Electronic Health Record Sharing Scheme With Searchable Attribute-Based Encryption on Blockchain

With the digitization of traditional medical records, medical institutions encounter difficult problems, such as electronic health record storage and sharing. Patients and doctors spend considerable time querying the required data when accessing electronic health records, but the obtained data are not necessarily correct, and access is sometimes restricted. On this basis, this study proposes a medical data sharing scheme based on permissioned blockchains, which use ciphertext-based attribute encryption to ensure data confidentiality and access control of medical data. Under premise of ensuring patient identity privacy, a polynomial equation is used to achieve an arbitrary connection of keywords, and then blockchain technology is combined. In addition, the proposed scheme has keyword-indistinguishability against adaptive chosen keyword attacks under the random oracle model. Analysis shows that the scheme has high retrieval efficiency.


I. INTRODUCTION
Electronic health records (EHRs) reduce the cost of traditional medical data storage. EHRs are designed to allow patients to manage their own medical data. Data users have limited access to EHRs. Meanwhile, patients do not share their private medical data with data users, indicating the value given by patients to EHR safety and privacy.
From the perspective of using electronic health records, an encrypted retrieval of such records must be implement. A searchable encryption scheme has been proposed to achieve retrieval on ciphertext [1]. Searchable encryption can be symmetric or asymmetric. Symmetric searchable encryption has higher encryption efficiency compared with the asymmetric one [2], [3]; however, its private key management is more complicated during data sharing. To solve the key management problem, Boneh et al. [4] introduced public key encryption with keyword search. Public key searchable encryption is suitable for multi-user data sharing.
The associate editor coordinating the review of this manuscript and approving it for publication was Yonghong Peng .
With the rapid development of electronic health records, distributed storage platforms have received extensive attention through a network of numerous storage devices. With the increasing popularity of these storage platforms, distributed platforms that store data have become a target of cyber attacks. To reduce the risk of data leakage, [6] and [7] proposed data storage on blockchain.
Blockchain decentralization eliminates the concentration of cloud storage servers and solves the security flaws caused by network attacks. A blockchain is created by the nodes of the mining block in the system, and each block contains the hash function value of the previous block header. This structure makes the blockchain difficult to tamper. With the development of the bitcoin blockchain [8], other types of blockchains have also attracted widespread attention. The ethereum blockchain [9], [10] could execute smart contracts. A smart contract is a function that could be written on a blockchain and executed by a node. Users could not run programs on the system indefinitely due to the cost of mining. Therefore, ethereum allow users to create private or VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/ permissioned blockchains that could be managed and controlled by small users. A permissioned blockchain increases the ability to control privacy and modify mining costs.

A. RELATED WORK
In recent years, blockchains have received extensive attention in the fields of data storage, data sharing, and privacy protection. Blockchain are transparent and not tampered. Therefore, data stored in the blockchain must be encrypted. Searchable encryption solves the search problem on the ciphertext. Reference [11] built a secure index using bloom filter, but the search results are partially inaccurate. For the problem of symmetric searchable encryption key management, Boneh et al. [4] proposed a public key searchable encryption scheme. By narrowing down the search through keywords, Golle et al. [12] proposed a multi-keyword search scheme, and [13], [14] and [15] proposed other multikeyword searchable encryption schemes with special functions, which extended multi-keyword retrieval applications.
In the context of information sharing, attribute encryption extends the application scenario to a one-to-many situation. Qiu et al. [16] proposed an attribute searchable encryption that could resist the internal keyword guessing attack, but requires the data owner to be online in real time, such that a new data user who joins the system negotiates the search key with data owner, and the data owner is considerably burdened. Li and Xi [17] proposed attribute encryption based on a key strategy to implement a single keyword-searchable encryption scheme. To retrieve files efficiently, Song et al. [18] proposed an attribute-based searchable encryption scheme that supports user revocation, implementing extended finegrained search authorization, which allows owners to encrypt and outsource their data to the cloud server independently. Sun et al. [19] used inert re-encryption technology to implement attribute revocation.
All the above solutions are based on cloud server retrieval, but most cloud servers are semi-honest and curious. Blockchain technology can solve the semi-honesty problem of cloud servers and freely access and share data [20]- [23]. Healthbank uses blockchain technology to ensure absolute data storage security. Dagher [24] provided a data storage structure on a blockchain but did not provide an efficient search method. Li et al. [25] implemented data retrieval on a blockchain, but the search results were inaccurate, and the search efficiency was low. Zhang et al. [26] achieved the verifiability of server-side data. Xia et al. [27] proposed a blockchain-based health data sharing model. The system for sharing EHRs in the blockchain uses the blockchain as an aid for data sharing instead of a primary tool for data storage, management, and sharing. In addition, the existing blockchain medical data retrieval solution does not provide detailed solutions for data owners and data users.

