An efficient and scalable vaccine passport verification system based on ciphertext policy attribute-based encryption and blockchain

Implementing a trust and secure immunity or vaccine passport verification system is now crucial for many countries. The system typically aims to enable the secure access control and verification of vaccination records which will be used by trusted parties. However, the issues related to the system scalability in supporting a large number of data access requests, the enforcement of the user consent for data sharing, and the flexibility in delegating the access capability to trusted parties have not been resolved by existing works. In this paper, we propose a Universal Vaccine Passport Verification System (UniVAC) to support a decentralized, scalable, secure, and fine-grained, access control for Covid-19 vaccine passport data sharing and verification. At a core of our scheme, we employ the ciphertext policy attribute-based encryption (CP-ABE) to support secure and fine-grained access control and use the blockchain to record access transactions and provide data indexing. Furthermore, we propose a ciphertext retrieval method based on regional blockchain segmentation and introduce the outsourced CP-ABE decryption as a part of the proxy re-encryption (PRE) process to enable scalable and secure ciphertext delivery of the encrypted vaccine passport under the requestor's public key. Finally, we conducted the extensive experiments in real cloud environment and the results showed that our proposed scheme is more efficient and scalable than related works.