PriME-Deal: Privacy-Preserving Bilateral Data Trading with Efficient Matchmaking and Auditable Fair Exchange on Blockchain

Bilateral attribute-based access control for data trading must hide policies, provide cryptographic fairness, and avoid trusted third parties. Existing solutions either leak policy information, incur super-linear costs, or rely on trusted dispute resolution. We present PriME-Deal, a non-interactive protocol that simultaneously achieves policy-hiding bilateral matching, efficient threshold access control, and auditable fair exchange on public blockchains. The seller embeds a secret token under the buyer policy into an oblivious key-value store with pseudorandom masking; the buyer reconstructs the token locally via tag-based probing, eliminating combinatorial enumeration, and proves correctness in zero-knowledge. Fair exchange is enforced through a collateralized on-chain reveal with a cryptographic audit that penalizes misbehaviour without trusted parties. We prove security in the Universal Composability framework under standard assumptions. Compared with the state-of-the-art threshold fuzzy IB-ME scheme, the seller's publishing time is reduced by two orders of magnitude (e.g., 8.76s vs. 690s for a policy of 500 attributes). For a typical configuration of (200,20,5), the buyer completes token reconstruction and proof generation in 8.9s, with the zero-knowledge proof taking under 0.6s and remaining constant across all parameter scales. The on-chain cost is approximately 28.6M gas, well within Ethereum's block limit. PriME-Deal thus delivers the first practical privacy-preserving data trading protocol that combines linear seller overhead, bilateral policy hiding, and auditable fairness.

翻译：面向数据交易的双边属性基访问控制需隐藏策略、提供密码学公平性并避免可信第三方。现有方案或泄露策略信息，或产生超线性开销，或依赖可信争议仲裁。本文提出PriME-Deal——一种非交互式协议，在公链上同时实现策略隐藏的双向匹配、高效阈值访问控制与可审计公平交换。卖方将嵌入买方策略下的秘密令牌通过伪随机掩码存入不经意键值存储；买方基于标签探针本地重构令牌（消除组合枚举），并以零知识证明验证正确性。公平交换通过抵押链上揭示与密码学审计强制执行，无需可信方即可惩罚违规行为。我们在标准假设下于通用可组合框架中证明了安全性。与当前最优的阈值模糊IB-ME方案相比，卖方发布耗时降低两个数量级（如对含500个属性的策略，8.76秒对比690秒）。对典型配置(200,20,5)，买方完成令牌重构与证明生成耗时8.9秒，其中零知识证明耗时低于0.6秒且在所有参数规模下保持恒定。链上成本约2860万Gas，远低于以太坊区块上限。因此，PriME-Deal实现了首个兼具线性卖方开销、双向策略隐藏与可审计公平性的实用隐私保护数据交易协议。