B. CONTRIBUTION
In this paper, we propose an electronic health record (EHR) sharing scheme based on the combination of each hospital server and permissioned blockchain on the premise of not violating patient privacy. Our contributions are as follows: • Without the introduction of third-party search, using keywords and ciphertext stored separately on permissioned blockchain and hospital cloud storage servers, which not only solves the problem of semi-honest search on cloud storage server, but also solves the problem of limited blockchain storage space. It also achieves the immutability of electronic health record and the sharing of electronic health record.
• The ciphertext-based attribute encryption is used to satisfy the multi-user retrieval and realize fine-grained access control of users.
• Arbitrary connection of multiple keywords is achieved by using polynomial equation, which not only supports multi-keyword search by users, but also improves the accuracy of data retrieval.
• The data public audit mechanism is adopted to achieve the identity authentication of doctors, prevent the attending doctors from uploading the electronic health records of patients on the hospital server with a false identity, and ensure the authenticity and reliability of the uploaded data.

C. ORGANIZATION
The rest of the paper is organized as follows: Section II is a review of preliminary knowledge. Section III presents the system and security models of the proposed scheme. Section IV describes the EHR sharing scheme based on a permissioned blockchain. Section V presents the safety and efficiency analyses. Section VI provides the conclusion.

A. BILINEAR GROUPS
Let G 1 and G 2 be two cyclic groups of the same prime order p; let g 1 , g 2 be the generator of G 1 . A bilinear map e : G 1 × G 1 → G 2 must satisfy the following properties: Bilinear: For any g 1 , g 2 ∈ G 1 , a, b ∈ Z * p , we have e(g a 1 , g b 2 ) = e(g 1 , g 2 ) ab . Non-degenerate: g 1 , g 2 ∈ G 1 exists such that e(g 1 , g 2 ) = 1.

Definition 1 (Decisional Diffie-Hellman Problem, DDH [?]):
Let G 1 be a group in which prime order is p; let g be a generator of G 1 and give a tuple (g, g a , g b ), where a, b, c ∈ Z * p . The DDH assumption holds if no polynomial time algorithm has a non-negligible advantage to distinguish if g c equals g ab or a random element of G 1 .
Under the DDH assumption, the probabilistic polynomial time adversary A can distinguish tuple (g, g a , g b , g ab ) from tuple (g, g a , g b , g c ) with a non-negligible advantage. If Pr[C(g, g a , g b , g ab ) − C(g, g a , g b , g c )] ≥ ε, then challenger C has an advantage ε solving DDH.

