Sharing secured data on peer-to-peer applications using attribute-based encryption

ABSTRACT The strong growth of communication and storage gives rise to the significantly increasing demand for collecting, storing, and sharing a large amount of data on networks. This is further enhanced by the data-driven market, where everyone wants to access other parties' data. Data is the bedrock of today's technologies and researchers, especially in machine learning and deep learning. The business value of organizations is also massively data-dependent. Recent studies and industry applications can apply analytic techniques for exploiting data, or Internet users can exchange data on social networks or peer-to-peer (P2P) networks. However, sharing secured data is a challenging problem that attracts much attention from researchers. Sharing secure data with a group of users using P2P applications faces the unavailability problem of peer nodes. Thus users cannot certify and download the protected data. This affects a P2P-based application class of sharing and storing online services or customer-to-customer e-commerce applications. This article proposes a solution for sharing secured data on P2P-based applications using blockchain and attribute-based encryption. The attribute-based encryption guarantees sharing keys among a group of users, while blockchain guarantees keys distribution. We have simulated the proposed solution on the mobile peer-to-peer network that provides services for sharing and storing data securely.


Introduction
Peer-to-peer (P2P) technology provides a platform for sharing a large volume of data on networks. Decentralized P2P systems face the unavailability problem of peer nodes for sharing data on a group of users. Securing this data on available peer nodes is challenging because peer nodes can be unavailable, while information cannot be shared with all users.
Many data-sharing services work with impressive performance and integrated features that significantly improve user experience and ease the anxious feeling of security problems. However, several potential and unseen risks cause significant damage. For example, Facebook is one of the largest social networks and one of the most influential platforms for e-commerce. Still, it cannot provide the most secure system to protect its content. Thus, even one of the most reliable, secured data-sharing services still contains risks. When users are vulnerable to several threats using data storage and sharing services, users still need to compromise their safety to use these services. Data storage and sharing services have become essential pillars supporting people, society, and government.
Data-sharing systems can be categorized into two types: centralized data sharing and P2P distributed systems. Centralized data-sharing systems are limited by trust and authority. For example, a Facebook user posts an article on Facebook and only wants a group of users to be notified about the published article's presence. Therefore, Facebook relies on the request of the users and enforces the policy on the corresponding data. On the other hand, P2P file-sharing systems contain a process of sharing digital data from one end-user's computer connected to the other computers via the Internet without going through intermediary servers. Peers can use P2P file-sharing software, e.g. Gnutella or Bit-Torrent applications, for this process. A peer sends a query to other peers to get the data's location and download the data to obtain it.
Both types of file-sharing systems include several disadvantages. Centralized data sharing systems often possess less efficiency compared to their counterpart P2P distributed systems because all operations rely on the central servers. Meanwhile, P2P data sharing systems often cause disorganized management and an insecure environment because of the difference in security standards, configuration, and security awareness in each peer node. This article has proposed a solution for sharing secure data sharing on P2P-based applications using blockchain and attribute-based encryption (ABE). We have applied P2P decentralized systems for data storage because we take advantage of users' computing power without administration. Data manipulation by having many different copies in different nodes of P2P systems can minimize the chance of services being shutdown by peers. Blockchain assists our proposed solution in securing the shared data. We have used ciphertext-policy attribute-based encryption (CP-ABE) (Bethencourt et al., 2007) for our cryptography scheme.
The rest of the paper is structured as follows: the next section provides details on data security and sharing; research activities related to ABE, blockchain, and P2P systems. Then, Section 3 describes applying the ABE scheme to P2P systems: workflow and functions. Next, some mathematical formulas and explanations are referred to from the study (Bethencourt et al., 2007). Finally, Section 4 provides security evaluation for the ABE scheme of P2P systems, some cryptography schemes applied in P2P systems, and reports on the preliminary results with lessons learned before the paper is concluded in Section 5.

Background
This section includes reviewing several studies related to data security, ABE, blockchain, and the P2P distributed system. It also describes the advantages and disadvantages of these studies and explains using blockchain and ABE instead of other alternative data security options.

