Blockchain-based proxy re-encryption access control method for biological risk privacy protection of agricultural products

Abstract

In today’s globalized agricultural system, information leakage of agricultural biological risk factors can lead to business risks and public panic, jeopardizing corporate reputation. To solve the above problems, this study constructs a blockchain network for agricultural product biological risk traceability based on agricultural product biological risk factor data to achieve traceability of biological risk traceability data of agricultural product supply chain to meet the sustainability challenges. To guarantee the secure and flexible sharing of agricultural product biological risk privacy information and limit the scope of privacy information dissemination, the blockchain-based proxy re-encryption access control method (BBPR-AC) is designed. Aiming at the problems of proxy re-encryption technology, such as the third-party agent being prone to evil, the authorization judgment being cumbersome, and the authorization process not automated, we design the proxy re-encryption access control mechanism based on the traceability of agricultural products’ biological risk factors. Designing an attribute-based access control (ABAC) mechanism based on the traceability blockchain for agricultural products involves defining the attributes of each link in the agricultural supply chain, formulating policies, and evaluating and executing these policies, deployed in the blockchain system in the form of smart contracts. This approach achieves decentralization of authorization and automation of authority judgment. By analyzing the data characteristics within the agricultural product supply chain to avoid the malicious behavior of third-party agents, the decentralized blockchain system acts as a trusted third-party agent, and the proxy re-encryption is combined with symmetric encryption to improve the encryption efficiency. This ensures a efficient encryption process, making the system safe, transparent, and efficient. Finally, a prototype blockchain system for traceability of agricultural biological risk factors is built based on Hyperledger Fabric to verify this research method’s reliability, security, and efficiency. The experimental results show that this research scheme’s initial encryption, re-encryption, and decryption sessions exhibit lower computational overheads than traditional encryption methods. When the number of policies and the number of requests in the access control session is 100, the policy query latency is less than 400 ms, the request-response latency is slightly more than 360ms, and the data uploading throughput is 48.7 tx/s. The data query throughput is 81.8 tx/s, the system performance consumption is low and can meet the biological risk privacy protection needs of the agricultural supply chain. The BBPR-AC method proposed in this study provides ideas for achieving refined traceability management in the agricultural supply chain and promoting digital transformation in the agricultural industry.

Introduction

In modern agricultural production, the traceability of agricultural biological risks has become one of the focuses of attention. Agricultural biological risk factors are biological factors that may affect the safety and quality of agricultural products, including pathogenic microorganisms, fungal toxins, pests and their pest-borne pathogens, insect residues, and genetically modified organisms¹. These factors may lead to contamination or deterioration of the quality of agricultural products, posing a potential hazard to human health². Failure to monitor and control these biological risk factors promptly in the supply chain of agricultural products may result in a chain reaction that affects consumer health and the sustainable development of the industry³. The transmission pathways of agricultural biological risk factors are shown in Fig. 1.

Fig. 1

Transmission route of biological risk factors of agricultural products.

In recent years, there has been a high incidence of food safety incidents in China due to foodborne biological risk factors in agricultural products⁴. As shown in Fig. 2a, Food safety incidents due to foodborne biological risk factors in China climbed yearly from 2011 to 2020; As shown in Fig. 2b, Food safety incidents due to foodborne biological risk factors occur mainly in the food service sector as well as in households; As shown in Fig. 2c Animals, plants and poisonous mushrooms and other causes predominate among food safety incidents due to various foodborne biological risk factors; As shown in Fig. 2d, vegetables, mushrooms, aquatic products and meat in agricultural products accounted for the major portion of food safety incidents due to foodborne biological risk factors in various categories⁵.

Fig. 2

Incidence of food-borne biological risk factors in China in recent years. (a) Number of foodborne disease outbreaks in China, 2011-2020 (b) Number of foodborne disease outbreaks at different sites in China, 2011-2020 (c) Number of foodborne disease outbreaks caused by different causative factors in China, 2011-2020 (d) Food Categories Involved in Food Poisoning Incidents.

Therefore, the establishment of a full-process traceability system for biological risk factors of agricultural products can improve market transparency, enhance consumer trust, and promote trade development. Based on existing research, a biological risk factor prevention level is established, and through the traceability system, regulatory agencies and enterprises can discover and investigate potential sources of contamination promptly, reduce the probability of food safety accidents, safeguard public health, realize the organic connection between the safe production and consumption of agricultural products, and promote the sustainable development of agriculture.

Blockchain technology is a distributed, decentralized ledger technology that ensures the security and trustworthiness of data through cryptography and consensus algorithms⁶. Blockchain technology links data in the form of blocks to form an immutable record, achieving transparency and traceability of information, and providing a secure and trustworthy interaction environment for all participants. As an interdisciplinary and innovative technology, blockchain technology has important advantages in enhancing the traceability of biological risk factors in the agricultural supply chain. Its decentralized nature eliminates the problem of centralized storage of biological risk factor information and ensures the integrity and security of the information; its tamper-resistant nature solves the problem of easy tampering of the risk factor information and ensures the authenticity and credibility of the information; and its transparency meets the needs of the regulatory bodies for the transparency of biological risk factor information in the supply chain⁷.

The special nature of agricultural biological risk factor information lies in its key role in the supply chain. Information leakage may lead to the disclosure of trade secrets, triggering unfair competition and economic losses. In addition, malicious use of such information may increase food safety risks, reduce food quality, or even lead to contamination and endanger public health. Public perceptions of biological risk factors in agricultural products may trigger consumer panic, reduce trust in the company, affect sales, damage the company’s reputation, and even trigger a crisis of confidence in the industry. Therefore, strengthening agricultural risk management and data security can help avoid agricultural safety risks, safeguard individual rights and commercial interests, ensure data security and compliance, and promote the sustainable development of smart agriculture⁸.

Privacy protection technology is a technological tool used to protect an individual's sensitive information from malicious access or disclosure. In blockchain traceability systems, the use of privacy-preserving technologies can effectively protect the privacy of participants while maintaining data traceability and integrity. Proxy re-encryption technology, as a privacy protection technology, is of great significance in the application of blockchain systems. By encrypting the data and delegating the operation to a third party, it achieves the protection of the data and the hiding of privacy, and at the same time ensures the security of data verification and transmission in the blockchain⁹. The use of proxy-heavy encryption technology not only improves the level of privacy protection but also effectively solves the contradiction between data sharing and privacy protection in the blockchain system, providing more possibilities for the expansion of blockchain applications¹⁰.

Currently, there is less research on blockchain technology for agricultural product biological risk privacy protection. How to effectively protect the private information of agricultural biological risk under the premise of ensuring the efficient traceability of agricultural biological risk factors, timely blocking the circulation channels of problematic products, and improving the security of the agricultural supply chain has become an urgent research direction. Based on the above issues, this study designs a blockchain-based proxy re-encryption access control privacy protection method in the context of biological risk factor traceability of agricultural products, BBPR-AC enables the secure sharing of private information on biological risk factors for agricultural products. This will help improve regulatory efficiency, reduce costs, and achieve accurate regulation and rapid early warning. At the same time, it will help establish a transparent regulatory system, enhance public trust, promote the safety of agricultural products and the stable development of markets, and lay the foundation for the sustainable development of the agricultural industry chain.