C. PERMISSIONED BLOCKCHAINS
Public chains are blockchains where anyone can access the system at any time to read data, send transactions, and compete for accounting. Public chains generally encourage participants to compete for accounting by encrypting digital currencies, such as bitcoins and ethereum to ensure data security. Public chains are completely decentralized. Permissioned blockchains allow each participant node in the blockchain system to be permissioned(e.g, private and alliance chains). Some permissioned blockchains do not have a digital currency mechanism because some nodes are designated in the system for accounting without the need to encrypt currency. Nodes on a permissioned chain are allowed to perform specific functions, such as reading, accessing, and writing information on the blockchain. An increasing number of businesses are choosing permissioned blockchain networks because such networks could be configured. The network selectively adds necessary restrictions and controls the roles that each participant needs in each application. The storage of medical data and the determination of participants on the permissioned chain are depicted in Figure 1.

D. ACCESS STRUCTURE
Attribute characteristics are used to describe a doctor and a patient. A tree is used to represent the access control structure [5]. The internal node relationship of the access tree is represented by AND and OR gates, and the leaf nodes of the access tree represent attributes. Only the attributes that satisfy the access structure can access the electronic health record. The tree contains a (v, num v , parent(v), att(v), index(v)) access structure, the meaning of each symbol is as follows: v represents a node in access structure . When v is an internal node, the relationship between nodes is an AND or OR gate; when v is a leaf node, it represents the characteristics of patients. num v represents the number of child nodes of node v in an access tree .
represents an OR gate relationship; if χ v = num v , then the node v represents an AND gate relationship. parent v represents the parent node of v, index v denotes the index number of the node v of parent node parent v , and att(v) denotes the attribute value of v, Lvs( ) denote the set of leaves of access tree Given an access tree , we denote the algorithm for distributing a secret h according to by:

III. PROBLEM FORMULATION
This section describes an EHR system based on a permissioned blockchain, which comprises four entities, namely, patient, doctor, cloud server (medical institution), and searcher. The formal algorithm and security model of the proposed scheme are also introduced.

A. EHR SYSTEM MODEL
To enhance medical data safety, the proposed scheme builds the medical platform shown in Figure 2 based on medical institutions that share EHRs in a certain region. The doctor stores the encrypted electronic health records on the servers of the respective hospitals, and the server administrator stores some keywords of these records (in the form of transactions) in the permissioned blockchain to achieve electronic health record sharing among hospitals. The six entities are described as follows:

1) SYSTEM MANAGER
The system manager is in charge of the entire system, and every patient, doctor, and data user needs to register before entering the system. The system manager generates public keys and private keys for them. Furthermore, the system manager distributes and revocates attribute as attribute authority.

2) EHR SYSTEM
This entity refers to a user who provides medical services to a medical institution. Typically, each hospital has a server and multiple computer clients. Each computer client records the patient's health information. The server administrator then broadcasts the keywords of the electronic health record to the permissioned blockchain. The server registers users and doctors in the system. When the doctor uploads an electronic health record to the server, the server must verify the identity of doctor.

3) PATIENT
When a patient visits a hospital, he or she must register at the hospital first. During registration, the patient is provided a visit token, which is used as a pass for the patient to see the doctor. The authorized doctor generates an electronic health record of the patient, and stores the encrypted electronic health record on the hospital server. The server manager stores some keywords of the electronic health record on the permissioned chain.

4) DOCTOR
The doctor generates a patient's electronic health record, encrypts the electronic health record using the patient's access structure, and uploads the encrypted electronic health record to EHR System.

5) DATA USER
When third-party organizations or individuals (called data users) exist other than the hospitals and patients who need to access patients' data, obtaining searching trapdoors generated by patients is necessary to perform keywords searching in the blockchain.

6) BLOCKCHAIN
Participants in the permissioned blockchain consist of medical institutions, and the searchers comprise participants specified by the permissioned blockchain system. Participants verify the transaction records broadcasted by each server to the blockchain and implement the data search function on the permissioned blockchain.

B. ALGORITHM DEFINITION
The EHR sharing scheme on the permissioned blockchain comprises six algorithms, which are defined as follows: The setup algorithm is run by the system manager. It takes as input a security parameter λ, and then output the public parameters pp and master secret key msk.

