An Authorized Scheme Service Privately Shared Data

In the modern digital landscape, the secure sharing of data across distributed systems remains a critical challenge. This paper proposes a blockchain-based architecture that leverages publicly verifiable proxy re-encryption to enable secure and controlled data sharing between users without exposing the underlying plaintext to unauthorized entities or intermediaries. The system is divided into three primary modules, each hosted on a separate server, to enhance security, scalability, and modularity. Server 1 is responsible for storing encrypted data and generating the corresponding private keys. It also performs the initial encryption and re-encryption processes to prepare data for secure sharing. Server 2 manages user file requests, verifies user permissions, and facilitates key distribution. Upon receiving a request, Server 2 checks whether the user has the right to access the file and provides the required key if the request is approved. Server 3 plays a crucial role in user registration, login, and access management. It supports multiple user requests, ensuring that each user’s identity and access rights are properly handled. The second part of the system focuses on user-level interactions. Users must register and log into the system before they can upload data, search for existing data, or request access to encrypted files. Once registered, users can view the encryption keys associated with their data and request re-encryption keys for sharing information securely with other users. At the core of this architecture lies the publicly verifiable proxy re-encryption scheme. This cryptographic approach includes several key algorithms: key generation (KeyGen), encryption (Enc), re-encryption key generation (RkGen), re-encryption (ReEnc), verification of re-encrypted ciphertext (VerRe), and decryption (Dec). The KeyGen algorithm generates public-private key pairs for each user. With Enc, data is encrypted using the public key, and RkGen allows the data owner to produce a re-encryption key that permits a proxy to convert the ciphertext for another authorized user without revealing the plaintext. The ReEnc function transforms the ciphertext using this re-encryption key, while VerRe ensures that the transformation was correctly performed. Finally, Dec allows the intended recipient to decrypt the data using their private key. This framework ensures that only authorized users can access sensitive data, and the re-encryption process does not compromise confidentiality. Moreover, by distributing roles across three servers and employing blockchain for record-keeping and trust verification, the system achieves a high degree of transparency, traceability, and tamper-resistance. Proxy re-encryption plays a pivotal role in enabling dynamic and secure data sharing.