Contribution

The main contributions of this study are as follows:

1. 1.

   The data of biological risk factors in the agricultural supply chain were analyzed, and the privacy levels of these factors were classified. A proxy re-encryption access control method based on blockchain was designed to address this. To mitigate the risk of malicious actions by third-party agents, the agricultural products traceability blockchain system is employed as a third-party agent to achieve decentralized re-encryption. Symmetric encryption is incorporated into this method to ensure the symmetric encryption of biological risk data, thereby enhancing encryption efficiency. An ABAC (Attribute-Based Access Control) mechanism tailored to the agricultural supply chain was developed, the relevant functions are implemented through smart contracts and deployed in the agricultural product traceability blockchain network. By defining the enterprise attribute information within the agricultural supply chain, the attribute management point disseminates this information, while the policy management point formulates policies for accessing biological risk factor data. The authorization process is automated and decentralized through the policy decision point and the policy execution point.

2. 2.

   A blockchain network geared towards agricultural biological risk traceability was designed to write publicly available data on agricultural supply chain biological risks into the blockchain network to ensure regulatory traceability to address sustainability challenges.

3. 3.

   A prototype blockchain system for agricultural biological risk traceability is built based on the Hyperledger Fabric platform, A blockchain browser has been developed to enhance the visualization of data within the agricultural product traceability system, the traceability process of agricultural biological risk factors is implemented, a biological risk factor detection report of agricultural products was designed as private data and the BBPR-AC access control method proposed in this study is realized through simulation experiments. Finally, the reliability, safety, and efficiency of the method proposed in this study are assessed by analyzing the performance indicators obtained from the experimental tests.

Chapter arrangement

The rest of the paper is organized as follows. Section “Related work” is a brief review of recent research in the areas and technologies involved in this study. Section “Blockchain-based proxy re-encryption access control method” analyzes the data on biological risk factors of agricultural products, introduces the design of the traceability information model of biological risk factors of agricultural products, and describes the design and workflow of each part of BBPR-AC. In section “Experimental test and results”, the experimentally constructed blockchain network as well as the simulation experiments of the method proposed in this study, and the testing of related key performance indicators are presented, describing the test results. In section “Conclusions”, a summary and outlook for this research is provided.

Related work

Risk traceability

Currently, blockchain technology is increasingly being researched and applied in the field of agricultural risk traceability. Researchers and practitioners have begun exploring the use of blockchain technology for supply chain management, product tracking, and information transparency. Biological risk sensors can obtain direct monitoring data¹¹, and blockchain technology can ensure that the acquired data is not tampered with, various participants, such as producers, processors, transporters, and consumers, can share and verify information on the production, processing, and transport of products, and realize full risk traceability. At the same time, the smart contract function of the blockchain is also capable of automatically enforcing the terms of the contract, ensuring that the participants comply with the agreed rules, and improving the transparency and reliability of risk factor traceability. Some studies have also explored how the Internet of Things (IoT) technology and blockchain technology can be combined to enable real-time monitoring and recording of product data such as temperature, humidity, and transport routes to further improve the accuracy and reliability of traceability systems¹². In addition, there is research dedicated to addressing aspects such as scalability and efficiency of blockchain technology in food traceability, to better adapt to large-scale real-world application scenarios. Blockchain technology is also widely used in other fields, such as the safety traceability of drugs¹³ and vaccines in the medical field. Mishra et al.¹⁴ introduced “VaccineChain”, a scalable blockchain secure vaccine supply chain model based on checkpoint assistance, which ensured the infeasibility of VaccineChain’s calculation through comprehensive security analysis and standard theoretical proof. This also indirectly proves the applicability and security of blockchain technology in different industries.

Li et al.¹⁵ took the testing data related to agricultural product quality and safety as the research object, sorted out the supply chain and business process of agricultural products, analyzed the risk factors of agricultural products under the influence of heavy metals, and established the risk evaluation model of agricultural product quality and safety. Salah et al.¹⁶ propose a method for efficiently executing business transactions using Ethernet blockchain and smart contracts to enable soybean risk tracking and traceability throughout the agricultural supply chain. Alshehri et al.¹⁷ created the Intelligent Livestock Farming System (IoT-BC-SLF) using blockchain technology. The framework incorporates IoT technology and allows for transparent and secure communication between farmers. Khanna et al., have proposed a blockchain-based supply chain platform for the dairy industry. The platform ensures the security and traceability of dairy products throughout the supply chain, thereby preventing their customers from consuming counterfeit products and reducing the risk in the flow of dairy products¹⁸. Peng et al.¹⁹ constructed a dynamic regulatory model framework based on blockchain and smart contracts to realize real-time management of the rice supply chain in terms of business information, hazard source information, and personnel information.

Privacy protection

Currently, there is a lack of research and application of blockchain technology and privacy protection technology in the field of agricultural products biological risk privacy protection, and relying on blockchain networks alone cannot solve the problem of secure sharing of biological risk privacy information. Yao et al.²⁰ proposed a trusted agricultural product traceability system based on the Ethernet blockchain. A dual storage model of “blockchain + IPFS (Interplanetary File System)” was designed to reduce the storage pressure of blockchain, and a data privacy protection solution based on cryptographic primitives and Merkle trees was proposed. Guan et al.²¹ proposed a blockchain-based agricultural product traceability system model and designed a multi-channel data collection and uploading architecture to meet the actual traceability needs of various agricultural products. A layered encryption algorithm is used to encrypt the agricultural product information uploaded from each channel to achieve secure sharing of agricultural product information.

Traditional privacy protection algorithms are primarily categorized into symmetric encryption, asymmetric encryption, and a combination of both¹⁰. Symmetric encryption algorithms, such as AES, are renowned for their high encryption and decryption speeds and low computational resource consumption, making them suitable for large-scale data encryption. However, they pose challenges in key management and carry a high risk of key leakage. Asymmetric encryption algorithms, like RSA, simplify key management and enhance security through the use of paired public and private keys. Despite these advantages, their high computational complexity and slow processing speeds render them unsuitable for encrypting large volumes of data²². The hybrid encryption approach, which combines symmetric and asymmetric encryption, leverages the strengths of both methods. It uses asymmetric encryption to securely transmit symmetric keys, which are then used for data encryption, thereby enhancing security and maintaining efficiency. This method is extensively employed in SSL/TLS protocols to ensure secure and efficient network communication²³. Nonetheless, hybrid encryption necessitates the management of both symmetric and asymmetric keys, increasing the complexity of implementation and maintenance.