2) KEY GENERATION
• KeyGen(msk, pp, S) → sk: The secret key generation algorithm is run by the system manager. It takes as input the master secret key msk, public parameters pp and the attribute set S of a user, then outputs a secret key sk.
The encryption algorithm is run by the doctor. It takes as input the public parameters pp, access control structure T of patient P, a keywords set W of the shared electronic health records and electronic health records M , then output the keywords index I and a ciphertext C.

4) DATA QUERY
• Trapdoor(pp, W , sk) → T W : The trapdoor generation algorithm is run by the user. It takes as input the public parameters pp, search keywords set W and secret key sk, then outputs the search trapdoor T W .
• Search(I , T W ) → C: The search algorithm is run by participants in permissioned blockchain. It takes as input the keywords index I and search trapdoor T W , then outputs a ciphertext C.

5) DATA DECRYPTION
• Decrypt(pp, sk, C) → M : The decryption algorithm is run by the user. Taking public parameters pp, secret key sk and ciphertext C, this decryption algorithm outputs the message M .

C. SECURITY DEFINITIONS
Definition 1: If an adversary without probability polynomial time can attack the scheme with a non-negligible advantage, then the scheme has indistinguishable security under an adaptive keyword attack. Attack games between adversary A and challenger C under adaptive selection keywords are as follows: Adversary initialization: The adversary A chooses the access control structure T and informs the challenger C.
System initialization: The challenger C runs the system initialization algorithm Setup(λ) and sends the public parameters pp to the adversary A.
Query phase 1: • Private key query: The adversary A asks the challenger C for the private key sk of some attributes S. The challenger C runs KeyGen(pp, S) and sends the private key sk to the adversary A and maintains a list L sk of the private keys.
• Trapdoor query: The adversary A can adaptively ask the challenger C for the trapdoor T W = Trapdoor(pp, sk, w) for any keyword w ∈ (0, 1) * from keywords set W . Challenge phase: The adversary A sends the challenger C two keywords w 0 , w 1 ∈ W . Then, the challenger C randomly selects one of the keywords w i to encrypt, and sends the encrypted keyword to the adversary A.
Query phase 2: The adversary A repeats query phase 1 and continues to ask for keywords w, where w = w 0 , w 1 .
Guess phase: Eventually, adversary A outputs c ∈ {0, 1} and wins the game if c = c.
The advantage of adversary A attacking the scheme is defined as the following function of the security parameter k.
The proposed scheme consists of three stages: system setup, data generation and storage, and data search and access.

Phase 1: System setup
• Setup(λ): Input security parameter λ; let G 1 and G 2 be two multiplicative cyclic groups with generators p, and g 1 , g 2 are two generators of G 1 . Let e : G 1 × G 1 → G 2 be an admissible bilinear map. The system randomly selects α, β ∈ Z * p , computes g α 2 , g β 2 , g β α 2 . For each attribute a ∈ S randomly chooses t a ∈ Z * p and computes X a = g t a 1 , Y a = g r 1 g t a H 1 (a) 1

. Select four hash functions
. Lastly, the attribute authority sends secret key sk to the user, as shown in (2).