Data security
Data security includes the process of protecting data from unauthorized access and data corruption throughout each data life cycle stage. Several organizations around the globe heavily invest in cybersecurity capabilities to protect their critical assets. Thus data security is a must-have in any enterprise and becomes the research field that attracts many researchers and companies. The basic idea is to ensure that data can be stored in a form that no one can understand. Thus, even if the system is compromised and data gets stolen, it is still considered somewhat safe if no one can devise a way to transform the scrambled data back into its original state.
When the task is to scramble the data, the four most common techniques are: data encryption, secure hashing, tokenization, and data masking. These security practices protect data across all applications and platforms. Regarding securing information transmission via the Internet or storage, these four mentioned techniques are among the most adopted techniques in industry and academia. They are practical solutions to obfuscate critical data, satisfy regulatory requirements such as ITAR, GLBA, etc. and meet data security policies. However, they are different in advantages and disadvantages. Choosing the appropriate solutions for various problems requires the decision-maker to be knowledgeable about the given choices.
Data encryption mathematically transforms plaintext into ciphertext using a sophisticated algorithm and key. Data encryption can be used for structured data as well as unstructured data. Tokenization randomly generates an alphanumeric value for plaintext and stores the mapping in a database. When a user needs to access the original data, the system looks up the token value and retrieves it. Tokenization is used for structured data and is often seen in payment cards or social security number applications (Díaz-Santiago et al., 2016;Iwasokun et al., 2018;Nxumalo et al., 2014;Stapleton & Poore, 2011). Hashing generates a unique signature of fixed length for a data set. Each specific data set has a unique hash; making minor changes results in an entirely different hash value than the original one, making the information easily spotted if tampering occurs. Hashing cannot be deciphered or reversed back to its plaintext form and is mainly used as information verification. Data masking is a process of replacing confidential data by using fictitious characters. The primary purpose is to protect sensitive, private information when sharing data with third parties. A simple use-case is to replace actual data with null or constant values like 'XXX-XXX-XXX' in the social security number field.
Centralized data sharing can be done through data access control, for example, Facebook. The study of Shankar et al. (2013) provides fine-grained data access control with encryption to boost security on centralized storage server based on the study of Flank et al. (2011) However, there was not much discussion on what cryptography scheme the authors used and what if the system could resist collusion attacks and protect user access privilege.

P2P system
A P2P system is an autonomous distributed network in which tasks are partitioned between peers. These self-organized peers perform functions that include data upload, forwarding, and message delivery. All nodes in the P2P system are considered equal in the capacity to share data. P2P and centralized systems can both be distributed computing systems. Both contain multiple physical computers working together. The main difference is that all physical computing devices are under one organization's control policy in centralized systems. In P2P, each computing device is under the control of a different owner. Ideally, the number of computing devices is the same as the number of owners. They are peers without administration and management.
Napster (Greenfeld & Taro, 2000) and BitTorrent (Cohen, 2003) are among the famous names built on the P2P system. Napster was in its prime age, very renowned for sharing and downloading music files using the peer-to-peer model. There was no debate about the benefits Napster brought to users. However, the intellectual property rights of producers and musicians were heavily violated. Metallica, Madonna, Nirvana were among many famous names who suffered a massive loss of income. Simultaneously, underground music bands steadily got their name widely spread because users shared and downloaded their music. BitTorrent later learned from Napster, and instead of storing fullsize data on one node, BitTorrent divides data into many parts, and each node only holds a fraction of data. BitTorrent argues that just a fraction cannot be considered the original data, even if they are copyrighted data, and BitTorrent survived for many years with that logic. Soon, the law started changing to deal with the case of BitTorrent, and the access to BitTorrent gets restricted little by little. He et al. (2014) proposed a secure, efficient, and fine-grained data access control on P2P storage cloud using ABE as a cryptography scheme and proxy re-encryption (PRE) (Blaze et al., 1998) to achieve efficient user revocation. Their work also yields higher performance and efficiency compared to the previous proposals on attribute revocation of ABE conducted by Yu et al. (2010) and Liang et al. (2009). Heng He et al. The proposal also includes several considerations and configurations to satisfy the security standards. However, re-encryption is not suitable for large data files; re-encryption also has another apparent obstacle related to the unavailability problem of nodes. All the records of the encrypted data across the P2P systems must be re-encrypted regarding revoking a user. The re-encryption process must be executed in a timely fashion, which requires full cooperation and availability of all peers. It is challenging to achieve this. Thus, the re-encryption may not be executed in all nodes, and old records are still retained. So even if a user is revoked, the chance to get the data remains positively high.

