This work is licensed under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.

1. Introduction

Since the 21st century, the Internet has given traditional industries the explosive growth of data in the Industrial Internet of Things [1, 2]. The massive amount of data generated in different fields (such as smart home, smart city, and smart manufacturing) has extremely high research value, which has aroused research interest in industry and academia. How to share data safely and efficiently, use data to provide users with better and convenient services, and improve user experience has become a widespread concern today. However, most of the data generated by IIoT is the user’s private data. In the process of data sharing, it is necessary to ensure the privacy, integrity, and validity of the data [3–5]. For example, sensitive and private data is tampered with or leaked during the sharing process. Data owners may provide irrelevant or false data to cloud service providers. Cloud service providers do not want data owners to provide information to other research institutions. Therefore, the following problems still exist in the data sharing of the Industrial Internet of Things. (1) There is lack of protection of data privacy and security in the data sharing process. (2) The data recipient cannot ensure that the data obtained is valid and relevant information. (3) Data integrity and data transaction records cannot be verified and traced during the data sharing process. Therefore, due to the above-mentioned problems, there is an urgent need for a solution to realize data sharing while protecting privacy and security.

Zero-knowledge proof is a cryptographic technology, which can make the verifier believe that a certain assertion is correct without providing any valuable information to the verifier. Zero-knowledge succinct noninteractive knowledge argumentation (zk-SNARKs) is one of the tools for generating zero-knowledge proofs. In the blockchain transaction platform, it is used in cryptocurrencies such as Zcash [6] and ZETH [7] to hide private information such as the address of the sender and receiver of the transaction and the transaction amount. In the data sharing between the cloud service provider and the data owner, zero-knowledge proof combined with smart contract technology can realize data availability verification between the two parties’ data transactions and ensure the provision of effective data information.

Blockchain is an effective method to solve verifiable and traceable transactions due to its decentralization, immutability, traceability, and executable smart contracts. Due to the characteristics of its distributed data ledger, it is widely used in multiple scenarios such as virtual currency, electronic bidding, and Industrial Internet of Things. In terms of addressing data privacy, blockchain can be combined with a variety of cryptographic methods, for example, attribute encryption [8], homomorphic encryption [9], searchable encryption, and proxy reencryption combined [10], to achieve the protection of data privacy and identity privacy on the blockchain.

In the data sharing scheme based on blockchain, some researchers have implemented data sharing schemes for individual users. However, these solutions focus on the aggregation of data and the balance between data privacy and data accessibility in the process of data sharing transactions, and data transmission between multiple entities cannot ensure user data privacy in the entire process. In response to these existing problems, this paper proposes a blockchain data privacy protection and sharing scheme based on zero-knowledge proof. It solves the problems of data privacy security, data availability and consistency, and data transaction traceability in data sharing.

The main research contributions of this paper are as follows.

(1) In multientity data sharing, a zero-knowledge proof-based blockchain data privacy protection and sharing scheme is proposed to achieve privacy protection. Use proxy reencryption technology to ensure data sharing between cloud service providers and data owners. Realize data sharing, traceability, and verifiability among multiple entities based on blockchain characteristics

2. Related Work

In a data sharing scheme based on cloud services, it relies on some encryption methods to protect data privacy. However, the data is difficult to trace and verify, and the data is easy to be stolen and tampered. Blockchain can be used to solve some of the current problems in data sharing due to its decentralization, immutability, traceability, and other characteristics. In the data sharing scheme based on blockchain [11, 12], data privacy protection combined with data encryption mainly uses encryption methods such as attribute encryption and proxy reencryption.

In the research of data sharing based on cloud services, Muthusenthil et al. [13] proposed a new secure data sharing reencryption scheme based on trusted institutions, using proxy reencryption methods to ensure data privacy and security, with better performance. However, the solution cannot guarantee user identity privacy and does not have the traceability of transactions and data. Mahakalkar and Sahare [14] proposed SAPA, a privacy protection authentication protocol based on sharing authority, which uses reencryption to realize data sharing between multiple users. The use of an access request matching mechanism realizes the user’s identity is private, but cannot guarantee the traceability of data and transactions. Wang et al. [15] proposed an identity-based data sharing audit scheme, which uses an information-hiding mechanism and a security mechanism that simplifies the signature algorithm to protect sensitive information and prevent malicious managers. However, the validity and consistency of the data cannot be guaranteed. Cheng et al. [16] proposed a reliable and efficient data sharing solution for the Industrial Internet of Things (IIoT). The scheme is based on an adaptive decentralized inadvertent transmission protocol, combined with zero-knowledge proof technology, so that the private key of the data recipient can be hidden from the data owner during the data sharing process. The traceability of data is realized, but the traceability of transactions cannot be realized.