Phase 2: Data generation and storage
When patient P comes to the hospital for treatment, the hospital server randomly chooses h ∈ Z * p , computes µ = H 3 (h) and server reserves µ. The h is then sent to the patient by a safe channel, and the patient is simultaneously designated a doctor D. When the patient P sees the doctor and presents h, and chooses a tree as the access structure, and h is used as a secret shared value of access structure . The patient P runs Share( , h) → {h v (0)|v ∈ Lvs( )} for each leaf node in the access structure to obtain a secret value and calculates for each leaf node attribute s v of the access control structure , and then send to Doctor D. Doctor D runs encryption algorithm as follows: • Encrypt(m, w): (1) Doctor D generates health records M ∈ {0, 1} * about patient P and uses access structure ( , h) to calculate (2) D extracts keyword sets from the ciphertext C, and randomly selects a, b ∈ Z * p to construct a polynomial equation about keywords W = {w 1 , w 2 , . . . , w m }, as shown in (3).
For each a j , j ∈ {1, 2, . . . , m} calculates L j = g The encryption algorithm output is expressed as: The doctor D uploads ciphertext C M and I w on the database server of the hospital(EHR system). When the doctor uploads the encrypted health records and keyword sets, the cloud server must verify the identity of the doctor, the doctor D randomly chooses r 1 , r 2 ∈ Z * p , for each attribute a ∈ S, randomly chooses t a ∈ Z * p and calculates η 1 = g r 1 r 2 1 g t a H 1 (a) 1 , Then the doctor D sends (η 1 , η 2 , h ) to the EHR server, which calculates h * = H 2 ( η 1 η H 1 (a) 2 )⊕h and determines whether the equation H 3 (h * ) = µ is true.
Correctness : The manager of EHR system extracts the block ID b (ID b is the identity of a hospital in the EHR system), patient's identity ID P , and secure keyword I w . The server of EHR VOLUME 8, 2020 system broadcasts the new transaction TX I w = (ID b , ID P , I w ) to the blockchain.

Phase 3: Data search and access
• Trapdoor: The data users construct the trapdoor of the keywords W = {w 1 , w 2 , . . . , w n }, where n ≤ m, and randomly chooses r 3 ∈ Z * p to calculate For a ∈ S, calculate: Then, the trapdoor T W of the keyword is set as shown in (6).
• Search: The searcher on the permissioned blockchain according to the attributes of the trapdoor and calculates the secret value of the leaf node as shown in (7).
If the attributes of user satisfy access tree structure, then the searcher determines whether (8) is equal; if equal, then the searcher broadcasts the correct search result in the form of a transaction.
Correctness : • Decryption: The data user obtains the ciphertext C = (T , C 0 , C 1 ) from the hospital server, decrypts the ciphertext with its own private key, and then calculates Correctness :

V. SAFETY AND PERFORMANCE ANALYSES A. SAFETY ANALYSIS
Theorem 1: If the DDH problem is difficult, then the scheme has keyword-indistinguishable security under an adaptive keyword attack in the random oracle model.
Proof . If a polynomial time adversary A, which could win the game with a non-negligible advantage ε, then challenger C could solve the DDH problem with an advantage ε 2 . The attack game between adversary A and challenger C is as follows:

1) ADVERSARY INITIALIZATION
The adversary A chooses the access control structure T and informs the challenger C.

2) SYSTEM INITIALIZATION
Challenger C randomly chooses α, β ∈ Z * p and calculates Challenger sends the public parameter PP = (p, e, g 1 , H 4 ) to the adversary A.

3) QUERY PHASE 1
• H 1 query: The challenger C maintains an empty initial list L H 1 = (s i , c i , h 1 ). The adversary A asks for the H 1 value of the attribute s i . If the attribute s i is in the list, then the challenger C returns h 1 to the adversary A. If the attribute s i is not in the list L H 1 , the challenger C selects a random number c i ∈ Z * p to calculate h 1 = c i and adds the attribute to the list L H 1 .
• H 2 query: The challenger C maintains an initial list  2 according to the system parameters. For each attribute t i ∈ Z * p is randomly selected, and X a = g t a 1 , Y a = g r 1 g t a H 1 (a) 1 is calculated. The challenger C sends the private key sk = (R, R , X a , Y a ) to the adversary A and maintains a list L sk of private keys.
• Trapdoor query: When the adversary A asks the challenger C for the trapdoor of the keyword w i (1 ≤ i ≤ n), the challenger C randomly chooses r 3 and queries the list L sk to obtain the private key sk. The challenger C calculates and then the challenger C returns the trapdoor T W = (K 0 , K 1 , (X a , Y a )|a ∈ S, E i ) of the keyword w i to the adversary A.