Blockchain
Blockchain, widely known as a tampered data immunity system, first introduced by Satoshi Nakamoto (Nakamoto, 2008) is a fact-based peer-to-peer replicated to several nodes connecting to a network. Facts could be anything, and a classic example would be cash transactions. Blockchain is implemented in a distributed manner and usually does not include a central authority or central repository like a bank, company, government, etc. Several articles and news described blockchain technology as magic; this reputation is built upon blockchain's inherent property, allowing mutually consensual financial value exchange without a trusted third party's liability. Blockchain allows pseudo-anonymity by identifying the network participants without authentication like KYC (Know Your Customer). Blockchain is the foundation of modern cryptocurrencies due to the heavy usage of cryptographic functions. All system members are anonymous; all communications use cryptography to reliably identify senders and receivers while still retaining the unidentified property. Block is a formed consensus among peers when a new fact appears and resolves all conflicts.
Based on many use-cases, blockchain approaches have been identified and generally categorized into two types: permissionless and permissioned. People often conclude that permissionless and permissioned blockchain are public and private blockchains, correspondingly. This verdict is, however, not correct. Permissionless blockchain imposes no regulations or restrictions, and thus anyone can join the network, so the name public blockchain. Permissioned blockchain can be considered an additional blockchain security system as it maintains an access control layer to allow a certain level of privileges upon those identified participants. A corporation can employ a private blockchain through the operation of several nodes inside the corporation. The permissioned blockchain can allow any node to join the network once its identity and role are adequately defined. Permissioned blockchain is not as common as its counterpart. Thus in this article, we focus on the deployment of permissionless blockchain. Many permissionless blockchains have been implemented and used in various application domains: Bitcoin (Nakamoto, 2008), Ethereum (Buterin, 2014), Tomochain (Team, T.R.D, 2018), etc.