In the research of blockchain-based data sharing solutions, Chowdhury et al. [17] proposed a notarization service framework based on blockchain-based personal data storage and sharing. This framework will ensure the authenticity of real-time shared data, and the transaction privacy is provided in the chain network. However, the complete traceability of the data is guaranteed in the process, but the privacy of the data cannot be guaranteed. Lu et al. [18] designed and implemented a blockchain-authorized secure data sharing architecture, combined with federal learning combined with privacy protection, transformed data sharing problems into machine learning problems, and maintained data privacy. However, the traceability of the transaction and the integrity of the data cannot be guaranteed. Wang et al. [19] proposed a blockchain-based security and privacy protection electronic medical record sharing protocol, which combines searchable encryption and conditional proxy reencryption to achieve data security, privacy protection, and access control. However, the validity of the data cannot be guaranteed. Sani et al. [20] proposed a high-performance, scalable blockchain that enhances the security and privacy of IIoT, using time-based zero-knowledge proof and authentication encryption to perform mutual authentication between multiple attributes. The evaluation from the three aspects of security, privacy, and performance shows that the scheme is safe, and the computational complexity and delay performance are significantly reduced. The privacy of identity and data is guaranteed, but the traceability of transactions cannot be achieved. Shen et al. [21] proposed a reliable sharing and collaboration model based on blockchain. Data owners, miners, and third parties share data through blockchain and record through smart contracts. Participants can use private clouds or public clouds to obtain and store data sharing. The identity privacy of data participants is guaranteed, but the content privacy of data cannot be guaranteed. Kouicem et al. [22] proposed a decentralized and anonymous vehicle data sharing scheme, allowing each vehicle to anonymously verify each data record without revealing the identity of the vehicle sharing this data. Each vehicle sends a certificate to the data record, which uses zero-knowledge proof (ZKP) to anonymously combine the data record and the user’s identity. Identity privacy is guaranteed, but the traceability of data transactions cannot be achieved. Manzoor et al. [23] proposed a blockchain-based IoT data sharing scheme. Use proxy reencryption to store and share Internet of Things data in a cloud proxy server, and establish smart contracts between sensors and data consumers without the involvement of a trusted third party. The privacy of the data is guaranteed, but the validity and consistency of the data cannot be guaranteed.

From the above scheme, we can see that the blockchain-based cloud data sharing scheme has achieved certain research results, and a variety of data sharing schemes have been proposed using blockchain technology and cryptographic methods. However, the consistency and availability of data in data sharing and the traceability and verifiability of data sharing transactions between multiple entities have not been effectively improved.

3. Problem Description

The solution proposed in this article combines blockchain, agent heavy intelligence, smart contracts, and zk-SNARK technology to achieve privacy protection and data security sharing among data owners, cloud service organizations, and semitrusted cloud servers. The system model of our proposal is shown in Figure 1.

[figure omitted; refer to PDF]

It includes 6 participating entities: (1) data owner, (2) cloud service organization (CSP), (3) semitrusted cloud server (semitrusted CS), (4) private key generator (PKG), (5) smart contract, and (6) blockchain (Blockchain). Their functions are described as follows.

(i) Data owner: data owners have the right to securely own and conditionally share their information and data and can obtain corresponding benefits as remuneration during the sharing process

4. Security Model

4.1. Definition

Based on the DBDH assumption, under the random oracle model, if there is a negligible function $\epsilon \kappa$ for any polynomial time adversary ${\rm A}$, such that ${\text{Adv}}_{\prod {\rm A}}^{\text{CPA}}\kappa \le \epsilon \kappa$, then the encryption algorithm $\prod$ is indistinguishable under the selected plaintext attack, which is called IND-CPA (indistinguishability-chosen plaintext attack) security.

