基于区块链的动态权限管理与隐私保护方案OA
Blockchain-based scheme for dynamic permission management and privacy protection
针对供应链协同环境中存在的权限撤销延迟、访问策略泄露以及重加密开销高等问题,提出一种基于区块链的动态权限管理与隐私保护方案.该方案构建了由对称加密、属性基加密和可信执行环境组成的三级安全防护架构,结合多跳代理重加密实现策略的动态更新与历史数据的前向安全;设计了基于物联网事件驱动的智能合约协同机制,实现权限策略的自动触发与链上链下状态的同步;将Groth16零知识证明系统与可信执行环境融合,形成链下隐私证明、链上策略审计与硬件受控解密的闭环验证体系.实验结果表明,该方案在策略更新延迟及解密响应时间等关键指标方面均优于现有代表性方案,能够有效支持智能仓储、跨境物流等场景下的细粒度、可验证和轻量化数据共享需求.
This paper proposed a blockchain-based scheme to address issues such as delayed permission revocation,policy leakage,and high proxy re-encryption overhead in supply chain collaboration environments.The scheme constructed a three-layer security architecture integrating symmetric encryption,attribute-based encryption,and a trusted execution environment(TEE).It incorporated multi-hop proxy re-encryption to enable dynamic policy updates and forward security for historical da-ta.It designed an IoT event-driven smart contract coordination mechanism to trigger policies automatically and synchronize on-chain and off-chain states.It integrated the Groth16 zero-knowledge proof system with the TEE to form a closed-loop verifica-tion system comprising off-chain privacy proofs,on-chain policy auditing,and hardware-controlled decryption.Experimental results demonstrate that the proposed scheme outperforms existing approaches in key metrics such as policy-update latency and decryption response time,effectively supporting fine-grained,verifiable,and lightweight data sharing in scenarios including smart warehousing and cross-border logistics.
李先秋;彭长根;谭伟杰
贵州大学 计算机科学与技术学院,贵阳 550025贵州大学 计算机科学与技术学院,贵阳 550025||贵州大学 省部共建公共大数据国家重点实验室,贵阳 550025贵州大学 计算机科学与技术学院,贵阳 550025||贵州大学 省部共建公共大数据国家重点实验室,贵阳 550025
信息技术与安全科学
区块链属性基加密代理重加密零知识证明动态权限控制
blockchainattribute-based encryptionproxy re-encryptionzero-knowledge proofdynamic access control
《计算机应用研究》 2026 (4)
995-1004,10
贵州省科技计划资助项目([2023]434)
评论