Proxy re-encryption

Proxy re-encryption is an encryption method for delegated data access control that allows data holders to delegate encrypted data to others, authorizing them to decrypt and access specific portions of the data, while protecting individual privacy and ensuring data security and trustworthiness. In the traceability blockchain system, proxy re-encryption technology can achieve fine-grained access control, dynamically adjust the access rights to the data, improve the flexibility and security of data sharing, reduce the risks in the process of data transmission and storage, prevent data leakage and tampering, and enhance the traceability and integrity of the data. The application of agent-heavy encryption technology in the field of agricultural product traceability brings important technical advantages and guarantees for data security, privacy protection, and the credibility of traceability data. Keshta et al.²⁴ construct an agent-heavy encryption algorithm based on SM2 and blockchain, blockchain data sharing can provide a secure way for organizations to store and share data. Song et al.²⁵ designed a blockchain-based data traceability sharing mechanism to provide evidence for data authenticity and used proxy re-encryption to ensure the security and privacy of data sharing. Agyekum et al.²⁶ proposed a proxy re-encryption approach to protect data sharing in cloud environments. Data owners can outsource their encrypted data to the cloud using identity-based encryption, while the proxy re-encryption construct will grant legitimate users access to the data.

In this study, BBPR-AC is proposed to address the problem of sharing private information in the field of agricultural biological risk information security. The approach deeply integrates blockchain and proxy re-encryption technologies and automates the determination of data-sharing permissions by improving the privacy protection process and simplifying the access control process, thus ensuring the secure, timely, and rapid sharing of private information on biological risk factors of agricultural products. This approach helps to prevent problems such as loss of trade secrets, misleading regulation, and social panic.

Blockchain-based proxy re-encryption access control method

Data analysis of agricultural biological risk factors

The protection of biological risk factor data of agricultural products is crucial, involving business secrets and production details. While ensuring open data traceability along the entire chain of agricultural supply chain, how to safely and reliably share relevant biological risk factor information, avoid information leakage, block agricultural products with high-risk factors, and reduce food safety incidents is the main research direction of this study. This study, concerning the Circular of the National Health and Wellness Commission of the People's Republic of China on the Issuance of Foodborne Disease Surveillance and Reporting Standards (for Trial Implementation) and the General Standards of Biological Safety for Virus Microbiology Laboratories of the People's Republic of China for Health Industry Standards, the biological risk factors of agricultural products were classified into four categories based on the infectiousness of pathogenic microorganisms, and the degree of harm that they can cause to an individual or a group of people after infection, as shown in Table 1.

Table 1 Levels of biological risk factors for agricultural products.

When tracing the biological risk factors of agricultural products, it is important to record the public traceability information for each link of the agricultural products. This helps in blocking the traceability of biological risk factors. These factors are categorized into biological risk traceability information, secondary biological risk privacy information, and primary biological risk privacy information based on their privacy level and traceability role. The detection information of biological risk factors in Categories I and II of agricultural products is considered the first level of privacy information, while the privacy information of biological risk factors in Categories III and IV is considered the second level of privacy information. All public and private biological risk data should be accessible to credible regulators. The key data for biological risk factor detection of agricultural products are shown in Table 2. Regulators can access public data through the blockchain network, while first and second-level private data are shared with regulators by data owners through encrypted data sharing. Consumers can view publicly traceable data on the biological risks they are concerned about, but they are unable to access first-level and second-level biological risk privacy information. First-level and second-level privacy data mainly consist of the results of biological risk factor testing at various stages of the agricultural supply chain. These data have high confidentiality requirements are shared through privacy data sharing with authorized data visitor and are not visible to unauthorized users. The information model for traceability of agricultural biological risk factors is illustrated in Fig. 3.

Table 2 Key data of biological risk factor detection of agricultural products.

Fig. 3

Information model for traceability of biological risk factors of agricultural products.

Design of BBPR-AC method for traceability of biological risk factors in agricultural products

The production of agricultural products involves multiple stages, and the confidentiality of test results for biological risk factors is critical. The secure transmission of these test results helps to strengthen the control of food safety by regulatory agencies and to improve the quality of agricultural products and the efficiency of production. To protect the data privacy and security of agricultural biological risk factors, we propose the BBPR-AC framework. The approach incorporates access control, blockchain, and proxy re-encryption technologies to simplify the data-sharing process. Automated access control through smart contracts guarantees transparency and traceability. The characteristics of blockchain ensure the security and non-comparability of decision-making. BBPR-AC effectively addresses the challenges in traditional proxy re-encryption, improves the security and trustworthiness of sensitive data in the agricultural supply chain, and solves the problem that the data of biological risk factors in the agricultural supply chain can’t be traced and efficiently regulated securely and flexibly.

Proxy re-encryption design of BBPR-AC

Proxy Re-encryption (PRE) is a cryptographic encryption technique that performs a secure transformation of a ciphertext. Traditional PRE is a public key encryption scheme that allows the data owner to “delegate” decryption rights to another data accessor. The data owner may delegate to a semi-trusted agent the task of transforming a ciphertext encrypted by itself into a ciphertext equivalent to the one encrypted by the data visitor (which can be decrypted by the data visitor's private key). The participants in the proxy re-encryption process are mainly categorized into three parties: the data owner, the data accessor, and the proxy. The main steps are as follows:

1. 1.

   Key generation: The data owner generates a pair of public and private keys for himself to ensure the security and control of the data.

2. 2.

   Encrypt data: The owner encrypts the data using the public key to protect the confidentiality of the data in the cloud storage.

3. 3.

   Construct re-encryption key: When it is necessary to share data with other users, the data owner generates a re-encryption key based on his/her private key and the recipient’s public key.

4. 4.

   Proxy re-encryption: The proxy server uses the re-encryption key to convert the data from one user’s public key to another user’s public key for secure data sharing. The proxy re-encryption process is shown in Fig. 4.

Fig. 4

Proxy re-encryption simple process.

The traditional PRE uses an asymmetric encryption system that is inefficient and inappropriate for data sharing of larger files, so the PRE process needs to be optimized. In this study, symmetric encryption is used to protect the biological risk factor information, PRE is used to protect the symmetric key for symmetric encryption, and the encryption module is designed to be improved based on threshold proxy re-encryption. The proxy re-encryption used is based on the secp256k1 elliptic curve public key cryptosystem with the curve equation:

$$y^{2} = x^{3} + 7$$

(1)

where x and y denote coordinate points in the two-dimensional plane, the x-axis denotes the horizontal coordinates and the y-axis denotes the vertical coordinates. For any point P(x,y), it is on this elliptic curve if and only if it satisfies. The flow of encryption and decryption algorithm for symmetric encryption agent re-encryption is shown in Fig. 5.

Fig. 5

Symmetric encryption proxy re-encryption algorithm flow.

1. 1.