4.2. Initialization

Challenger ${\rm B}$ runs the initialization algorithm to generate public parameters and master key $\text{PK},\text{MSK}$ and sends the public parameters $\text{PK}$ to the adversary ${\rm A}$.

Stage 1: the adversary ${\rm A}$ sends a key generation request to the challenger, and the challenger ${\rm B}$ generates a key pair ${\text{PK}}_u,{\text{SK}}_u$ and sends it to ${\rm A}$.

Challenge phase: the adversary ${\rm A}$ sends two messages of the same length, $m_0$ and $m_1$, to the challenger ${\rm B}$. The challenger ${\rm B}$ randomly selects $\sigma \in 0,1$ and sends $\text{Enc}=E_n\text{PK},{\text{PK}}_u,m_{\sigma }$ to the adversary.

Stage 2: the adversary ${\rm A}$ repeats the request phase 1.

The adversary ${\rm A}$ outputs a guess value of ${\sigma }^{\prime }\in 0,1$; if $\sigma ={\sigma }^{\prime }$, the adversary ${\rm A}$ wins the game. The advantage of the adversary ${\rm A}$ can be defined as ${\text{Adv}}_{\prod {\rm A}}^{\text{CPA}}\kappa =\mathrm{Pr}{\sigma }^{\prime }=\sigma -1/2$.

5. Blockchain Data Privacy Protection Scheme Based on ZKP

5.1. Scheme Steps

As shown in Figure 2, after each entity is registered in the blockchain, the private key generation center assigns a common private key pair to the user. The cloud service provider generates a zero-knowledge proof ${\pi }^{\prime }$ of the required data through zk-SNARK, sends the calculation results $R^{\prime }$ and hash value $h^{\prime }$ to the smart contract, and records and publishes the required keywords in the blockchain. The data owner generates an encrypted ciphertext according to the needs of the cloud service provider, sends it to the semitrusted cloud server, and records the signed hash in the blockchain. At the same time, the zero-knowledge proof $\pi$ generated by the private data, the calculation result $R$, and the hash value $h$ are sent to the smart contract for automatic comparison. After passing the zero-knowledge proof verification, the data owner is notified to use the public key ${\text{PK}}_d$ of the cloud service organization to execute the reencryption algorithm to generate the reencryption key ${\text{PK}}_{u⟶d}$ and send it to the semitrusted proxy cloud server through the public key of the cloud service provider. The semitrusted proxy cloud server executes the reencryption algorithm to convert the ciphertext $C_{{\text{PK}}_u}$ into the intermediate ciphertext $C_{{\text{PK}}_{u⟶d}}$ and then sends the intermediate ciphertext to the cloud service provider. The cloud service provider uses the private key ${\text{SK}}_d$ to execute the decryption algorithm to obtain the required private data for verification based on the information on the blockchain. After the smart contract is passed, the data sharing information transaction is submitted to the verification node, and the RBFT consensus algorithm is used to verify it and then publish it on the blockchain. The symbols used in this article are shown in Table 1.

[figure omitted; refer to PDF]

Table 1

Notations.

6. Specific Structure

The specific construction process of the scheme is divided into the following ten stages.

6.1. Join the Network Phase

Equations should be provided in a text format, rather than as an image. Microsoft Word’s equation tool is acceptable. Equations should be numbered consecutively, in round brackets, on the right-hand side of the page. They should be referred to as Equation 1, etc. in the main text.

6.2. Data Initialization Phase

First, PKG chooses to input a security parameter $\lambda$, selects prime number to generate multiplication cycles $G_1$ and $G_1$, and selects four hash function groups $H_1:{0,1}^{\ast }⟶{0,1}^k$, $H_2:{0,1}^{\ast }⟶G_1$, $H_3:G_2⟶{0,1}^k$, and $H_4:{0,1}^k\times {0,1}^l⟶{\mathbf{\mathbb{Z}}}_p^{\ast }$. Define the bilinear mapping $e:G_1\times G_2⟶G_2$. Then, PKG randomly selects $a,b,c\in {\mathbf{\mathbb{Z}}}_p^{\ast }$, and $g,h\in G_1$ are two different generators of $G_1$. Generate public parameters and master key $\text{Setup}{1}^{\lambda }⟶\text{PK},\text{MSK}$, where $\text{PK}=p,G_1,G_2,e,g,h,H_1,H_2,H_3{H}_4$, $\text{MSK}=a,b,c$.

