PAVA: Privacy-Preserving Attribute-Based Verifiable Authentication in Healthcare using Smart Contracts

This paper explores the synergetic potential of blockchain technology and attribute-based encryption to enhance security and privacy in decentralized data sharing systems, particularly within healthcare. We introduce PAVA, a novel privacy-preserving attribute-based scheme, which leverages smart contracts for verifiable authentication and ensures secure data interactions in healthcare applications. The scheme incorporates dual access policies: a data provider policy and a data user policy, which respectively authorize data providers to write (encrypt) and data users to read (decrypt) health data records. Encrypted health data records are stored on a blockchain within a healthcare smart contract, which enforces these access policies while keeping them confidential from unauthorized users and the smart contract itself. This arrangement allows for verifiable authentication checks on both the data providers (user authentication) and the integrity of the data they submit (data authentication) without revealing specific policy attributes. PAVA employs ciphertext-policy attribute-based encryption with partially hidden access policies based on linear secret sharing schemes (LSSS) and integrates blind access policies to facilitate verifiable authentication. Furthermore, the security of PAVA can be proved using the dual system encryption technique under static assumptions in the standard model, demonstrating its robustness and applicability in real-world healthcare data sharing scenarios.