A Sanitizable and Bilateral Access Control Scheme Based on Blockchain

Driven by information technology, data trading promotes cross-industry collaboration and uncovers value by integrating multi-source data, yet it requires encryption and access controls to address increasing data security challenges. Existing schemes largely rely on attribute-based unilateral access control to protect data, facing challenges such as data source authenticity and requester autonomy. Bilateral access control requires data providers and requesters to define access policies, allowing decryption only when both policies match, often facilitated by cryptographic primitives such as matchmaking encryption (ME). However, the current bilateral schemes still face challenges of sensitive data leakage, unauthorized data access, and single points of failure. To date, no existing scheme has addressed these issues simultaneously. In this paper, we propose a blockchain-based, sanitizable and bilateral access control scheme with privacy-preserving (SBAC-PP) for data trading. Specifically, by extending ME via hash functions and policy-hidden identifiers to achieve a bilateral access control with privacy-preserving. Secondly, by combining access control encryption (ACE), we design a ciphertext sanitization mechanism to prevent unauthorized data access. Furthermore, by integrating SBAC-PP with blockchain (BC) and the interplanetary file system (IPFS), we use smart contracts for trusted matching and pre-decryption, and store encrypted data in IPFS, thereby achieving decentralized data management to avoid single points of failure. Finally, we analyze the security of SBAC-PP and evaluate its performance to demonstrate its efficiency and practicality.