PKG uses its identity ${\text{ID}}_{\text{u}}$ provided by the data owner to generate its public and private key pair $\text{KeyGen}\text{MSK},\text{PK},\text{I}{\text{D}}_u⟶{\text{PK}}_u,{\text{SK}}_u$, and the cloud service provider obtains the key pair in the same way. PKG randomly selects parameters $t,x,y,z\in {\mathbf{\mathbb{Z}}}_p^{\ast }$ to calculate the private key of the data owner as follows: $$\begin{array}{c}\text{(1)}& A_1=\frac{c+t}{a+b\cdot {\text{ID}}_u}{A}_2=h^t{A}_3=g^t,B_1=\frac{a+x}{a+b\cdot {\text{ID}}_u}{B}_2=\frac{b+x}{a+b\cdot {\text{ID}}_u}{B}_3=\frac{z}{a+b\cdot {\text{ID}}_u},\\ D_1=h^x{D}_2=h^y{D}_3=h^z.\end{array}$$

Among them, $A_1,A_2,A_3$ is used to recover the ciphertext, and $B_1,B_2,B_3,D_1,D_2,D_3$ is used to generate the reencryption key.

6.3. Smart Contract Release Phase

The cloud service provider uses zk-SNARKs to generate a zero-knowledge proof ${\pi }^{\prime }$ that includes some of its attribute requirements, the calculation result $R^{\prime }$, and the hash value is recorded in the smart contract and at the same time publish some keywords for data requirements. The generation process of the zero-knowledge proof will be described below from the perspective of the data owner, and the zero-knowledge proof process of the cloud service organization is similar.

6.4. Encryption Phase

After the data owner generates the private data, it will encrypt private data$D=d_1,d_2,\cdots ,d_n$ by $\text{Encrypt}\text{PK},{\text{PK}}_u,d_1,d_2,\cdots ,d_n⟶C_{{\text{PK}}_u}$, where $C_{{\text{PK}}_u}=c_{{pk}_1},c_{{pk}_2},\cdots ,c_{{pk}_n}$ is that PKG randomly selects $r,s\in {\mathbf{\mathbb{Z}}}_p^{\ast }$ to calculate the following parameters. $$\begin{array}{c}\text{(2)}& c_{{pk}_1}=D\cdot e{g,h}^{cr+s},c_{{pk}_2}=g^r,\\ c_{{pk}_3}=h^s,\\ c_{{pk}_1}=e{g,h}^{a+b\cdot {ID}_{u}r+s}.\end{array}$$

Then, the data owner uploads the ciphertext $C_{{\text{PK}}_u}$ to the semitrusted proxy cloud server for storage. We assume that the semitrusted proxy cloud server will not modify the data of the data owner without authorization, and it will perform the operations we set honestly.

6.5. Data Record On-Chain Phase

The data owner will store the hash value and digital signature of the data record on the blockchain platform, and the private data will be encrypted and stored on the proxy cloud server. The data owner will submit the hash value of his private data $D=d_1,d_2,\cdots ,d_n$ to generate the transaction form shown in Figure 3 and attach his digital signature ${\sigma }_a=\text{Authsign}{\text{SK}}_u,H{d}_1,d_2,\cdots ,d_n$ to it. When the transaction is verified by the verification node, it is recorded in the blockchain.

[figure omitted; refer to PDF]

PBFT stage:

Raft stage:

Related variables of RBFT:

(1) The RBFT consensus mechanism needs to meet the number of groups $k\ge 4$ and the number of nodes in the group $m\ge 3$

7. Specific Structure

7.1. Security Proof

The opponent ${\rm A}$ outputs a guess value ${\sigma }^{\prime }\in 0,1$; if $\sigma ={\sigma }^{\prime }$, the opponent wins the game. The advantage of the adversary ${\rm A}$ can be defined as ${\text{Adv}}_{\prod {\rm A}}^{\text{CPA}}\kappa =\mathrm{Pr}{\sigma }^{\prime }=\sigma -1/2$. The probability that the adversary ${\rm A}$ guesses the correct ${\sigma }^{\prime }$ in the PPT is $1+\epsilon /2$, and $\epsilon$ is a nonnegligible quantity. The adversary ${\rm A}$ wins the game with at least the probability of ${\epsilon }^{\prime }=1+\epsilon /2-1/2=\epsilon /2$. Therefore, the advantage of the adversary ${\rm A}$ in the game can be ignored, and this solution is IND-CPA safe.

