Data sharing in the metaverse with key abuse resistance based on decentralized CP-ABE
Liang Zhang, Zhanrong Ou, Changhui Hu, Haibin Kan, Jiheng Zhang
TL;DR
The paper tackles secure, decentralized data sharing in the metaverse by integrating a multi-authority RW CP-ABE scheme with non-interactive zero-knowledge proofs and on-chain accountability. It publishes encrypted CP-ABE keys $(EK_0,EK_1)$ and $NIZK$ proofs on the blockchain, which are verified by smart contracts through $checkKey$ and $judgeAttrs$, while an incentive mechanism motivates honest participation. The approach achieves key privacy, data confidentiality, forward secrecy, and resistance to key abuse, enabled by decentralization and transparent auditing. A GameFi scenario demonstrates governance via a accountable DAO, where attributes determine access to in-game assets and ensure fair play-and-earn dynamics.
Abstract
Data sharing is ubiquitous in the metaverse, which adopts blockchain as its foundation. Blockchain is employed because it enables data transparency, achieves tamper resistance, and supports smart contracts. However, securely sharing data based on blockchain necessitates further consideration. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising primitive to provide confidentiality and fine-grained access control. Nonetheless, authority accountability and key abuse are critical issues that practical applications must address. Few studies have considered CP-ABE key confidentiality and authority accountability simultaneously. To our knowledge, we are the first to fill this gap by integrating non-interactive zero-knowledge (NIZK) proofs into CP-ABE keys and outsourcing the verification process to a smart contract. To meet the decentralization requirement, we incorporate a decentralized CP-ABE scheme into the proposed data sharing system. Additionally, we provide an implementation based on smart contract to determine whether an access control policy is satisfied by a set of CP-ABE keys. We also introduce an open incentive mechanism to encourage honest participation in data sharing. Hence, the key abuse issue is resolved through the NIZK proof and the incentive mechanism. We provide a theoretical analysis and conduct comprehensive experiments to demonstrate the feasibility and efficiency of the data sharing system. Based on the proposed accountable approach, we further illustrate an application in GameFi, where players can play to earn or contribute to an accountable DAO, fostering a thriving metaverse ecosystem.