   Setting public parameters

   • Setup(sec): this algorithm determines a cyclic group of prime order q according to the security parameter sec \(G\). Let g, U ∈ \(G\).Let \(H_{2} :G^{2} \to Z_{q}\), \(H_{3} :G^{3} \to Z_{q}\) and \(H_{4} :G^{3} \times Z_{q} \to Z_{q}\).Let \(KDF:G \to \{ 0,1\}^{\ell }\) be a key derivation function as a model of a stochastic prediction machine, and \(\ell\) be set according to the security parameter sec. H is the hash function of the random field, \(Z_{q}\) denotes a cyclic group \(G\) of prime order q, which is used to denote the range of values of the elements in the group \(G\). \(H_{2}\) is commonly utilized for deriving values from two group elements to ensure even distribution of the output over \(Z_{q}\). \(H_{3}\) is employed in re-encryption key generation to derive the value d from a combination of three group elements, which is crucial for non-interactive Diffie-Hellman key exchange. \(H_{4}\) is used in generating the re-encryption key fragment to calculate \(z_{1}\), ensuring even distribution and dependency on multiple inputs, thereby enhancing the security of the scheme. Global public parameters are represented by tuples:

     $$params = \left( {G,g,U,H_{2} ,H_{3} ,H_{4} ,KDF} \right)$$

     (2)

1. 2.

   2. Generate key algorithm

   • KenGen(): The key generation algorithm KeyGen uniformly and randomly selects \(a \in Z_{q}\), and outputs a pair of public keys and keys of agricultural biological risk factor testing organizations \((pk_{A} ,sk_{A} ) = \left( {{\text{g}}^{{\text{a}}} ,a} \right)\).

   • ReKeyGen \(\left( {sk_{A} , \, pk_{B} , \, N, \, t} \right)\): Inputting the detection agency key \(sk_{A} = a\) as well as the authorized public key \(pk_{B} = {\text{g}}^{{\text{b}}}\), the number of segments N, and the threshold value t, ReKeyGen() generates N segments of the re-encryption key between the biological risk detection agency and the visitor, and each segment is named \(KFrag\), the specific process is as follows:

1. (1)

   Sample random \({\text{x}}_{{\text{A}}} \in Z_{{\text{q}}}\) and compute \(X_{{\text{A}}} \in {\text{g}}^{{{\text{x}}A}}\).

2. (2)

   Compute \(d = H_{3} \left( {X_{A} , \, pk_{B} ,\left( {pk_{B} } \right)^{xA} } \right)\). d is the result of a non-interactive.

   Diffie-Hellman key exchange between B’s keypair and the ephemeral key pair \(\left( {x_{A} , \, X_{A} } \right)\).

3. (3)

   Sample random t − 1 elements \(f_{i} \in Z_{{\text{q}}}\), with 1 ≤ i ≤ t − 1, and compute \(f_{0} \, = a \cdot d^{ - 1} modq\).

4. (4)

   Construct a polynomial \(f\left( x \right) \in Z_{q} \left[ x \right]\) of degree t − 1, such that \(f\left( x \right) \, = f_{0} \, + f_{1x} + f_{{2x_{2} }} \, + \cdots + f_{{t - 1x_{t - 1} }}\).

5. (5)

   Compute \(D = H_{6} \left( {pk_{A} , \, pk_{B} , \, pk_{B}^{{\text{a}}} } \right)\).

6. (6)

   Initialize set \(KF = \emptyset\) and repeat N times:

   1. (a)

      Sample random y, \(id \in Z_{{\text{q}}}\).

   2. (b)

      Compute \(s_{x} = H_{5} \left( {id, \, D} \right)\) and \(Y = g^{y}\).

   3. (c)

      Compute \(rk = f\left( {s_{x} } \right)\).

   4. (d)

      Compute \(U_{1} \, = U^{rk}\).

   5. (e)

      Compute \(z_{1} \, = H_{4} \left( {Y, \, id, \, pk_{A} , \, pk_{B} , \, U_{1} , \, X_{A} } \right)\), and \(z_{2} \, = y \, - \, a \cdot z_{1}\).

   6. (f)

      Define a re-encryption key fragment kFrag as the tuple \(\left( {id, \, rk, \, X_{A} , \, U_{1} , \, z_{1} , \, z_{2} } \right)\).

1. (7)

   Finally, output the set of re-encryption key fragments KF. The number of segments N of the re-encryption key in the agent re-encryption as well as the threshold value are set to 1 in this study.

1. 3.

   Encapsulation and decapsulation algorithms

• Encapsulate \((pk_{A} )\): On input the public key \(pk_{A}\), the encapsulation algorithm Encapsulate first samples random \(r, \, u \in Z_{q}\) and computes \(E = g^{r}\) and \(V = g^{u}\). Next, computes the value \(s = u + r \cdot H_{2} \left( {E, \, V} \right)\). The derived key is computed as \(K = \, KDF\left( {\left( {pkA} \right)^{r + u} } \right)\). The tuple \(\left( {E, \, V, \, s} \right)\) is called capsule and allows to derive again (i.e., “decapsulate”) the symmetric key K. Finally, the encapsulation algorithm outputs \(\left( {K, \, capsule} \right)\).

• CheckCapsule \(\left( {capsule} \right)\): On input a capsule = \(\left( {E, \, V, \, s} \right)\), this algorithm examines the validity of the capsule by checking if the following equation holds:

  $$g^{s} = V \cdot E^{{H2\left( {E,V} \right)}}$$

  (3)

• Decapsulate \(\left( {skA, \, capsule} \right)\): On input the secret key \(sk_{A} = a\), and an original \(capsule = \left( {E, \, V, \, s} \right)\), the decapsulation algorithm Decapsulate first checks the validity of the capsule with CheckCapsule and outputs ⊥ if the check fails. Otherwise, it computes \(K = \, KDF\left( {\left( {E \cdot V} \right)a} \right)\). Finally, it outputs K.

1. 4.

   Re-encryption algorithm

• ReEncapsulate \(\left( {kFrag, \, capsule} \right)\): On input a re-encryption key fragment \(kFrag = \, \left( {id, \, rk, \, X_{A} , \, U_{1} , \, z_{1} , \, z_{2} } \right)\), and a \(capsule = \left( {E, \, V, \, s} \right)\), the re-encapsulation algorithm ReEncapsulate first checks the validity of the capsule with CheckCapsule and outputs ⊥ if the check fails. Otherwise, it computes \(E_{1} \, = E_{rk}\) and \(V_{1} = V_{rk}\), and outputs the capsule fragment \(cFrag = \, \left( {E_{1} , \, V_{1} , \, id, \, X_{A} } \right)\).

1. 5.

