Blockchain-based Attribute-Based Access Control (BC-ABAC) offers a decentralized paradigm for secure data governance but faces two inherent challenges: the transparency of blockchain ledgers threatens user privacy by enabling reidentification attacks through attribute analysis, while the computational complexity of policy matching clashes with blockchain's performance constraints. Existing solutions, such as those employing Zero-Knowledge Proofs (ZKPs), often incur high overhead and lack measurable anonymity guarantees, while efficiency optimizations frequently ignore privacy implications. To address these dual challenges, this paper proposes QAEBAC (Quantifiable Anonymity and Efficiency in Blockchain-Based Access Control with Attribute). QAE-BAC introduces a formal (r, t)-anonymity model to dynamically quantify the re-identification risk of users based on their access attributes and history. Furthermore, it features an Entropy-Weighted Path Tree (EWPT) that optimizes policy structure based on realtime anonymity metrics, drastically reducing policy matching complexity. Implemented and evaluated on Hyperledger Fabric, QAE-BAC demonstrates a superior balance between privacy and performance. Experimental results show that it effectively mitigates re-identification risks and outperforms state-of-the-art baselines, achieving up to an 11x improvement in throughput and an 87% reduction in latency, proving its practicality for privacy-sensitive decentralized applications.

翻译：基于区块链的属性访问控制（BC-ABAC）为安全数据治理提供了一种去中心化范式，但面临两个固有挑战：区块链账本的透明度通过属性分析可能导致重新识别攻击，从而威胁用户隐私；同时，策略匹配的计算复杂度与区块链的性能限制存在冲突。现有解决方案（例如采用零知识证明的方法）通常带来较高开销且缺乏可度量的匿名性保证，而效率优化方案又常忽略隐私影响。为应对这两方面挑战，本文提出了QAE-BAC（基于区块链的属性访问控制中的可量化匿名性与效率）。QAE-BAC引入了一种形式化的(r, t)-匿名模型，能够基于用户的访问属性和历史动态量化其重新识别风险。此外，它提出了一种基于实时匿名性度量的熵加权路径树（EWPT），用于优化策略结构，从而显著降低策略匹配复杂度。在Hyperledger Fabric上的实现与评估表明，QAE-BAC在隐私与性能之间取得了优越的平衡。实验结果显示，它能有效缓解重新识别风险，并在性能上优于现有先进基线方法，实现了高达11倍的吞吐量提升和87%的延迟降低，证明了其在隐私敏感型去中心化应用中的实用性。