Abstract
Electronic Health Record (EHR) sharing in the cloud faces serious challenges, centered on the risk of a single point of failure and privilege abuse due to centralized privilege management, as well as the difficulty of existing mechanisms to effectively validate the integrity of data and access policies in transit/storage. To this end, this paper proposes a scheme that fuses blockchain with verifiable ciphertext policy attribute-based encryption (CP-ABE). Using the decentralized characteristics of blockchain, policy verification is decentralized to multiple nodes, eliminating a single point of failure and enhancing robustness; Vector Commitment technology is introduced to generate a unique binding commitment value for the access policy and incorporate it into the ciphertext to achieve rapid detection of policy tampering and guarantee the authenticity of the enforced policy. Meanwhile, the integrated Attribute-Based Proxy Re-Encryption (AB-PRE) supports dynamic and efficient adjustment of access rights based on patient status and treatment needs. Security analysis and experimental evaluation confirm the efficiency and effectiveness of this scheme.