4) CHALLENGE PHASE
The adversary A randomly chooses two keywords w 0 and w 1 and sends them to the challenger C, w 0 and w 1 are not queried in phase 1. The challenger C randomly chooses keyword c = {0, 1} for encryption. The challenger C randomly chooses a, b ∈ Z * p to construct the equation g(x) = a(x − H 1 (w b )) + b of the keyword w c , and uses the secret shared value h of the access tree to calculate L * = g αa 2 , F 0 = g h 2 g b 2 , F 1 = g βh 1 , and sends the encrypted keyword (L * , F 0 , F 1 ) to A.

5) QUERY PHASE 2
Adversary A could adaptively repeat the inquiry of the phase 1 to challenger C, w = w 0 , w 1 .

6) GUESS PHASE
The adversary A outputs c ∈ {0, 1}, if c = c , then the adversary A wins the game.
If the challenger C solves the difficult problem, then the adversary A obtains the ciphertext of keywords as a result of the random encryption of C and guesses whether C c is w 0 or w 1 . The advantage of guessing is 1 2 . The advantage of the challenger C in solving the DDH is Assuming the DDH problem is difficult to resolve, adversary A cannot break solution under the selective access structure T . This scheme is indistinguishable under an adaptive choose-keyword attack.

B. PERFORMANCE EVALUATION
In this section, the performance and efficiency of the proposed scheme are analyzed and compared with schemes [16], [18], [19] through a numerical simulation experiment.

1) THEORY ANALYSIS
The performance and efficiency of a scheme have an important effect on the sharing of electronic health records. Table 1 shows the performance characteristics and calculations of the proposed scheme, whose efficiency is compared with that of the classic scheme. The notations used in this section is introduced as shown: P and M denote the exponential and multiplication operations in the cyclic group, respectively; E is a bilinear pair operation; m is the number of keywords; n is the number of search keywords; and v is the number of attributes.
The performance characteristics of the proposed scheme are shown in Table 1. From the perspective of data search, [16] and [19] support single-keyword search, and the accurate retrieval of data transactions could not be achieved. [18] and the proposed scheme support multi-keyword search, but the latter uses polynomial equations to achieve an arbitrary connection of keywords. From the perspective of index storage, [16], [18], and [19] store the index on the cloud storage server and retrieve keywords using the cloud server. The proposed scheme stores the index on the permissioned blockchain and retrieves the data from the blockchain to obtain reliable and non-tamperable search results. From the access control structure of the attribute analysis, [16], [18], and [19] use the AND gate access structure to implement the access permission settings of a user. By contrast, the proposed scheme uses the access structure of the tree to implement fine-grained access control of data users.
The calculation of the proposed and the existing scheme is shown in Table 1. The index calculation amount of the proposed and the other scheme is related to the number of attributes and encryption keywords. The index calculation of the proposed scheme is slightly lower than that of [16], [18] and [19]. The proposed scheme uses a polynomial equation, thus the encryption calculation is low, but the arbitrary connection of the keywords is achieved. In the trapdoor calculation, the proposed scheme has a higher calculation amount compared with other references. The calculation of the trapdoor is determined by the number of attributes and the number of search keywords. In the amount of search calculation, the number of attributes affects the amount of search calculation, but the number of keywords in the proposed scheme also affects the amount of search calculation. In this scheme, the keywords are arbitrarily connected, thus the search must be retrieved in accordance with the polynomial equation. The number of attributes in [16], [18], and [19] affects the amount of search calculations.

