CAKE: Sharing Slices of Confidential Data on Blockchain
Edoardo Marangone, Michele Spina, Claudio Di Ciccio, Ingo Weber
TL;DR
Public blockchains provide transparent, immutable ledgers but raise confidentiality concerns for multi-party processes. CAKE addresses this by combining CP-ABE-based encryption, IPFS for off-chain storage, and on-chain locators to enforce fine-grained access control while keeping data off the ledger. The architecture comprises a Secure Data Manager, User Directory, and Secure Key Manager, coordinating to encrypt data, manage user attributes, and issue decryption keys, with policy evaluation performed to grant access. The BRIE real-world case study demonstrates practical deployment on EVM/AVM platforms, confirming the approach's feasibility and outlining directions for future revocation, cross-platform expansion, and oracle-enabled off-chain validation.
Abstract
Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.