集群式农产品供应链区块链密文策略可验多部门监管方案

集群式农产品供应链区块链上的数据逐渐采用加密存储模式,给跨企业、跨生产环节的监管带来挑战。为了适应集群式环境下的监管、减小监管带来的隐私泄露风险,该研究基于CP-ABE提出了集群式农产品供应链区块链密文策略可验多部门监管方案。明确划分监管部门的监管权限,根据链上数据的监管策略,企业用户基于CP-ABE加密数据,在保证数据隐私的同时实现数据对相关监管者的公开;设计基于CP-ABE的密文访问树验证方案,结合智能合约与监管策略,在数据上链前验证CP-ABE的访问树,以确保数据对指定监管者的公开。基于Hyperledger Fabric构建了测试原型系统,测试结果表明,监管策略中监管者数量每增加10个,系统上链时间延长约500ms,吞吐量约为438事务数/s(transactions/s);安全性分析表明,系统具有较高的安全性。该方案实现了区块链密文条件下多部门的细粒度监管,减小了发生在监管端的隐私泄露风险,能够应对集群式农产品供应链区块链加密存储带来的监管挑战。

Multi-department supervision scheme of the verifiable blockchain ciphertext policy for cluster agricultural supply chain

Agricultural product supply chain and blockchain are closely integrated with the continuous acceleration of agricultural modernization. The clustered supply chain has gradually developed from a single supply chain in recent years. There is heat competition among peer enterprises in the clustered agricultural product supply chain blockchain. Among them, the data on the blockchain is publicly available to all participants. The private data on the chain has been adopted as an encrypted storage model, in order to protect users'' privacy. The existing single-department supervision scheme is unsuitable for the complex cluster agricultural supply chain. The multi-sector supervision can be expected to serve as a promising way in the current reality. However, multi-department supervision is still challenging to ensure the sharing of encrypted data on the chain without redundant information for irrelevant departments. It is a high demand to improve supervision efficiency and credibility. Fortunately, the ciphertext-policy attribute-based encryption (CP-ABE) can be a one-to-numerous encryption, essentially a public key encryption system. The CP-ABE can realize the sharing of data for the users with specified attributes suitable for the application environment of multi-department supervision of the blockchain in the clustered agricultural supply chain. In this research, a multi-department supervision scheme was proposed in the verifiable blockchain ciphertext policy for the cluster agricultural supply chains using CP-ABE. A chain of custody was set up outside the business chain, including the supervisors from various departments to facilitate the management of supervisors. The chain of custody managed data on the business chain through "cross-chain governance." Different supervision strategies were set for the data on the chain, according to the data type. The administrator of the supervision department was set as the department''s supervisor to supervise the specific data of the specific chain. According to the supervision strategy on the chain, the enterprise users encrypted the data using CP-ABE to realize the disclosure of data for privacy. A CP-ABE-based access tree verification scheme was designed to combine the smart contracts and supervision strategies, and then to verify the CP-ABE access tree before the data was uploaded to the chain, in order to ensure that the data was available to the designated supervisor. The direct use of CP-ABE was inefficient for data encryption. Therefore, hybrid encryption was used to encrypt and share the data. The specific implementation was to encrypt the original data with symmetric encryption and then use the CP-ABE to encrypt the symmetric encryption key. A supervision prototype system was constructed under the blockchain ciphertext of the clustered agricultural supply chain using Hyperledger Fabric. The system was tested in two aspects of function and performance. The functional test showed that the system fully met the needs of essential multi-department supervision. The performance test showed that each time the number of supervisors in the supervision strategy increased by 10, while the average on-chain time was extended by about 500 ms, and the average throughput was 438 (number of transactions/s, transactions/s). When the number of supervisors for a single data type of a single enterprise was within a reasonable range, the clustered system was adept to the multi-department supervision under the condition of the primary clustered agricultural supply chain blockchain ciphertext-application requirements. Security analysis indicated the high-security system. As such, this scheme can be expected suitable for the multi-departmental, specialized, and fine-grained supervision of data on the blockchain under data encryption. The pressure of regulators can be inspired by the development of blockchain supervision of cluster agricultural supply chains.