Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes propose to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir Secret Sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

基于密文策略的基于属性的加密（CP-ABE）已被广泛研究并用于安全数据共享的访问控制方案中。由于在大多数现有的基于属性的加密方法中，所有用户属性都由单个中央机构管理，因此很容易造成单点故障。因此，提出了几种多权限CP-ABE方案来通过多个权限管理用户属性。但是，这些方案本质上仍无法消除单点故障，也不会遭受数据用户的高计算量和通信开销。在本文中，我们提出了一种称为BMAC的基于区块链的多权限访问控制方案，以安全地共享数据。引入Shamir秘密共享方案和许可的区块链（Hyperledger Fabric）以实现每个属性由多个权限共同管理，以避免单点故障。此外，我们利用区块链技术在多个授权机构之间建立信任，并利用智能合约为跨多个管理域管理的属性计算令牌，从而减少了数据用户端的通信和计算开销。此外，区块链有助于以安全且可审核的方式记录访问控制过程。最后，我们分析了所提出算法的安全性。进一步的分析和比较表明了该方法的性能。我们利用区块链技术在多个授权机构之间建立信任，并利用智能合约为跨多个管理域管理的属性计算令牌，从而减少了数据用户端的通信和计算开销。此外，区块链有助于以安全且可审核的方式记录访问控制过程。最后，我们分析了所提出算法的安全性。进一步的分析和比较表明了该方法的性能。我们利用区块链技术在多个授权机构之间建立信任，并利用智能合约为跨多个管理域管理的属性计算令牌，从而减少了数据用户端的通信和计算开销。此外，区块链有助于以安全且可审核的方式记录访问控制过程。最后，我们分析了所提出算法的安全性。进一步的分析和比较表明了该方法的性能。