Data access control with comparable attribute for dataspace

Data is the key production factor and important driving force for digital economy. Its sharing and circulation can promote release of the value of data elements and high-quality development of digital economy. Dataspace is an important infrastructure for effective data sharing and circulation. However, privacy leakage, data theft, illegal abuse, etc. during data sharing pose significant challenges to dataspace. Attribute-based Encryption can ensure data confidentiality and fine-grained access control, but still faces many challenges when applied directly to dataspace. Firstly, the dynamic users in dataspace pose difficulties in terms of forward security. Secondly, many industry dataspaces need to perform flexible access control on shared data based on comparable attributes and access time, with decryption result verification. To address these issues, a data access control scheme based on comparable attribute for dataspace is proposed. It achieves flexible and efficient user revocation to ensure forward security by puncturable encryption, and can make flexible decisions on users' access behaviors based on access time and comparable attribute. It also supports verification of the decryption process. After formal security analysis, the scheme has semantic security under chosen plaintext attack. Extensive experimental analyses show that the scheme is suitable for actual dataspace