2) NUMERICAL EXPERIMENT ANALYSIS
The actual performance of the proposed scheme was analyzed through a simulation on a Windows system with an Intel Core i7 CPU at 2.8GHz and 16GB RAM. The implementation was based on Java pairing-based cryptography. Simulations were performed on [16], [19], and the proposed scheme, and experiments were conducted under the same equipment conditions. The experimental results are shown in Figures 3, 4

and 5.
As shown in Figure 3 the index generation time of the proposed scheme has a linear relationship with the number of attributes. The index calculation time of the proposed  scheme is slightly smaller than that of [16] and [19]. The proposed scheme supports the arbitrary encryption of keywords, whereas [16] and [19] support the encryption of individual keywords. When the influence of attributes on index generation time is considered, the index calculation of the proposed scheme is one index less than that of [16], whereas that of [19] is one double-pair operation more than the scheme. The operation of a bilinear pair is larger than the exponential operation. With regard to the experimental multi-keyword encryption, the index generation time is slightly higher than that of [16] and [19].
As shown in Figure 4, the trapdoor calculation is not affected by the change of the number of attributes in the proposed scheme because the trapdoor is encrypted by the key generated by the attribute authority. However, the number of keywords affect the trapdoor. The calculation of trapdoors in [16] and [19] has a linear relationship with the number of attributes. With increase number of attributes, the calculation of trapdoors in [16] and [19] increases linearly. [16] and [19] support single-keyword search, but the trapdoor generation time in [19] is lower than that in [16].
As shown in Figure 5, without considering the data retrieval platform, the data retrieval time in [16], [19], and the proposed scheme increases linearly with the number of attributes, and the search efficiency of the proposed scheme is higher than that of [16]. The search efficiency is lower than that of [19]. The proposed scheme uses polynomial equations to implement an arbitrarily connected keyword search. In data retrieval, the searcher must calculate polynomial equations, thus the search time of the proposed scheme is higher than [19].

VI. CONCLUSION
Aiming at the problem of malicious doctors uploading false electronic health records and semi-honest search of cloud storage servers, this paper proposes an electronic health record sharing scheme based on keyword search on permissioned blockchains. Secure keyword search and EHRs sharing of encrypted are achieved using permissioned chains. Moreover, the encrypted electronic health record and keyword index are respectively stored in the server and the permissioned blockchain of the hospital, thus achieving privacy protection of electronic health records. The proposed scheme also reduces the storage cost of electronic health records. The scheme not only achieves fine-grained access control but also prevents malicious doctors from uploading false information through the authentication process. In addition, electronic health records sharing among medical institutions is achieved through blockchain technology. The full use of medical information enables doctors to make quick and accurate diagnosis plans for patients and improve the efficiency of hospital work. From March 2018 to January 2019, she was a Visiting Scholar with the Department of Computer Science, Georgia State University. She is currently a Teacher with the School of Computer Science and Engineering, Northwest Normal University. She is also an Associate Professor and a Master's Tutor. In recent years, she has published many excellent articles and hosts several National Natural Science Foundation projects. Her research direction is cryptography. She presided over the Northwest Normal University Young Teacher Research Promotion Program. She received the second prize of scientific and technological progress in colleges and universities in Gansu Province, in 2012, and the third prize of scientific and technological progress in colleges and universities in Gansu Province, in 2013. VOLUME 8, 2020 LIXIA CHEN was born in Nanchang, Jiangxi, China, in 1992. She received the bachelor's degree from the School of Information and Electronic Engineering, East China University of Technology, in 2018. She is currently pursuing the master's degree with the School of Computer Science and Engineering, Northwest Normal University. Her research direction is cryptography.
JINFENG WANG was born in Tianshui, Gansu, China, in 1992. She received the bachelor's degree from the School of Information and Computer Science, Lanzhou University of Finance and Economics, in 2016. She is currently pursuing the master's degree with the School of Computer Science and Engineering, Northwest Normal University. Her research direction is cryptography.
FEI YU was born in Jining, Shandong, China, in 1997. He received the bachelor's degree from the School of Software, Jishou University, in 2019. He is currently pursuing the master's degree with the School of Computer Science and Engineering, Northwest Normal University. His research direction is cryptography.