickly compute hash collisions for arbitrary data, and without breaking the link of the hash-chain. However, chameleon-based hash redactable blockchain schemes have difficulty solving the problem of multi-level editing requests and competing for modification privileges. In this paper, we propose CDEdit, a highly applicable redactable blockchain with controllable editing privilege and diversified editing types. The proposed scheme increases the cost of invalid or malicious requests by paying the deposit on each edit request. At the same time, the editing privilege is subdivided into request, modification, and verification privileges, and the modification privilege token is distributed efficiently to prevent the abuse of the modification privilege and collusion attacks. We use chameleon hashes with ephemeral trapdoor (CHET) and ciphertext policy attribute-based encryption (CP-ABE) to implement two editing types of transaction-level and block-level, and present a practical instantiation and security analysis. Finally, the implementation and evaluation show that our scheme only costs low-performance overhead and is suitable for multi-level editing requests and modification privilege competition scenarios.

Cryptography and Security

Hongchen Guo,Xiaolong Tao,Mingyang Zhao,Tong Wu,Chuan Zhang,Jingfeng Xue,Liehuang Zhu

DOI: https://doi.org/10.3390/s23167105

IF: 3.9

2023-01-01

Sensors

Abstract:Currently, decentralized redactable blockchains have been widely applied in IoT systems for secure and controllable data management. Unfortunately, existing works ignore policy privacy (i.e., the content of users’ redaction policies), causing severe privacy leakage threats to users since users’ policies usually contain large amounts of private information (e.g., health conditions and geographical locations) and limiting the applications in IoT systems. To bridge this research gap, we propose PFRB, a policy-hidden fine-grained redactable blockchain in decentralized blockchain-based IoT systems. PFRB follows the decentralized settings and fine-grained chameleon hash-based redaction in existing redactable blockchains. In addition, PFRB hides users’ policies during policy matching such that apart from successful policy matching, users’ policy contents cannot be inferred and valid redactions cannot be executed. Some main technical challenges include determining how to hide policy contents and support policy matching. Inspired by Newton’s interpolation formula-based secret sharing, PFRB converts policy contents into polynomial parameters and utilizes multi-authority attribute-based encryption to further hide these parameters. Theoretical analysis proves the correctness and security against the chosen-plaintext attack. Extensive experiments on the FISCO blockchain platform and IoT devices show that PFRB achieves competitive efficiency over current redactable blockchains.

Ke Huang,Xiaosong Zhang,Yi Mu,Xiaofen Wang,Guomin Yang,Xiaojiang Du,Fatemeh Rezaeibagha,Qi Xia,Mohsen Guizani

DOI: https://doi.org/10.1109/tii.2019.2901011

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:Applying consortium blockchain as a trust layer for heterogeneous industrial Internet-of-Things devices is cost-effective. However, with an increase in computing power, some powerful attacks (e.g., the 51% attack) are inevitable and will cause severe consequences. Recent studies also confirm that anonymity and immutability of blockchain have been abused to facilitate black market trades, etc. To operate controllable blockchain for IIoT devices, it is necessary to rewrite blockchain history back to a normal state once the chain is breached. Ateniese et al. proposed redactable blockchain by using chameleon hash (CH) to replace traditional hash function, it allows blockchain history to be written when needed (EuroS&P 2017). However, we cannot apply this idea directly to IIoT without solving the following problems: (1) achieve a decentralized design of CH; (2) update the signatures accordingly to authenticate the redacted contents; (3) satisfy the low-computing need of the individual IIoT device. In this paper, we overcome the above issues by proposing the first threshold chameleon hash (TCH) and accountable-and-sanitizable chameleon signature (ASCS) schemes. Based on them, we build a redactable consortium blockchain which is efficient for IIoT devices to operate. It allows a group of authorized sensors to write and rewrite blockchain without causing any hard forks. Basically, TCH is the first TCH and ASCS is a public-key signature supporting file-level and block-level modifications of signatures without impairing authentications. Additionally, ASCS achieves accountability to avoid abuse of redaction. While security analysis validates our proposals, the simulation results show that redaction is acceptably efficient if it is executed at a small scale or if we adopt a coarse-grained redaction while sacrificing some securities.