Attribute-based encryption
This article focuses on using cryptography to secure shared data. Data cryptography is widely regarded as a fundamental founding block for data security matters. Generally, we are well accustomed to two types of cryptography: symmetric cryptography and asymmetric cryptography. Symmetric cryptography like AES (Jamil, 2004) uses only one key for encryption and decryption tasks. On the other hand, asymmetric cryptography like RSA (Rivest et al., 1978) uses two different keys: the private key for the decryption task and the public key for the encryption task. ABE is a form of asymmetric cryptography; messages are encrypted under an arbitrary number of attributes or a policy decided by users. Users can encrypt different data sets with different sets of attributes or policies, so the owner can selectively share data with other users in a fine-grained way. A policy can be interpreted as a set of rules needed to be satisfied to guarantee a successful encryption and decryption process.
As mentioned above, all formulas in theory and algorithm are described in Bethencourt et al. (2007). The current notion of ABE was first introduced in Sahai and Waters (2004), and then later in Goyal et al. (2006). Many ABE schemes have been proposed, extending the functionality of the original scheme. The study (Zickau et al., 2016) provides an overview of applied ABE schemes and information about implemented libraries. There are mainly two variants of ABE: Ciphertext-Policy ABE (CP-ABE) and Key-Policy (KP-ABE). CP-ABE uses access trees or policies to encrypt data. However, with KP-ABE, data are encrypted over a set of attributes. Our proposed solution uses CP-ABE, and the four main basic functions of it are: . Parameters Setup: This is a randomized algorithm that takes no input other than an implicit security parameter. This function generates a random public parameter (PK) and an associated secret master key (MK).
. Encryption: This is also a randomized algorithm that takes PK, the access structure (number of policies to be met for the decryption, and the message to be encrypted). . Key generation: This function generates a private key (SK) by using the list of attributes that must satisfy the access structure tree to successfully decrypt a message and generated the MK during the parameters setup function. . Decryption: The algorithm takes the ciphertext of encryption, the PK, and the SK as inputs. The decryption process executes successfully if and only if the list of attributes of the decryption key satisfies the enforcement policy.
3. ABE scheme for P2P systems 3.1. Workflow of the ABE scheme on P2P systems To address the insecure environment in the P2P distributed sharing system, we use ABE to encrypt the data file before sending it to the network. Thus, it is imperative to transfer the private key reliably and securely to users who got sharing permission from the data owner. The data transmission problem is one of the main problems in the network's functioning. Five entities will directly be involved in our system processes: data owner, data requester, authorities, P2P data storage, and blockchain. Many recently researches involve ABE and blockchain to provide efficient fine-grained data access control on a wide range of applications (Niu et al., 2019;Rahulamathavan et al., 2017;Wang & Song, 2018), etc. One common factor among these schemes is the presence of attribute authority (AA). A quick look at the components and how ABE process Figure 1, clearly shows the reason why AA is essential.
We aim at P2P systems because we want to create a fair system and benefit the regular users rather than a few centralized organizations. However, the AA is nigh impossible to cast aside; the data owner can become the AA responsible for his data and issuing decryption keys to users who request the data, although this approach still makes unfair adjustments for other users in the P2P system. The problem with a single authority is the bottleneck as well as corruption. Therefore, we will go with multiple authorities in the system. To make the system as fair as possible, we decide to let the users vote and decide who will become the AA. To void the unavailability problem of P2P systems, we need an incentive method to make the users who contribute to the network feel rewarded; the more extensive the contribution, the higher the reward. In summary, after the AA is granted the authority by the voting of a group of users, the more of the AA work he does, including issuing the decryption keys to the users, the higher the AA's reward for his work. And the benefits shared for the voters also get higher. To sum it up, the idea of the reward can be seen as the investment to a company by buying the stock. As the company progresses, the more benefit the shareholders receive. As an AA, there is always the possibility of being corrupted, committing dishonest works, or being lazy. The users can vote to bring down the AA. With a single authority, it can quickly become the bottleneck. To be as fair as possible to all users in the network, there should be a few AA members responsible for the trust of their prospective group of users. If there are too many authorities, it will create unrest among the users; if there are too few authorities, the power is not balanced. We need a reasonable number of AAs so they will keep in check with each other. The multi-authorities ABE is a construct in which several independent authorities were allowed to monitor and distribute attributes (Chase, 2007;Han et al., 2014;Lin et al., 2008).
We use blockchain for voting to choose the authority. The blockchain is a system that helps entities build trust relationships in an environment where each entity was not trusting the other before. The use of blockchain technology has some major advantages: the voting ballot of a user will be rigorously verified before being accepted and established as a fact which got published in a node; the value of the voting once appended to the blockchain is impossible to tamper with; the blockchain uses the P2P system as an engine thus there hardly exist authority or central storage, the trust will be built upon the reputation of the users in the network. There are a lot of researches working on blockchain-based voting electronic system (Adiputra et al., 2018;Ayed, 2017;Fusco et al., 2018;Hjalmarsson et al., 2018;Khan et al., 2018;Kshetri & Voas, 2018;Pawlak et al., 2018;Wu, 2017;Yu et al., 2018) which enable a level of fairness and security as a voting system requires. However, there are some recent discoveries (Park et al., 2021;Specter et al., 2020) discussing the vulnerabilities of an electronic voting system using blockchain and mobile applications. However, we still decided to use a blockchain because it has an incentive scheme to motivate users to stay alive and contribute to the network.
Users must first create wallets on blockchain supported by our system. The public address and private key from blockchain will be used later on as we discuss how our system works. First, the voting process to appoint Attribute Authority (AA) is optional. Users can request existing AAs or promote a new AA for rewards if that AA is granted authority and goes into function later. For instance, a particular user (A) sends a request to create a new pair of public parameters and a secret key for encryption. The attribute authorities will handle this task. A then encrypts and sends his data to the P2P system's storage. We recommend having an intermediary entity such as a trusted authority to perform some additional tasks. Since the encrypted data is unreadable, for other users to request data, an overview of the data must be provided for all to view. Our system will not involve verifying if the data is precisely as the owner said and check whether the content is appropriate for simplicity. Users B and E see the information and want to download A's data. B and E will request directly to A. If A gives his consent, he will send his request to the authority for creating ABE private key, and A will sign it. In our scenario, A agrees to share with B but not E. The server will then verify the request to check the genuineness and the freshness of the message. Our system requires the consent of the data owner before generating a new private key. The ABE private key will have the public address of A and users whom A agrees to share data as embedded attributes. If there are multiple parties in A request, the server will generate the corresponding ABE private keys. The AA can issue the decryption key toward users via two channels: blockchain or direct communication. With either approach, the transportation of the key must be secure under any circumstances. A mixture of technologies and techniques is required; we only discuss encryption of the decryption key as a base layer of safe transportation. Users have to engage in a blockchain platform to vote to represent authority and blockchain using PKI to securely and anonymously identify users in the network. Thus, every user has a unique pair key for identity. We will use asymmetric encryption to produce the scrambled ABE decryption keys. Finally, B can download A data from P2P network storage and decrypt it with ABE private key. The workflow of our proposed system can be visualized as in Figure 2.
Our system uses Charm (Akinyele et al., 2013) as a base to set up ABE tests with four fundamental functions: parameters setup, encryption, key generation, decryption. The detail of the inputs and outputs of four parts are described in Figure 3.

