Making MA-ABE fully accountable: A blockchain-based approach for secure digital right management

With the rapid development of the digital world, digital rights management (DRM) becomes increasingly important. Multi-Authority Attribute Based Encryption (MA-ABE) schemes provide suitable solutions for flexible fine-grained access control in DRM. However, there are two accountable problems unsolved when applying existing ABE schemes to DRM directly: illegal authorization and key disclosure. Illegal authorization means that some attribute authorities might collude with users and issue attribute keys to unauthorized users illegally. Key disclosure denotes that some users might maliciously expose their attribute keys to the public. Both the above problems could lead to unauthorized users accessing digital content, which is extremely harmful to DRM. To solve these problems, we design a novel MA-ABE scheme based on blockchain. Our scheme ensures that a relevant user could obtain the final decryption attribute key only after all attribute authorities have issued their keys to the blockchain publicly. If a malicious attribute authority issues attribute keys to inappropriate users, the auditor defined in our scheme would detect the malicious behavior. Meanwhile, once some users publish their decryption keys to the public, the auditor is able to transparently trace such users utilizing an incentive mechanism. In addition, we design and implement two smart contracts on Ethereum, called RecordContract and TraceContract, which are used to record users’ encrypted attribute keys and encourage participants to trace the owner of disclosed decryption attribute key, respectively. Finally, the security proof and efficiency simulation show that the proposed scheme can be securely and efficiently applied to DRM.