   Decryption algorithm

• DecapsulateFrags \(\left( {sk_{B} , \, pk_{A} , \, \left\{ {cFrag_{i} } \right\} \, _{i = 1}^{t} } \right)\): On input the secret key \(sk_{B} = b\), the original public key \(pk_{A} = g^{a}\), and a set of t capsule fragments, being each of them \(cFrag_{i} = \left( {E_{1} ,i,V_{1} ,i,id_{i} ,X_{A} } \right)\), the fragments decapsulation algorithm DecapsulateFrag does the following:

1. (1)

   Compute \(D = H_{6} \left( {pk_{A} , \, pk_{B} , \, pk_{A}^{b} } \right)\).

2. (2)

   Let \(S = \{ s_{x.i} \}_{i = 1}^{t}\), for \(s_{x,i} = H5(id_{i} ,D)\). For all \(s_{x,i} \in S\), compute:

   $$\lambda_{i,s} = \mathop \prod \limits_{j = 1,j \ne i}^{t} \frac{{s_{x,j} }}{{s_{x,j} - s_{x,i} }}$$

   (4)
3. (3)

   Compute the values:

   $$E^{\prime} = \mathop \prod \limits_{i = 1}^{t} (E_{1,i} )^{{\lambda_{i,s} }}$$

   (5)
   $$V^{\prime} = \mathop \prod \limits_{i = 1}^{t} (V_{1,i} )^{{\lambda_{i,s} }}$$

   (6)
4. (4)

   Compute \(d = H_{3} \left( {X_{A} , \, pk_{B} , \, X_{A}^{b} } \right)\). Recall that d is the result of a non-interactive Diffie-Hellman key exchange between B’s keypair and the ephemeral key pair \(\left( {x_{A} , \, X_{A} } \right)\). Note also that the value \(X_{A}\) is the same for all the cFrags that are produced by re-encryptions using a kF rag in the set of re-encryption key fragments KF.

5. (5)

   Finally, output the symmetric key \(K = \, KDF\left( {\left( {E^{\prime} \cdot V^{\prime}} \right)^{d} } \right)\).

The assigned values for capsule fragments and re-encryption key fragments in this study are both set to 1. Upon acquiring the symmetric key, individuals accessing the biological risk factor data of agricultural products can utilize it to decrypt the encrypted ciphertext within the agricultural products traceability blockchain system.

Access control design of BBPR-AC

Traditional access control models, such as autonomous access control (DAC), mandatory access control (MAC), and role-based access control (RBAC), have limitations in providing secure and effective information protection mechanisms in large-scale and complex network environments²⁷. ABAC (Attribute-Based Access Control) is an access control model that controls access rights by defining policies between user attributes and object attributes. Compared with traditional role-based access control, ABAC is more flexible and can achieve fine-grained access control to improve system security and management efficiency²⁸.

This study proposes the BBPR-AC method for encrypted data sharing of biological risk factors for agricultural products. The method securely delivers biological risk data by automating permission verification on the chain, allowing data owners to decide whether to enable proxy re-encryption based on set access rights. This mechanism is designed to prevent social panic, declining corporate trust, malicious extortion, and food safety incidents caused by data leakage. At the same time, it simplifies the authorization process and improves the automation and security of the system. Five main subjects are involved in the access control module of this research design: subject, object, action, environment, and strategy. For this research discourse, the following definitions are given:

Definition 1.

The attribute identification item is the most basic unit used to represent an attribute in an access control policy and adopts the format of {xAttrName = attrValue}, where xAttrName denotes the attribute name and attrValue denotes the attribute value. To facilitate the representation of different types of attributes, x is introduced to denote the attribute type, where {s, r, a, e} represents the access to the subject attribute of the visitor of the biological risk factor, the object attribute of the biological risk factor, the action attribute, and the environment attribute, respectively.

Definition 2.

An attribute identity tuple is a collection of attribute identity items of the same type, denoted by xAttrTuple, x ∈ {s, r, a, e}, i.e.: xAttrTuple:{(xAttrName1 = attrValue1)∧ (xAttrName2 = attrValue2)∧…∧( xAttrNamei = attrValuei)}.

Definition 3.

Access Request (AR) is composed of a set of tuples of visitor attributes, biological risk factor object attributes, action attributes, and environment attribute identifiers, denoted by AR:{sAttrTuple∧rAttrTuple∧aAttrTuple∧eAttrTuple}. The meaning of AR is that a request for action aAttrTuple for biological risk factor rAttrTuple is made in the case of requesting visitors with the attribute sAttrTuple, in the case of an environment attribute is eAttrTuple, the request for action aAttrTuple on the biological risk factor rAttrTuple.

Definition 4.

An access control rule is a set of access control policies for private information about different biological risk factors that reflects the authorization behavior of the information owner. The set of attribute identification tuples required to access a protected biological risk factor is specified and is denoted by Rule:result(R,action,ruleID) ← Θ{xAttrTupleSet}signature_owner,x ∈ {s,r,a,e}. where Θ{xAttrTupleSet} denotes a logical expression consisting of the identity tuples in the set of attribute identity tuples xAttrTupleSet through logical relations such as merge and disjunction, and ruleID denotes the unique identity of the rule. A visitor can be allowed to perform an action operation on a biological risk factor object R with result ∈ {Permit, Deny} when the attribute identification tuple owned by the visitor makes Θ{xAttrTupleSet} true. Biological risk factor access authorization rules need to be saved in a blockchain smart contract after negotiation and authorization by the testing organization, the relevant companies, and the regulator to ensure the authenticity and non-tampering of the policy²⁹.

In this study, a blockchain-based data access control framework for biological risk factors is constructed to optimize information sharing and privacy protection in the agricultural supply chain. A repository of business subject attributes, including identity, role, organizational, and temporal attributes, has been created by analyzing the various segments, collaboration patterns, and characteristics of the supply chain to ensure the authenticity and appropriateness of data access. At the same time, the biological risk factor data is divided into segments of the supply chain and given different levels of confidentiality and unique identifiers. The environment setting takes into account the impact of time variation on access privileges and allow access to specific data within a specific period. Operations include querying and writing for effective management of data. Policy formulation designs a set of access control policies based on subject attributes, object attributes, environments, and operations, such as the query operation of the regulatory authority on public data within a specific period. The framework automates the processing of access requests through the BBPR-AC mechanism, improving the efficiency and security of access control. This study combines the above analyses and traceability scenarios of agricultural biological risk factors to make the following attribute classifications, as shown in Table 3.

Table 3 Biological risk factor BBPR-AC access control attribute description.

The access control module of the BBPR-AC framework is mainly divided into the preparation phase and the execution phase. The preparation phase is the process of publishing, updating, revoking attributes, establishing relationships between attributes, formulating access control policies, and responding to attribute queries; the execution phase is the process of judgment, decision-making, and execution of the response to requests by invoking the smart contracts of each part.

1. 1.