Weiqi Dai,Jinkai Liu,Yang Zhou,Kim-Kwang Raymond Choo,Xia Xie,Deqing Zou,Hai Jin

DOI: https://doi.org/10.1109/tifs.2024.3349855

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:While blockchain is known to support open and transparent data exchange, partly due to its nontamperability property, it can also be (ab)used to facilitate the spreading of fake and misleading information or information that was subsequently discredited. Hence, this paper proposes a practical, redactable blockchain framework with a public trapdoor (hereafter referred to as PRBFPT). PRBFPT comprises an editing scheme for adding blocks using a new type of blockchain with a chameleon hash. Specifically, PRBFPT is able to involve all nodes in the blockchain in the editing operations by means of a public trapdoor, without requiring additional trapdoor management by predefined nodes or organizations. PRBFPT is also designed to audit and record the content of each editing operation. In other words, after editing and deleting the original data, PRBFPT can still verify its legitimacy. We also propose a contract-based locked voting scheme to better support voting. We then evaluate the prototype implementation of PRBFPT, whose findings show that the total time consumption of adding modules is at the millisecond level, with a negligible impact on the performance of the original system. In addition, the evaluation findings show that the cost of initiating the special transactions is comparable to the consumption of normal Ethereum transactions and is within a manageable range.

computer science, theory & methods,engineering, electrical & electronic

Shengmin Xu,Jianting Ning,Jinhua Ma,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tifs.2021.3107146

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:As an immutable append-only distributed ledger, blockchain allows a group of participants to reach a consensus in an untrustworthy ecosystem. Immutability is a blockchain feature that persists data forever, but it is no longer legal in reality. Blockchain has unchangeable improper contents that violate laws. Moreover, data regulation toward “the right to be forgotten” requires blockchain must be modifiable. To address this problem, redactable blockchain has been introduced to relax immutability in a controlled way. However, once a participant is authorized, she/he can rewrite any content and no penalty for the malicious behavior that hinders the wide deployment of redactable blockchain in practice. In this paper, we introduce a new notion, dubbed k-time modifiable and epoch-based redactable blockchain (KERB) with a monetary penalty to control rewriting privileges and penalize malicious behaviors. Our solution is built up from simple building blocks: digital signatures and chameleon hashes. We give a formal definition and security models of KERB, and present a generic construction along with formal proofs. The extensive comparison and experimental analysis illustrate that our solution enjoys superior functionalities and performances than the state-of-the-art solutions.

Zhuo Xu,Xinyi Luo,Kaiping Xue,David Wei,Ruidong Li

DOI: https://doi.org/10.1109/icdcs57875.2023.00090

2023-01-01

Abstract:The immutability of blockchains is an important security feature, but applications and studies have shown that it poses some problems. For instance, harmful information and vulnerable programs can be permanently stored on public blockchains such as Bitcoin and Ethereum, causing continuous damage. Therefore, researchers proposed the redactable blockchain to delete or modify those harmful data. Existing schemes usually adopt the Chameleon hash function (CHF) to keep the block hash unchanged so that other blocks remain unaffected. However, these schemes suffer from two security problems: (i) (unknown-version) users cannot determine whether a received block is the up-to-date version because different versions have the same hash; and (ii) (lazy-redaction) miners have no motivations to update historical blocks, causing continuous spreading of data which should have been discarded. To solve the problems, we propose SEREDACT, a secure and efficient redactable blockchain protocol with verifiable modification. Specifically, we design a Merkle tree-based verification mechanism with efficient dynamic updating that supports quick version checks and forcible modification updates, and further integrate it with restricted redaction policies to guarantee security. Our security and performance analyses show that SEREDACT has adequate security as a redactable blockchain protocol and retains close efficiency compared with the immutable blockchain.

Haiping Si,Weixia Li,Nan Su,Tingting Li,Yanling Li,Chuanhu Zhang,Bacao Fernando,Changxia Sun

