Scheme security analysis
Data privacy security
As shown in Fig. 5, different access control structures have a greater impact on the data encryption rate. Among them, the speed of data file encryption and decryption is associated with the access control structure. The more complex the access control structure, the slower the encryption and decryption rate. On the contrary, the simpler the structure, the faster the encryption and decryption rate. With the increasing number of attributes involved in the access control strategy, the time used for data encryption operations gradually increases. However, the increase is almost stable, indicating that the increase in overhead is acceptable. This result shows that the distributed storage of patent data is safe, and it can meet the requirements of off-site storage for the review.
Data operator security
As shown in Fig. 6, different data operators correspond to the number of attribute authority data of 1–4. The difference in the number of attribute authorities has a significant impact on the calculation time-delay of the encryption parameter. The more the number of attribute authorities, the more time overhead the encryption needs; the more attribute authority, the more corresponding attribute management sets, and the more parameters need to be managed. This result also shows that the data operator cannot obtain patent data, steal data resources, or cause data leakage.
Data manager security
As shown in Fig. 7, the number of permissions is associated with data encryption time-delay. The more permissions the data owner needs to manage, that is, the more access control strategies, the larger the encryption overhead. Therefore, even if there are more data managers, the specific information of patent data cannot be obtained effectively. Consequently, more managers are required to grant relevant permissions to access the data content.
Data owner security
Figure 8A shows the time required to decrypt the file, and Fig. 8B shows the time required to update the ciphertext. The more attributes involved in the data decryption time-delay and ciphertext, the greater the overhead of decryption. Due to the distributed attribute management architecture and the ciphertext update calculation process, only part of the ciphertext needs to be updated when the attribute is updated, which effectively reduces the update time of the ciphertext after the attribute is updated. The ciphertext update time-delay and the classic CP-ABE encryption mechanism21 have been improved significantly. The data owners establish a representative of security services, effectively preventing data leakage from storage product vendors, data management vendors, and system vendors. The traceability and non-tampering characteristics of blockchain are used. Through the blockchain transaction management to access the control strategy and attributes, this function realizes the strategy management and tracking of the whole process of policy publishing, updating, and revocation. The strategy is stored in the blockchain in an open and transparent form. Any user can query it. The query function is separated from the traditional access control service mode by the third party. This function solves the problem of transparency of jurisdiction judgment.
Model performance analysis
Computing overhead analysis
Figure 9A–D demonstrate the key overhead, encryption overhead, decryption overhead, and computing overhead under different datasets. The proposed model is compared with the KP-ABE (Ciphertext Policy Attribute-Based Encryption) algorithm22. The overheads of the proposed model’s encryption algorithm and the KP-ABE algorithm all increase linearly with the increase in the number of attributes. In the proposed model, the overhead of the key generation algorithm increases linearly as the number of attributes increases. In the KP-ABE algorithm, the overhead of the key generation algorithm increases exponentially as the number of attributes increases. In the proposed model, the overhead of the decryption algorithm is lower than the overhead of the encryption algorithm. This is because the decryption algorithm takes less exponential operations. The time required to encrypt a 10 MB file with 64-bit data and 128-bit data is 35 ms and 105 ms, respectively. The results of all experiments show that using the local resources in branches for decryption can reduce the cloud computing overhead of the patent office.
Storage overhead analysis
Figure 10A displays the overhead of the encryption algorithm, and Fig. 10B displays the overhead of the decryption algorithm. DS-EA and BE-based schemes cost the least. Compared with the scheme based on ABE (Attribute-Based Encryption) and BE (Based Encryption) schemes, DS-EA can considerably reduce the key storage overhead. In this scheme, users only need to store their private keys and system parameters. In comparison, users must store their access structure and the corresponding private keys in the ABE-based scheme. Therefore, DS-EA only needs a small key storage overhead to implement secure cloud data collaboration services.
Network overhead analysis
Figure 11A shows the network overhead of the encryption algorithm, and Fig. 11B shows the network overhead of the re-encryption algorithm. The proposed scheme only takes 1 s to decrypt the 64 KB data; in contrast, the algorithm proposed in previous research takes 1.5 s. Although the proposed scheme’s decryption algorithm must perform a pairing operation for each piece of data, the operation only needs to be done once, and the calculation can be completed at the very beginning. As the number of receivers increases, the encryption time-consumption is almost stable. Therefore, the DS-EA scheme is easy to expand in cloud computing. Experimental results show that DS-EA is lightweight and can apply to practice efficiently. This algorithm can reduce the storage space of the patent office encryption data and save the storage effectively.
Encryption performance analysis
Figure 12A illustrates the encryption performance results under different k values, and Fig. 12B presents the encryption performance results under different datasets. Only 1% of the data requires asymmetric encryption, which greatly reduces encryption computing overhead while increasing encryption speed and ensuring data security. Compared with the state of the art algorithms, the proposed algorithm has prominent advantages when the K value is large.
Test performance analysis
Figure 13A–D represent the model’s MAE (Mean Absolute Error) results under a = 0.5 Count query, a = 1.0 Count query, a = 0.5 Sum query, and a = 1.0 Sum query. Figure 14A–D represent the model’s MRE (Mean Relative Error) results under a = 0.5 Count query, a = 1.0 Count query, a = 0.5 Sum query, and a = 1.0 Sum query. In any case, whether it is MAE or MRE, the results of the proposed algorithm are smaller than those of the Dwork algorithm23. When the query size is equal to 3 and a = 0.5, the MAE of the Count query result of the proposed algorithm is less than 20; in contrast, the result of the Dwork algorithm is close to 70. When the query size is 4 and a = 0.5, the MRE of the Sum query result of the proposed algorithm is less than 0.1; however, the result of the Dwork algorithm is greater than 0.2. As the query size increases, not only the MAE but also the MRE are decreasing. In addition, as a increases, both MAE and MRE are decreasing.
Figure 15A presents the model’s relative error result under the Count query, and Fig. 15B gives the model’s relative error result under the Sum query. As the size of the dataset increases, the relative error ratio decreases. As the dataset grows to 1,500,000, and a = 0.5, the relative error ratio of the Sum query result is 0.7; when the dataset size is 4,500,000, the relative error ratio is less than 0.6. Therefore, the algorithm can provide higher data availability for large-scale multidimensional datasets.