   Preparation phase: Members of the various segments of the agricultural supply chain and the regulatory authorities work together to form an enterprise certification team, EC, through which a digital identity certificate is established using PKI (the PKI part does not belong to the focus of the discussion of this program, and will not be repeated here). Enterprises in the supply chain jointly publish attribute and attribute relationship information and issue attribute-based xAttrTuple for each enterprise and regulator, store the corresponding xAttrTuple to the AMP (Attribute management point), the AMP transmits the enterprise xAttrTuple and biological risk factor xAttrTuple to the PMP (Policy management point). Transfer to PMP(Policy management point), the biological risk factor information owner combines the information description of each enterprise, regulator, and environmental attribute in PMP to formulate a Rule, and store the signed Rule:result(R,action,ruleID) ← Θ{xAttrTupleSet}_{signature _owner} is stored to the PMP.

2. 2.

   Execution phase: the biological risk factor information accessor brings up AR:{sAttrTuple∧rAttrTuple∧aAttrTuple∧eAttrTuple}, as shown in the steps in Figure 2.1. PEP (Policy execution point) receives a certain access request from a visitor to the privacy information of an agricultural product biological risk factor test report of a certain link, parses out the semantics of the corresponding enterprise, the biological risk factor object that it wants to access, the operation, etc. in the original request, and sends the xAttrTuple corresponding to each item in the original request to the AMP, which determines the authenticity and returns the result to PEP, as shown in steps 2.2 and 2.3 of Fig. 6. The PEP submits each xAttrTuple returned to the PDP (Policy decision point), which receives the parsed AR and makes a Rule request to the PMP, as shown in steps 2.4 and 2.5 of Fig. 6. PMP returns the corresponding Rule to PDP based on AR: result(R,action,ruleID) ← Θ{xAttrTupleSet}_{signature_owner}, PDP makes a policy decision based on the Rule, i.e., whether to allow the visitor to carry out the corresponding operation on the biological risk factor detection information. result == Permit or Deny, as shown in steps 2.6 and 2.7 of Fig. 6. The PDP returns the policy result to the PEP, which decides whether or not to authorize the biological risk factor visitor to perform the corresponding operation based on the returned result, as shown in steps 2.8 and 2.9 of Fig. 6.

   Fig. 6

   

   BBPR-AC Access control process.

The BBPR-AC access control module workflow is shown in Fig. 6.

BBPR-AC mechanism framework and process

BBPR-AC is an access control system for traceability of biological risk factors of agricultural products, which is mainly divided into access control links and re-encryption links. Taking the biological risk factor testing organization as the data owner as an example, the overall process of BBPR-AC is described in detail.

After the biological risk factor visitor is authenticated based on PKI and obtains its subject attribute and biological risk factor object attribute through the collaboration of all parties in the agricultural supply chain, it initiates an access request AR:{sAttrTuple∧rAttrTuple∧aAttrTuple∧eAttrTuple} to the agricultural product traceability blockchain system, as shown in Steps 1 and 4 in the left part of Fig. 7. A re-encrypted ciphertext is obtained when the biological risk factor visitor's attribute information meets the authorization settings of the access control mechanism. This ciphertext can be decrypted by the visitor's private key to obtain the final biological risk factor detection report. Visitors can obtain a validation hash through the Agricultural Biological Risk Traceability Blockchain, thereby verifying the correctness of the report content. As shown in the left step of Fig. 7. The access control module of the biological risk traceability blockchain obtains the sAttrTuple, rAttrTuple, aAttrTuple and eAttrTuple attributes in the access request by parsing the AR and arrives at a response of whether to authorize or not based on the built-in set of attributes of the AMP, PMP, PDP, and PEP smart contracts, as well as the policy selection. The Biological Risk Factor Testing Center decides whether to share biological risk factor data appropriately based on supply chain collaboration needs. The biological risk factor testing center carries out the initial encryption of the biological risk factor in proxy re-encryption based on its own public key, and uploads the ciphertext after the initial encryption to the agricultural product biological risk traceability blockchain, as shown in Steps 2.1 and 2.2 in the right part of Fig. 7. The detection center uploads the authentication hash after encrypting the plaintext hash of the biological risk factor to the blockchain system, as in steps 3.1 and 3.2 in the right part of Fig. 7. After obtaining the request for authorization response, the biological risk factor testing center generates the proxy re-encryption key according to the public key of the visitor, as in steps 5 and 6 in the right part of Fig. 7. The biological risk factor testing center uploads the generated proxy re-encryption key of the visitor to the agricultural product biological risk factor traceability blockchain system, generates the biological risk factor proxy re-encryption cipher text by invoking the proxy re-encryption smart contract, and saves it to the agricultural product traceability blockchain, as shown in steps 7 and 8 in Fig. 7. The biological risk factor data visitor obtains the biological risk factor proxy re-encrypted ciphertext by querying the biological risk factor traceability blockchain data. Finally, the visitor successfully decrypts the re-encrypted ciphertext using its private key to obtain the biological risk factor plaintext report, and the visitor obtains a verification hash through the blockchain system to verify that the decrypted plaintext has not been tampered with, as shown in the left part of Fig. 7, steps 9 and 10.

Fig. 7

BBPR-AC data encryption and sharing process.

To visually illustrate the process of the methodology of this study, the BBPR-AC cryptographic sharing timing process is divided into the initial encryption and information uploading phase of the biological risk factor, the authentication and authorization phase of the biological risk factor, the re-encrypted transmission of the biological risk factor, and the plaintext validation phase of the biological risk factor, and the flow is shown in Fig. 8.

Fig. 8

BBPR-AC encryption sharing sequence process.

Experimental test and results

Design of experiments

In this study, we designed a blockchain network for agricultural product traceability based on Hyperledger Fabric. The test environment uses Hyperledger Fabric 2.4 and Hyperledger Explorer 1.1.8, built on Ubuntu 16.04 LTS virtual machine system, the experimental architecture is shown in Fig. 9.

Fig. 9

Blockchain network configuration.

The experiments use gRPC to send transactions directly through Tape and use the concatenation and channel cache for parallel processing, which improves processing efficiency. The BBPR-AC re-encryption link is based on the Nucypher platform to achieve the simulation. The nodes in the blockchain use CouchDB to store the uplinked data. The specific test environment configuration is shown in Table 4.

Table 4 Test environment configuration.

Smart contract design

This study is based on the Hyperledger Fabric platform, combined with the actual situation of the agricultural supply chain and other relevant smart contract rules. Part of the smart contract business logic design is shown in Table 5.

Table 5 Smart contract logic design.

The functions of information traceability and BBPR-AC access control in each production and sales link of agricultural products are realized by smart contracts. Taking the policy determination in BBPR-AC access control as an example, the specific contract is as follows

Functional testing of the agricultural biological risk factor BBPR-AC

To test the effectiveness and various aspects of the efficiency of the BBPR-AC biological risk factor access control method proposed in this study, the experiment was designed for agricultural products' biological risk factor testing reports. The test uses the simulated report as the traceability privacy data of the biological risk factor, the biological risk factor testing organization as the data owner, and the regulatory body as the data accessor to test the BBPR-AC method. The biological risk factor report is in the form of a picture, as shown in Fig. 10a. Converted to Base64 strings, the test report of Xinjiang French small prunes was used as the data test object, and the sample test report was converted to Base64 strings, as shown in Fig. 10b.