DOI: https://doi.org/10.1016/j.comcom.2024.05.012

IF: 5.047

2024-05-20

Computer Communications

Abstract:With the continuous maturation of blockchain technology and the increasing demands for various industry applications, data sharing and interoperability among different blockchain networks face significant challenges. Research on cross-chain interoperability mechanisms has facilitated data collaboration across organizations and industries, enhancing the value and utility of data. When engaging in cross-chain data interactions, access control ensures the security and privacy of data while promoting collaboration and information exchange among multiple chains. Attribute-based access control can provide fine-grained authorization support, matching complex business scenarios. However, publicly disclosed policies and attributes in a transparent blockchain network may pose privacy and security issues. To address these issues, this paper proposes a cross-heterogeneous multichain data access control scheme based on attributes and threshold homomorphic encryption, achieving fine-grained and secure cross-domain access control in cross-chain networks. This scheme uses the threshold Paillier cryptosystem to encrypt and conceal user attributes and access policies. Through smart contracts, homomorphic differential computation is performed on the ciphertext of policies and attributes, to protect data privacy. This solution leverages private key decryption shares from multiple relay nodes in the cross-chain network to jointly decrypt the computation results, providing secure access control in complex cross-chain scenarios. Security analysis and experimental results demonstrate that the proposed scheme ensures security with reasonable computational overhead, to meet the access control requirements in cross-chain networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chao Yuan,Mi-xue Xu,Xueming Si,Bin Li

DOI: https://doi.org/10.1109/ICPADS.2017.00111

2017-01-01

Abstract:As a recently proposed public key primitive, attribute-base encryption(ABE) divided into Ciphertext-policy ABE (CP-ABE) and Key-policy ABE (KP-ABE) is a highly promising tool for the management and protection of data. And Blockchain, as one of the core technologies of Bitcoin that is the most representative cryptocurrency, has received extensive attentions recently. Supervision and privacy protection are two difficulties in blockchain. In this paper, a new scheme combining blockchain and accountable CP-ABE is proposed. In this scheme, each change of the data is recorded on the blockchain. And the different permissions of access are realized through ABE. If a malicious user shares a decryption key illegally, it will be considered illegal. Similarly, if the authority generates a decryption key for any unauthorized user, it also will be considered illegal. This scheme allows any third party to publicly verify the identity of a decryption key. And it is achievable for an auditor to publicly audit whether a malicious user or the authority should be responsible for an exposed decryption key, and the key abuser cannot deny it. At last this scheme is applied to the management of electronic documents.

Shengmin Xu,Jianting Ning,Xiaoguo Li,Jiaming Yuan,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2024.3356595

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Blockchain as an open and immutable ledger is being posited as the next frontier in healthcare that will help solve the industry's interoperability challenges. However, immutability in processing personal data is no longer legal since the General Data Protection Regulation (GDPR) requires the “right to be forgotten” as a critical data subject right. To observe such data regulation, it is desirable to build a healthcare blockchain with data redaction in a controlled way. Moreover, electronic health records (EHRs) usually are sensitive and the conventional blockchain lacks systematic and formal security analysis of data confidentiality, especially in the multi-user setting. Furthermore, EHRs are typically helpful in medical research for predicting epidemic diseases and valuable in insurance agencies making business plans. Hence, in healthcare blockchain systems, data confidentiality and flexible key distribution have become the most challenging issues that should be urgently resolved. In this article, we propose a privacy-preserving and redactable healthcare blockchain system (PRHBS). Our solution offers fine-grained block-level data reduction and secure data sharing with flexible key distribution mechanisms. We give the formal definition and security models of PRHBS, and propose a generic construction based on trapdoor-based chameleon-hash function, attribute-based encryption, and puncturable encryption. We present formal security analysis and give an instantiation based on our proposed generic construction. The comprehensive comparison and experimental simulation demonstrate that our implementation exhibits comparable performance, while surpassing the most relevant solutions in terms of functionality.

computer science, information systems, software engineering

Feng Bao,Robert H. Deng,Xuhua Ding,Junzuo Lai,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-21554-4_12

2011-01-01

Abstract:At ACNS 2008, Canard et al. introduced the notion of trapdoor sanitizable signature (TSS) based on identity-based chameleon hash (IBCH). Trapdoor sanitizable signatures allow the signer of a message to delegate, at any time, the power of sanitization to possibly several entities who can modify predetermined parts of the message and generate a new signature on the sanitized message without interacting with the original signer. In this paper, we introduce the notion of hierarchical identity-based chameleon hash (HIBCH), which is a hierarchical extension of IBCH. We show that HIBCH can be used to construct other cryptographic primitives, including hierarchical trapdoor sanitizable signature (HTSS) and key-exposure free IBCH. HTSS allows an entity who has the sanitization power for a given signed message, to further delegate its power to its descendants in a controlled manner. Finally, we propose a concrete construction of HIBCH and show that it is t-threshold collusion-resistant.