ABE private key revocation
One of the practical challenges of ABE is the efficient solution to root out malicious users. They fan out the decryption key to others for financial benefit or many different reasons. Due to the nature of ABE, the policy access does not necessarily contain the exact identity of the eligible receivers. A typical example is when a professor wants to send an encrypted file solely for the students who belong to the network major with an admission year attribute value is 2021. The professor can express the policy as 'Network', '2021', and the key qualified to decipher the ciphertext holds no identity information. The traceability and revocation utilities are a must for key management to pertain to the system's security. There are many research papers about efficient traceable, revocable ABE (Han et al., 2020;Liu et al., 2013;Ning et al., 2015;Wu et al., 2019;Zhang et al., 2018). A common shared factor is the identity attribute. With identification, we can trace or revoke the decryption effortlessly. However, the attributes necessary to satisfy the access tree policy do not need to be unique, identify value, or be shared among many keys. Moreover, the identity is usually close-knit to the users' personal information, and people are reluctant to give out their data. We want to have a KYC system while still allowing the anonymity of the users. The attributes can also be used to give away some information about the encrypted file. With the policy as 'Doctor ', we can guess the file is related to the health record. With the policy as 'Teacher ', we can guess the file is related to the academic record. Thus it is imperative to have a hidden access structure. ABE has one problem: labelling policy-how to attach attributes to the key and create a corresponding policy on the document. Coming up with a good set of attributes and a good policy is tedious.
Blockchain public addresses that serve as explicit attributes to easily create data permission for ABE are enough to define a group and specify the individual in the group.
The public address is unreadable and thus gives no information regarding documents. We are using the two public addresses of the requester and the data owner. Two public addresses for creating a group of users who request data and have the data owner's consent separate each requester since public addresses given to each wallet are unique. We discuss the two approaches for denying the user machine's decryption process: direct revocation and indirect revocation. The direct approach requires the data owner to parse the list of revocable identities to the ciphertext. The list of attributes for the encryption/decryption can be infinitely extensive, and many versions of the data can exist. The probability that someone will rehost the out-of-date data is non-zero despite the version control utility. We propose voting to appoint the Monitor Authority (MA) to check if the data's old version is hosted in the network. The MA also serves in the police officer role to inspect, report, and fine the violators. There should be a reasonable number of MAs to do the task efficiently. The process is shown in Figure 4. We use the Revocation Attribute Authority (RAA) to maintain the blacklist of identities for the indirect approach. The RAA will constantly update the blacklist and periodically send the newest version to the users. The process can be summarized as in Figure 5. Just as private key generation, the denial of decryption must first be approved by the data owner. The method to check the genuineness of data owner requests is the same as generating a new private key process in our system. The specific incentive mechanism to reward the AAs, MAs, RAAs, or the penalty utensil to punish these authorities is outside the scope of this article.
The indirect revocation method does not involve re-encrypting files or re-distributing keys. However, this approach misguided people into thinking there is a severe security  issue. One can easily bypass this mechanism by performing a collision attack to generate a new private key with embedded attributes different from those stored in the server. ABE is proven to overcome this adversity, as described in Bethencourt et al. (2007). We observe that each user is assigned a random parameter value in the key generation process, embedded in the private key. Using different private keys means different parameter values in the decryption process, thus producing failure to combine to generate a new private key.
The set of attributes in CP-ABE is represented as a list of strings regardless to order. Our revocation process will fail in some scenarios because it will revoke the wrong key. For example, user A requests and gets the private key from user B. While user B requests and receives the private key from user C. If we blacklisted user B to revoke the private key of user B, the private key from user A also gets affected. The problem can be solved by adding more symbols or words in the attribute to distinguish the difference. For example, user A requests user B; then, we can present it as 'A+B'. In a string, 'B+A' is different from 'A+B', and we check with exact matching embedded attributes to differentiate private keys. The database also needs to be kept safe and bulged quickly as the number of negative attributes is infinite. The number of attributes required for denying services and the storage capacity is beyond our scope.
The proposed system consists of some authorities, which may be more prominent than the two necessary attributes for the policy access structure. The differences in number may introduce unfairness to many authorities. There are two approaches to produce a sound solution to the problem. The two authorities will create the two core attributes while the other authorities can make dummy attributes. The alternative is to split the public address into many parts; each authority will take responsibility for each piece. How many trunks, how they can be assembled as a set of attributes should be thoroughly considered. In the case of users already decrypting the encrypted file and getting the plaintext to distribute to others without the data owner's consent remains a critical challenge. Our approach currently works for CP-ABE.