Fig. 10

Little Prune biological risk factor simulation report. (a) Biological Risk Factor Test Report for Prunus macrocarpa (b) Conversion of reports to Base64 strings.

Uploading of agricultural biological risk factor BBPR-AC preliminary encryption material

The inspection agency will pass the inspection report through the encryption link in BBPR-AC, the Base64 string of the biological risk factor inspection report will be encrypted for the first time, and the plaintext of the biological risk factor will be encrypted with a hash, as shown in Fig. 11a, and upload the above materials into the agricultural products’ biological risk factor traceability blockchain, and the uploaded information is saved in the transaction id as transaction id as 47f1081efde8383b51df92c1d374d750658655b8762586e8a79af029e3eb4 013 block, with a call chain code of victory, and the result is shown in Fig. 11b of the agricultural biological risk factor traceability blockchain browser.

Fig. 11

Initial BBPR-AC encryption phase. (a) BBPR-AC Initial encryption (b) Encrypted material uploaded to the blockchain.

Authorisation judgment for the agricultural biological risk factor BBPR-AC

The regulator invokes the BBPR-AC access control smart contract through the agricultural biological risk factor traceability blockchain and makes an access request to the biological risk factor test report of Xinjiang French small prunes. The BBPR-AC simulates the organizational aspects of the agricultural biological risk factor traceability blockchain, and cooperates to complete the formulation of the access subject, the biological risk factor object, the access environment, and the simulation strategy, and deploys it on the blockchain. The attribute semantics and attribute value assignments are derived from AA, the agricultural product regulatory authority, to ensure the safety and reliability of the data. As shown in Table 6, the data on the left side indicates the attribute values of the relevant attributes, and the right side indicates the attribute relationships between the relevant attributes.

Table 6 Attributes and attribute relationships.

Based on the above attribute values and attribute relationships, the regulator calls the access control smart contract to add policy() method to upload and query the simulation policy Rule:result(R,action:read,ruleID:1) ← Θ{1AttrTupleSet}_{signature_owner},{1AttrTupleSet}={sAttrTuple{(sID=1)∧(sName=Farming organization)∧(sRole=admin)}∧rAttrTuple{(rID=10)}∧aAttrTuple{(allowAction=read)}∧eAttrTuple{(time=2024–03-04∧location=location1)}} as shown in Fig. 12a, b. Regulator initiates AR:{sAttrTuple{(sID=1)∧(sName=Farming organization )∧(sRole=admin)}∧rAttrTuple{(rID=10)}∧aAttrTuple{(allowAction=read)}∧eAttrTuple{(time=2024-03-04∧location=location1)}, The regulator calls the BBPR-AC access control smart contract checkAccessPermission() method and returns the authorization success response, as shown in Fig. 12c. The unauthorized subject calls the access control smart contract checkAccessPermission() method and returns an authorization failure response, as shown in Fig. 12d.

Fig. 12

BBPR-AC access authorization phase. (a) Upload Strategy (b) Query Strategy (c) Determination of successful authorisation (d) Determination of authorization failure.

Agricultural biological risk factor BBPR-AC authorization decryption

After obtaining the authorized response to the request of the regulator, the biological risk factor testing agency generates the biological risk factor re-encryption key and re-encryption material through BBPR-AC re-encryption, and uploads them into the agricultural products’ biological risk factor traceability blockchain, and the results are shown in Fig. 13a and c. After obtaining the re-encrypted material, the regulatory body decrypts the Base64 string of the biological risk factor inspection report of Xinjiang French small prunes through its private key, which is then converted into the inspection report image by Base64, and successfully obtains the inspection report of the biological risk factor of the agricultural product, and the results are shown in Fig. 13b and d.

Fig. 13

Authorization decryption phase. (a) Testing organizations generate re-encrypted material (b) Regulators decrypt re-encrypted ciphertexts (c) Testing organisation upload re-encrypted material (d) Regulators convert Base64 characters to test reports.

BBPR-AC performance test

Comparative analysis of BBPR-AC encryption methods for agricultural biological risks

Xuan et al.³⁰ propose a ring signature-based confidential transaction scheme to hide the transaction amount and protect transaction privacy and identity privacy using a ring signature. Youliang et al.³¹ propose blockchain data traceability algorithms based on attribute encryption, design policy update algorithms applicable to the blockchain, and achieve dynamic protection of transaction privacy. Feng et al.³² combining hierarchical attribute encryption with linear secret sharing, a blockchain data privacy protection control scheme based on searchable attribute encryption is proposed to solve the privacy exposure problem in traditional blockchain transactions. Khan et al.³³ propose a distributed usage control model called DistU. This model can continuously monitor resources during operations and update properties accordingly to perform different operations. In the following, a comparative analysis of the functional characteristics of this research and the encryption methods in existing research proposals is carried out concerning whether or not ciphertext data access control is supported, whether or not it is resistant to conspiracy attacks, whether or not it is re-encrypted, and whether or not the data is traceable, as shown in Table 7.

Table 7 Comparison of encryption modes.

Performance analysis of the agricultural biological risk BBPR-AC encryption approach

In this study, the time consumption of each phase of the simulation experiment including key generation, encryption algorithm, and other operations is tested and the performance efficiency of this study is evaluated based on the experimental results. This study implements BBPR-AC encryption phase simulation based on Python 3.7.4. In this study, the whole privacy data sharing is divided into 4 phases: initial encryption ciphertext, generation of re-encryption key, re-encryption, and decryption. The computational efficiency of the 4 phases is analyzed and compared at 64, 128, 256, 512, and 1024B data plaintext sizes, and the average of 30 runs of the algorithm is taken as the experimental results. As shown in Fig. 14a, the consumption time of each BBPR-AC encryption session is stable for different plaintext sizes, with the initial encryption of the plaintext stable at 1.6 ms, the generation of the re-encryption key at roughly 2.7 ms, the generation of the re-encrypted ciphertext at 2.5 ms, and the decryption of the ciphertext at around 3.0 ms. In the experimental test, the number of re-encryption keys and re-encryption ciphertext generated is fixed. Therefore, there are no possible linear changes that are affected by the size of the data. Symmetric key encryption of plaintext is used in this research scheme with low and stable computational overhead. It achieves the dynamic adjustment of the access rights to the privacy data of agricultural products' biological risk traceability and meets the security sharing needs of biological risk factor testing organizations and third-party data accessors.

Fig. 14

Agricultural blockchain BBPR-AC proxy re-encryption performance test. (a) BBPR-AC Proxy re-encryption consumes time in each phase (b)  Performance Comparison of Encryption Methods.

