Biblio

Cryptocurrencies such as Bitcoin and Ethereum achieve decentralized payment by maintaining a globally distributed and append-only ledger. Recently, several researchers have sought to achieve privacy-preserving auditing, which is a crucial function for scenarios that require regulatory compliance, for decentralized payment systems. However, those proposed schemes usually cost much time for the cooperation between the auditor and the user due to leveraging complex cryptographic tools such as zero-knowledge proof. To tackle the problem, we present T-PPA, a privacy-preserving decentralized payment system, which provides customizable and efficient auditability by leveraging trusted execution environments (TEEs). T-PPA demands the auditor construct audit programs based on request and execute them in the TEE to protect the privacy of transactions. Then, identity-based encryption (IBE) is employed to construct the separation of power between the agency nodes and the auditor and to protect the privacy of transactions out of TEE. The experimental results show that T-PPA can achieve privacy-preserving audits with acceptable overhead.

At present, the ciphertext-policy attribute based encryption (CP-ABE) has been widely used in different fields of data sharing such as cross-border paperless trade, digital government and etc. However, there still exist some challenges including single point of failure, key abuse and key unaccountable issues in CP-ABE. To address these problems. We propose an accountable CP-ABE mechanism based on block chain system. First, we establish two authorization agencies MskCA and AttrVN(Attribute verify Network),where the MskCA can realize master key escrow, and the AttrVN manages and validates users' attributes. In this way, our system can avoid the single point of failure and improve the privacy of user attributes and security of keys. Moreover, in order to realize auditability of CP-ABE key parameter transfer, we introduce the did and record parameter transfer process on the block chain. Finally, we theoretically prove the security of our CP-ABE. Through comprehensive comparison, the superiority of CP-ABE is verified. At the same time, our proposed schemes have some properties such as fast decryption and so on.

SWIM (System Wide Information Management) has become the development direction of A TM (Air Traffic Management) system by providing interoperable services to promote the exchange and sharing of data among various stakeholders. The premise of data sharing is security, and the access control has become the key guarantee for the secure sharing and exchange. The CP-ABE scheme (Ciphertext Policy Attribute-Based Encryption) can realize one-to-many access control, which is suitable for the characteristics of SWIM environment. However, the combination of the existing CP-ABE access control and SWIM has following constraints. 1. The traditional single authority CP-ABE scheme requires unconditional trust in the authority center. Once the authority center is corrupted, the excessive authority of the center may lead to the complete destruction of system security. So, SWIM with a large user group and data volume requires multiple authorities CP-ABE when performing access control. 2. There is no unified management of users' data access records. Lack of supervision on user behavior make it impossible to effectively deter malicious users. 3. There are a certain proportion of lightweight data users in SWIM, such as aircraft, users with handheld devices, etc. And their computing capacity becomes the bottleneck of data sharing. Aiming at these issues above, this paper based on cloud-chain fusion basically proposes a multi-authority CP-ABE scheme, called the MOV ATM scheme, which has three advantages. 1. Based on a multi-cloud and multi-authority CP-ABE, this solution conforms to the distributed nature of SWIM; 2. This scheme provides outsourced computing and verification functions for lightweight users; 3. Based on blockchain technology, a blockchain that is maintained by all stakeholders of SWIM is designed. It takes user's access records as transactions to ensure that access records are well documented and cannot be tampered with. Compared with other schemes, this scheme adds the functions of multi-authority, outsourcing, verifiability and auditability, but do not increase the decryption cost of users.