Use-case
Information is the most critical asset of society and the economy. The information stems from raw, unpolished data that can be collected easily. Be it individual or a small group of people to large organizations; there is always a possibility of information extraction from data collected by these users. Unfortunately, there is little to no standard for the process of data collection and storage. Business involved in the data economy has a great interest in accessing data from users to study and transform its processes. However, data-driven markets still observe many hesitations from these users about how data sharing can be incentivized and secured. In centralized data-sharing platforms like Facebook, users can broadcast their data with high efficiency while specific groups can access it. Users can also gain financial benefit through voting, invest in authorities to handle particular tasks in the centralized system. The proposed solution can be applied to the decentralized customer-to-customer (C2C) e-commerce model (Huynh et al., 2020).
The centralized C2C e-commerce model appeared in the early days of the Internet. Online marketplace applications, including eBay Company (1995) and Craigslist Company (1995), provide an online marketplace or e-market for trading between buyers and sellers. Sellers post items to the e-market, while buyers seek items from the e-market and receive items from the sellers through indirect transactions. In this model, the centralized e-market servers, as shown in Figure 6 play a key role in connecting buyers and sellers. These servers provide a mediated mechanism for performing transactions to guarantee quality control, i.e. after a buyer and a seller agree on trading an item, the buyer transfers money to the mediating company; the seller sends the item to the buyer; and the seller receives money from the company if there is no complaint from the buyer. This model is referred to as the centralized model because of the dependence on centralized servers. The model is similar to the centralized P2P model. The decentralized C2C e-commerce model allows buyers and sellers to trade items through direct transactions. The centralized servers only act as bootstrapping servers to form a network of sellers and buyers that can dynamically join and leave, search items, and perform transactions through the P2P system. This model's motivation comes from online trading activities on Facebook, where sellers advertise items on their personal pages, and buyers search for appropriate items. Transactions occur directly between sellers and buyers without the participation of Facebook. Facebook only plays the role of a communication platform for the decentralized C2C model. However, this platform's disadvantages include the dependency of Facebook servers, limited search capability, advertisement fees, etc. This model is based on an unstructured P2P system, as shown in Figure 7. The model takes advantage of the remarkable characteristics of unstructured P2P systems. Buyers and sellers act as peers in this system; peers directly connect and trade items to each other without centralized servers; the network is self-managed when peers join and leave dynamically. The centralized servers are only used for network bootstrapping and peer rating purposes. Since there are no centralized servers, peers can only advertise their items when they get online. This system provides a flexible search mechanism that allows peers to seek items in several other peers' stores. The model eliminates the mediating company; cost is thus reduced compared to the above centralized model. However, the model also suffers some limitations from unstructured P2P systems, including unavailable peers, secure data between peers, etc.