At present, the main methods of privacy data encryption and sharing in the field of agricultural safety traceability are symmetric encryption, asymmetric encryption, and the combination of symmetric encryption and asymmetric encryption. This study and the Advanced encryption standard (Advanced encryption standard, AES) algorithm, asymmetric encryption RSA algorithm, AES + RSA algorithm encryption, and decryption links were tested and compared respectively, and the experimental results were taken as the average value of the algorithms running 30 times. This study is scheme 1, AES is scheme 2, RSA is scheme 3, and AES + RSA is scheme 3. The results are shown in Fig. 14b. The BBPR-AC encryption phase proposed in this study consists of the initial encryption ciphertext and the re-encryption part, and the decryption phase represents the decryption of the re-encrypted ciphertext. With the same size of the plaintext, this study is smaller than the combination of asymmetric encryption and asymmetric encryption in the encryption part, consuming about 3.29 ms; the decryption part is slightly equal to scheme 3 and scheme 4, slightly larger than scheme 2, consuming 3.1 ms. the overall computational overhead is small, which is advantageous, and it can satisfy the practical needs of privacy data security sharing in agricultural products biological risk traceability scenarios.

Meanwhile, this study tested the CPU usage and memory consumption of four schemes with 256B plaintext size. The 512B plaintext can represent the overall situation after converting the privacy data of biological risk factors of agricultural products into base64 data. The main hardware of this experiment is 13th Gen Intel(R) Core(TM) i5-13500H 2.60GHz,16GB memory, and Windows 11 operating system. This study is scheme 1, AES is scheme 2, RSA is scheme 3, and AES + RSA is scheme 3. As shown in Fig. 15a and b, the experimental results indicate that the proxy re-encryption scheme used in this study exhibits slightly higher CPU usage compared to AES, AES + RSA, RSA, while its memory consumption is lower than the other three schemes. Overall, the system resource consumption performance is good.

Fig. 15

BBPR-AC agent re-encryption resource consumption test. (a) BBPR-AC Proxy re-encryption CPU usage rate (b) BBPR-AC Proxy re-encryption Memory usage rate.

Performance analysis of BBPR-AC access control for agricultural biological risks

In this section, we use comparative analysis to compare this paper’s scheme with the proposed data-sharing schemes, and analyze the platform of the comparative model, whether it supports fine-grained access control, privacy protection, whether it supports attribute updating, whether it supports data tampering, and whether it supports the key factors of smart contracts, as shown in Table 8. Comparing this study with the existing research results from the above seven aspects, it can be seen that this model has certain advantages.

Table 8 Comparison of access control modes.

In this study, we design a privacy-preserving access control mechanism for biological risk factors based on attribute access control and conduct performance tests on the determination time of different numbers of request policies and the response time of requests with different numbers of policies. As shown in Fig. 16a, when the requests gradually increase and the number of policies is fixed, the request-response determination time is linearly increasing. This is because as the number of requests increases, the length of requests that need to wait for the contract to process increases. As shown in Fig. 16b, traversing each policy in the policy set and performing the determination, the determination latency increases with the increasing number of access requests, this is because the traversal space increases with the increase in the number of access control policies, and the complexity of the policy determination is also increasing.

Fig. 16

Request and policy response times. (a) Request Response Time (b) Strategy judgment time.

From the table, we know that the advantages of the study by Jianbiao et al., and this study are the same in the comparative analysis of the seven key factors mentioned above. To explore the relationship between the strategy evaluation time and the number of strategies, this study is compared with the scenarios outlined in the study by Jianbiao et al., by setting up the same number of requests with the number of attributes in the requests as 5, and repeat the 30 experiments to take the average, this study is scheme 1 and the study by Jianbiao et al. is scheme 2. The results are shown in Fig. 17. The method of this study uses indexing to speed up data retrieval and reduce access time. The strategy evaluation time in scheme 2 escalates rapidly with the increase in the number of strategies, and exhaustive traversal of all blocks is performed to retrieve strategies in the above scheme. The scheme proposed in this study shows stable performance with policy determination time around 2000–3000 ms as the number of policies increases and does not escalate rapidly with the increase in policy determination time.

Fig. 17

BBPE-AC Policy decision time.

Agricultural biological risk traceability blockchain performance analysis

The performance test of agricultural biological risk factor traceability blockchain uses the Tape test tool, and the results of the data uploading performance test are shown in Fig. 18a, the throughput of 30 rounds of uploading agricultural biological risk traceability data is 48.7 tx/s on average, which can satisfy the demand of real-time updating of agricultural biological risk traceability data of the upstream and downstream links of the supply chain of agricultural products. The data query performance test results are shown in Fig. 18b, the throughput of 30 rounds of data query of agricultural product traceability blockchain is 81.8 tx/s on average, which can meet the demand of relevant users for rapid query of agricultural product biological risk traceability information. From the above test results, it can be concluded that the data uploading and data querying time of the agricultural products biological risk factor traceability blockchain is stable, and it can meet the biological risk traceability needs of users in all links of the agricultural products supply chain.

Fig. 18

Agricultural products traceability blockchain performance test. (a) Biological risk factor data upload throughput (b) Biological risk factor data query throughput.

Conclusions

Ensuring the traceability and privacy of agricultural biological risks in the produce supply chain has become critical with the increase in biological risk factors. In this study, we propose a BBPR-AC-based method for agricultural biological risk privacy information protection, which achieves the traceability of agricultural biological risk and ensures the flexible authorization and secure sharing of privacy data by establishing an agricultural biological risk factor traceability blockchain. The BBPR-AC method avoids the complexity and centralization problems in the traditional authorization process by using proxy re-encryption and achieves decentralized encryption and automated authority determination through intelligent contract achieves decentralized encryption and automated permission determination, improving the efficiency, transparency, and security of the authorization process. Tests and analyses show that the method provides an effective solution for tracing biological risk information, privacy protection, and access control in the agricultural supply chain.

These efforts will provide solid technical support for new smart agriculture, promote the application of privacy-preserving technology and blockchain technology in agricultural supply chain systems, and provide useful references for research and practice in related fields.

The privacy protection method for biological risks traceability of agricultural products proposed in this study, BBPR-AC, offers advantages such as decentralized authorization and encryption. However, the method imposes certain hardware requirements on data owners and entails some performance overhead. Specifically, within BBPR-AC, data owners are required to carry out initial encryption of privacy data, generate re-encryption keys, and perform re-encryption on the blockchain chain. This necessitates that data owners possess hardware with a certain level of performance to complete these tasks within BBPR-AC; otherwise it will lead to increased time overhead and response time for the method.

As a result, the next focus of this research will be to reduce the workload for data owners by enhancing the integration of our research method with blockchain systems and optimizing processes to minimize performance overhead for data owners. Additionally, there will be a greater emphasis on deep integration of the blockchain network and re-encryption smart contracts for agricultural product biological risk factor traceability in order to provide more practical cases and validate the approach proposed in this study.