All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Thank you! You have addressed all the comments of the reviewers.
[# PeerJ Staff Note - this decision was reviewed and approved by Sedat Akleylek, a 'PeerJ Computer Science' Section Editor covering this Section #]
The authors have well addressed all the comments.
The authors have well addressed all the comments.
The authors have well addressed all the comments.
The paper mentions concepts such as weak attribute hiding and receiver privacy, but lacks a quantitative measurement standard for the degree of privacy protection. In practical applications, it is difficult for users and data owners to intuitively assess whether the privacy protection level provided by the system meets their needs. Different users have different sensitivities to privacy, and a clear privacy measurement indicator is needed to help users make decisions, which is not covered in the current paper.
In addition, the algorithm part needs to be further simplified and presented in the form of an appendix or open source on GitHub.
In terms of security assessment, although specific attacks (such as rogue-key attacks, inferred secret vector attacks, etc.) have been analyzed, there is a lack of a quantitative assessment method for the overall security of the system. For example, indicators such as attack success rate and information leakage amount can be used to more accurately measure the security of the system under different attack scenarios. Currently, the paper mainly relies on theoretical analysis and qualitative description and lacks quantitative assessment means.
Although the paper lists application scenarios such as medical data sharing and housing rental market to illustrate the problems and solutions, it may face business restrictions in different scenarios during actual system deployment and application. The performance analysis mainly focuses on computational complexity and execution time in the experimental environment, but in the actual cloud computing or distributed storage environment, the effective utilization of resources and cost-effectiveness also need to be considered.
The paper introduces a blockchain-based system for privacy-preserving data sharing; however, the novelty needs clearer articulation through a detailed comparison with existing blockchain-based ABE systems. The security analysis in Section 6 requires significant expansion and formalization with formal security proofs or a rigorous security model to substantiate claims. Additionally, the paper lacks a comprehensive performance evaluation, necessitating the implementation of the proposed system and providing experimental results comparing its efficiency with existing solutions. Practical challenges in real-world deployment, such as scalability, network overhead, and integration with existing systems, need more discussion, referencing works like "Privacy-preserving dynamic multi-keyword ranked search scheme in multi-user settings" and "Multikeyword-Ranked Search Scheme Supporting Extreme Environments for Internet of Vehicles." The blockchain integration details, particularly smart contract design and the consensus mechanism, need elaboration, alongside formal definitions for cryptographic constructions to improve clarity and allow rigorous analysis. Expanded real-world use cases demonstrating the system's applicability in fields like healthcare or finance are also necessary. Given the extensive workload and potential necessity for doctoral graduation, major revisions should be considered for acceptance. The concept of storage outsourcing has been extensively studied in cloud storage and distributed systems, and this paper should position itself within this existing body of work, considering interoperability, integration in multi-cloud environments, performance, scalability, and specific security compliance requirements. The fusion of blockchain with ABE, while intriguing, may not be novel; thus, the paper must offer significant technological advancements or innovative points. An excess of formulas and derivations, while indicative of extensive work, does not resolve the key issues.
I would recommend major revisions before it can be considered for publication. Here are my key points of feedback:
1. Novelty and Contribution:
While the paper presents an interesting blockchain-based system for privacy-preserving data sharing, the novelty of the approach needs to be more clearly articulated. The authors should provide a more detailed comparison with existing blockchain-based ABE systems to highlight their unique contributions.
2. Security Analysis:
The security analysis in Section 6 needs to be significantly expanded and formalized. Formal security proofs or at least a rigorous security model should be provided to substantiate the claims about mitigating rogue-key attacks and other vulnerabilities.
3. Performance Evaluation:
The paper lacks a comprehensive performance evaluation. The authors should implement their proposed system and provide experimental results comparing its efficiency (in terms of computational overhead, storage requirements, and latency) with existing solutions.
4. Practical Considerations:
More discussion is needed on the practical challenges of implementing and deploying such a system in real-world scenarios. To broaden the scope of this paper, the authors may refer to some work such as Privacy-preserving dynamic multi-keyword ranked search scheme in multi-user settings and Multikeyword-Ranked Search Scheme Supporting Extreme Environments for Internet of Vehicles. This should include considerations of scalability, network overhead, and integration with existing systems.
5. Blockchain Integration Details:
The integration of blockchain technology, particularly the use of smart contracts, needs to be elaborated. Provide more details on the smart contract design, consensus mechanism, and how exactly the blockchain enhances security and prevents credential misuse.
6. Formal Definitions:
The cryptographic constructions and protocols should be presented using formal definitions and notation. This will improve clarity and allow for a more rigorous analysis.
7.Use Case Scenarios:
Expand on the real-world use cases presented in the introduction. Provide more detailed scenarios demonstrating how the proposed system addresses specific challenges in fields like healthcare or finance.
As above
As above
This paper focuses on the implementation of data governance using blockchain technology to protect the privacy of shared confidential data. The scenario set forth in the paper is indeed significant, and the work is extensive and solid; however, the consideration of whether the innovation aligns with the field's standards is necessary.
The concept of storage outsourcing has been extensively studied within the realms of cloud storage and distributed systems. In the domains of Attribute-Based Encryption (ABE) and blockchain, there may already be numerous research works related to storage outsourcing. For instance:
Wang et al., (2018) "A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems."
Gao et al., (2020) "TrustAccess: A trustworthy secure ciphertext-policy and attribute hiding access control scheme based on blockchain."
These references illustrate that the notion of integrating blockchain with ABE for storage outsourcing purposes has been explored, and the paper should be positioned within this existing body of work.
Given that the scenario design is intended to address data storage tasks within cloud environments, the integration with cloud services should be a focal point of the experiments. Therefore, it is recommended that the paper discusses the following:
1. How to achieve interoperability and integration in multi-cloud or hybrid cloud environments.
2. The performance and scalability of the system when dealing with large-scale data and high-concurrency access.
3. How the system design adapts to different cloud service models (such as public cloud, private cloud, and hybrid cloud).
4. Consideration of specific security compliance requirements in cloud environments, such as data governance, data sovereignty, and cross-regional data transfer.
1. Although the integration of blockchain with ABE represents an intriguing research direction, the fusion of these concepts may no longer be a novel idea in academia. If the majority of related work has already delved into similar combinations, then the paper must offer significant technological advancements or innovative points that build upon the existing foundation.
2. While the paper emphasizes privacy protection, if the mechanisms employed by the scheme, such as vector commitments and NIZK proofs, are known technologies without notable improvements or novel applications, this may not sufficiently demonstrate innovativeness.
3. If the paper does not provide an in-depth analysis of system performance, or if it fails to demonstrate how the system maintains efficiency and stability in the anticipated cloud environment, this could be considered a deficiency.
An excess of formulas and derivations merely serves as evidence of extensive work and does not prove that the key issues of the scenario have been resolved.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.