Security evaluation and preliminary results
The selling point of blockchain is that cryptographically secured distributed ledgers are virtually unbreakable under normal circumstances. However, the quantum computer is said to be capable of breaking blockchain. Aggarwal et al. learned on the attacks of blockchain using quantum computers (Aggarwal et al., 2017) but still agreed that blockchains have within seven or more years before the quantum computer can pose a threat to blockchains' integrity. Later, Kiktenko et al. studied a quantum-secured blockchain. Therefore, key distribution using blockchain is secure within a short time frame before researchers move on to quantum-secured cryptography. Blockchain voting systems can also be considered being safe. CP-ABE is provably secure under the standard security model and can resist collusion attacks and protect user access privilege (Bethencourt et al., 2007). Furthermore, the studies of Wang (2014), Agrawal et al. (2012), and Qiao et al. (2014) show that latticebased cryptography has been resistant to quantum computers; lattice-based CP-ABE has already been studied and implemented.
The authorities are under the assumption of being trusted and secured. The authorities can also be voted out if the possibility of being corrupted appears. User anonymity in the centralized server is assured as the only identity that our proposed scheme requires is a public address when a user creates a wallet on a blockchain. The public address is used for mapping data and data owner so other users can directly request data from the owner; and prove the authenticity of the request to the centralized server for some sensitive, crucial tasks that require the consensus of the data owner.
We have used the architecture described in Bethencourt et al. (2007) for single authority ABE and Rouselakis and Waters (2015) for multiple authority ABE. The implementation of ABE is under the symmetric curve with 512 bits (SS512) which provides 80 security strength levels in bits. We have implemented the system in Ubuntu 18.10 virtual machine with 6GB RAM and two processors. We have tested the performance of both encryption and decryption on different sizes of data files ranging from 1MB to 100MB with two attributes. The result is the mean of 15 iterations as shown in Figure 8. Time consumption linearly increases as file size increases, and it approximately takes 700 seconds for encrypting or decrypting 100MB of data. We have evaluated encryption and decryption performance on the data file size of 1Kb for multiple authority ABE. We have applied the direct revocation method to simulate the number of attributes. Data owners embed the list to the ciphertext during the encryption process or require dummy attributes from a different authority. We have assessed different numbers of attributes ranging from 10 to 100 issued by a single authority or multiple authorities. The number of authorities is the same as the number of attributes. The result is the mean of 15 iterations as shown in Figure 9. The encryption is roughly the same for both single and multiple authorities. The decryption counterpart is, unfortunately, having a considerable difference in performance. We will conduct more experiments to double-check the results. The multi-authority ABE is slower than a single authority because of the additional cost of setting up the authorities. In addition, the latency of sending messages from authorities is non-zero.
The results from the ABE experiments lead to a conclusion that an extensive care needs to be provided for the size of data and number of authorities should the proposed system be deployed in a real-world application.
We have measured the load balance on simulated P2P systems with 3000 nodes and 5000 nodes for data storage. Load balance increases the optimal utilization of distributed resources, including storage, data access, message forwarding, and peers' computation. The number of messages per peer is as shown in Figure 10. A small number of peers exchanged more than 450 messages for the 3000-node network and more than 300 messages for the 5000-node network, i.e. except for only a few peers with high load, other peers share the burden on the networks.
We have applied on the work (Alharby & van Moorsel, 2020) to simulate the blockchain. For the bitcoin platform configuration parameters: the average creation time of a block is 900 seconds, average block-size is 1 Mb, average block propagation delay is 0.5 seconds, the reward for mining a block is 12.5 bitcoin according to Bitcoin-halving event, 3000 nodes in the network, and 16 miner with hash rate is 6.25. We have disabled the transaction in the simulation and set the simulation run for 50000 seconds. The result of 48 blocks in the main block and the miners' profits are shown in Table 1.

Conclusions
This article aims at combining attribute-based encryption with blockchain to propose a mechanism for sharing secured data on P2P systems. This mechanism can be applied to P2P-based applications, such as P2P file-sharing services or C2C e-commerce applications. We have proposed a system design that provides user anonymity and relatively simple ABE private key denial on the data owner's request. The proposed system achieves secured data sharing on P2P applications under security standards. Blockchain has been long categorized as only digital money like stock for easy investing in harvesting a massive amount of profit by the mass media. In turn, cryptography is usually used as the only means for protection, not as a factor to boost the business value. Based on our experiments, we have explained some different insights on the purpose of blockchain  and cryptography. The future work includes deploying an actual P2P application, securing the centralized server, testing lattice-based CP-ABE, and designing a scheme to detect peers being attacked by the botnet, virus, malware to protect the network.

Disclosure statement
No potential conflict of interest was reported by the authors.

Notes on contributors
Mr. Nhan Tam