Efficient and Secure Cross-Domain Sharing of Blockchain Electronic Medical Records Based on Edge Computing

In this article, we analysed the problems of electronic medical records (EMRs) and found that the EMRs generated by different hospitals for the same patient are mutually independent and duplication and data sharing are difficult among hospitals. In order to solve this problem, this paper proposes an efficient and secure cross-domain sharing scheme of EMRs based on edge computing. -e program allows the doctor to access the personal history EMRs through the patient’s authorization so that the doctor can understand the patient’s history of illness and, on this basis, generate a new medical record for the patient. -en, the doctor sends the EMRs to the edge server, and the server calculates the ciphertext and adds it to the patient’s personal medical record to complete the case update. Analysis shows that this solution can effectively prevent data tampering and forgery through blockchain and avoid privacy leakage problems in plaintext sharing by using searchable encryption and by relying on edge servers to solve nearby computing tasks and divert the computing capacity of cloud servers to improve efficiency. -e security proof shows that the scheme satisfies the complex problem of the BDH assumption. Performance analysis shows that the scheme is feasible and efficient.


Introduction
With the rapid development of the Internet of ings and cloud computing, intelligent systems such as intelligent transportation and smart cities are gradually becoming a hot research topic nowadays [1][2][3]. At the same time, with the sharp increase in medical demand and the gradual intensification of refined hospital management, the development of the informatization of the medical system is also imperative. Compared with paper medical records, EMRs are related to each other, easy to store, more environmentally friendly, and efficient [4,5]. It effectively solves the problems of paper medical records [3]. So, it is very popular in hospitals.
However, with the rapid growth of EMRs, the problem of data islands in hospitals has become more prominent. When patients go to different hospitals, each hospital will generate a large amount of EMRs and store them in its own hospital independently, which cannot be shared among them. For doctors, it is impossible to understand the patient's illness history in other hospitals. On this basis, doctors are prone to misdiagnosis and even cause significant problems such as medical malpractice. Moreover, it is also not conducive for the patients to master and understand their health status [5]. In addition, EMRs store the patient's personal privacy information. If they are attacked, they will face security risks, such as privacy leaks [6].
In recent years, blockchain technology has developed rapidly. Due to the characteristics of immutability, data integrity, and distributed storage, blockchain technology has been widely used in all walks of life [7][8][9]. Since blockchain technology can ensure privacy and security in the application of EMRs, many scholars have proposed solutions to the current problems of EMRs. Literature [10] proposed blockchain-based healthcare data gateway architecture, enabling the patients to control and share their EMRs easily and securely without violating privacy. It provides a new potential way to improve the intelligence of healthcare systems while keeping patient data private. Literature [11] proposed a blockchain-based EMRs data-sharing framework, using immutability, and built-in autonomy properties of the blockchain sufficiently address the access control challenges associated with sensitive data stored in the cloud. Literature [12] proposed an electronic medical care system based on blockchain, which builds an alliance chain among hospitals. Using the practical Byzantine fault-tolerant algorithm reduces the computational power and ensures the safety and stability of the system, and at the same time, it prevents data tampering and privacy leakage. Literature [13] proposes a framework for sharing medical system data services based on blockchain, which does not rely on a trusted third party and realizes safe storage and privacy protection. Literature [14] used attribute-based encryption and identity-based encryption to ensure data privacy and used blockchain techniques to ensure the integrity and traceability of the EMRs. e most significant advantage of blockchain-based EMRs is that users can securely share the EMRs among hospitals and other institutions. However, most of the existing research only discusses the security search and the data sharing without considering establishing system EMRs for individual patients.
In fact, due to the limited storage space, many medical institutions and enterprises store data on cloud servers. However, with the continuous increase of cloud computing data security issues, it is imperative to upload encrypted data to the cloud server. However, it will face the problem of how to implement ciphertext search when data are shared. In this case, searchable encryption technology came into being [15][16][17][18]. It supports ciphertext search while ensuring the security of the data sharing, saving a lot of network and computing costs, and making full use of the enormous computing resources of cloud servers to search for keywords on ciphertexts. erefore, many electronic medical record sharing schemes use searchable encryption technology to realize ciphertext sharing. Literature [19] proposed a blockchain-based searchable encryption scheme for EMRs. e solution stores the index of EMRs in the blockchain using the blockchain to ensure the integrity, tamper-proof, and traceability of the EMRs index and using searchable encryption to realize ciphertext sharing. Literature [20] constructs a framework based on the blockchain. It uses private chains and alliance chains, combined with searchable technology, to realize the safe search of EMRs while ensuring personal privacy and information security. Literature [21] proposed a blockchain-based secure and privacy-protected EMRs sharing protocol. e scheme mainly uses searchable encryption and proxy reencryption to realize data security, privacy preservation, and access control. Literature [22] combines private chain and consortium chain and uses searchable encryption technology to realize data sharing with significant storage overhead. Literature [23] uses ciphertext strategy attribute-based encryption to encrypt EMRs, and only users with the required attributes can access the data, which can achieve fine-grained access control. e above schemes solved privacy security and ciphertext search through searchable encryption technology but did not consider deduplication.
In response to the above problems, we propose a personal EMRs system with deduplication based on edge server. e plan is to update the EMRs by the doctors in time through the patient's authorization with deduplication and then complete data update. Moreover, it is through blockchain and searchable encryption to ensure data and personal privacy security, and the edge server can offload the computing tasks of cloud services to improve computing efficiency.