8. Performance Analysis

8.1. Content Privacy

In this solution, all private data is encrypted by the data owner using a sufficiently secure encryption algorithm and then uploaded to the proxy cloud server. We assume that the encryption algorithm used is sufficiently secure under the security model. If the key cannot be obtained, any internal adversary or external adversary cannot obtain the ciphertext. The data owner uses the private key of the cloud service provider to generate a reencryption key, which is reencrypted by the proxy cloud server and sent to the cloud service provider. Therefore, only authorized institutions can decrypt to obtain the ciphertext, and other entities in the process cannot obtain the ciphertext information.

8.2. Identity Privacy

When each participant entity registers, the identity certificate authority in the alliance chain will strictly examine the legality of the data owner or cloud service provider’s identity and generate pseudoidentities for participants to ensure the privacy of their identities in transactions. In data sharing transactions, the real identity of the user cannot be obtained in the interaction between the participating entities and the smart contract. The cloud service provider only publishes the required keywords to achieve partial privacy protection and prevent the data owner from forging false data.

8.3. Data Validity

In this solution, only organizations authorized by the data owner can decrypt private data. The data owner generates a zero-knowledge proof $\pi$ based on the private data. After submitting it to the smart contract, it can automatically verify whether the data meets the data requirements of the cloud service provider. Ensure the validity of the data.

8.4. Verifiability

The data owner sends the digital signature together with the generated zero-knowledge proof, and other entities can verify the validity of the signature, ensuring the validity of the zero-knowledge proof. The hash of the data is stored on the blockchain. The characteristics of the blockchain ensure that the data cannot be tampered with, and other entities receiving the data can verify the integrity of the data.

8.5. Traceability

In this solution, when the data owner and the cloud service provider reach a transaction on the premise that the data is complete and valid, the transaction is stored in the blockchain. If the data owner fails to abide by the promise of no longer selling information to others and sells the information multiple times, the transaction history can be traced back in the blockchain to impose punishment.

9. Performance Analysis

Through comparative analysis of existing data sharing schemes, literature [20] uses time-based zero-knowledge proof and authentication encryption to perform mutual authentication between multiple attributes, ensuring security and privacy in data sharing. Literature [16] combined with zero-knowledge proof technology to achieve confidentiality and correctness in the data sharing process. Literature [21] realizes the reliability of data in data sharing among participants through an incentive mechanism, but the shared data is neither anonymous nor encrypted. Literature [22] realizes the sharing of vehicle data, but when there is an error in the data transaction, the traceability of the data source cannot be realized. Literature [23] uses proxy reencryption based on blockchain to store and share Internet of Things data in a cloud proxy server to achieve confidentiality and integrity in the data sharing process, but it cannot guarantee the validity and consistency of the data.

This article realizes the validity and consistency of the data sharing process under the premise of protecting data privacy and the privacy of the data owner’s identity. Utilize the immutability and traceability of the blockchain to realize data integrity and traceability of data transactions. The comparison between this article and other programs is shown in Table 2.

Table 2

Performance comparison between this article and other solutions.

10. Conclusions

Blockchain combined with zero-knowledge proof provides a new solution to the data sharing model. A large amount of data in the Industrial Internet of Things is the basis for promoting better development of services. How to maintain data privacy as much as possible on the premise of effective use of data is an important issue facing now. In response to these problems, this article combines zero-knowledge proof and smart contracts to achieve data validity and consistency between data owners and cloud service providers. Use proxy reencryption technology to realize the safe sharing of data among multiple participants. And combined with the nontamperable and traceable characteristics of the blockchain, the data can be verified and the transaction can be traced. Future work will study the realization of the secure sharing of data without a third-party server and the realization of a completely decentralized data sharing scheme.

Acknowledgments

This work is supported by the National Natural Science Foundation of China (Grant Nos. 62162039 and 61762060) and the Foundation for the Key Research and Development Program of Gansu Province, China (Grant No. 20YF3GA016).