Bilinear Diffie-Hellman Hypothesis.
Suppose G 1 is the additive group, G 2 is the multiplicative group, and the prime order is q. Define a bilinear operation e: G 1 × G 1 ⟶ G 2 ; g is the generator of group G 1 . Given a four-tuple (g, g a , g b , g c ), it is difficult to calculate e(g, g) abc ∈ G 2 . Suppose algorithm A is used to solve the BDH problem, and its advantage is defined as ε, if Pr|A(g, g a , g b , g c ) � e(g, g) abc | ≥ ε.
At present, there is no effective algorithm to solve the BDH problem. erefore, it can be assumed that the BDH problem is complex [24]. (1) KeyGen(λ). Randomly select α ∈ Z * p and a generator g of group G 1 , and output (sk � α, pk � g α );

System Model.
is paper aims to solve the difficulties in EMRs sharing among hospitals and the problems of isolated and repeated storage of cases. e program mainly uses blockchain and searchable encryption technology to ensure EMRs data and privacy security. e overall idea of the scheme is that when a patient sees a doctor, he first registers with the hospital, and the hospital makes an appointment for the patient. en, the patient authorizes the doctor to generate EMRs and the doctor sends the EMRs and authorization guarantee to the edge server. e edge server encrypts the EMRs and retrieval information and uploads them to the cloud server and blockchain. When the patient goes to another hospital, the doctor needs to be authorized to visit the personal EMRs. en, the doctor generates new EMRs after understanding the patient's history of illness and sends them to the edge server. e edge server marks the repeated case and then adds the newly added case to the patient's medical record to complete the case update.
e main entities involved in the system are patients, doctors, hospitals, cloud servers, edge server, and blockchain. e system architecture is shown in Figure 1.

Definition 2.
e scheme is composed of the following algorithms: Initialization: generate system parameters; Key generation: generate the entity's keys; Registration: the patient registers with the hospital; the hospital makes an appointment for the doctor. Authorization: the patient authorizes the doctor to generate EMRs. Generation and storage of electronic medical records: the doctor generates EMRs for the patient and sends them to the edge server. en, the edge server calculates the ciphertext and index and uploads it; Access: the doctor views the patient's previous EMRs. e doctor applies for an access request to the edge server and the edge server accesses the blockchain and cloud to obtain the information and then returns it to the doctor. Update: the doctor deletes duplicate EMRs and sends them to edge server; the edge server updates and uploads them to cloud storage and blockchain.

Security Model.
We define the formalized security model of the proposed scheme by the following games.

Keyword Privacy Security Game. If there is no adversary
A who can infer the plaintext of the keywords from the ciphertext or trapdoor in probabilistic polynomial time, the privacy of the keywords can be guaranteed. Define the keywords privacy and security game as follows: (1) Initialization: given the secure parameter λ, simulation challenger B executes the initialization algorithm to generate par.
(2) Phase 1: adversary A runs the trapdoor generation algorithm multiple times. (3) Challenge: adversary A randomly selects two keywords from the keyword space and sends them to the simulation challenger. e simulation challenger executes the trapdoor generation algorithm and then randomly selects a trapdoor and sends it to A. (4) Guess: After adversary A inquires n times for the different keywords, it analyzes and guesses. If the A can guess the trapdoor, then adversary A wins the game.

Proof of Bilinear Diffie-Hellman Hypothesis for Difficult
Problems. If there is an adversary A who can solve the solution with an advantage ε(λ) in polynomial time, then the adversary A can solve the BDH difficult problem with an advantage ε(λ) in polynomial time. Define the two-linear Diffie-Hellman hypothesis that the difficult problem specification is proved as follows: (1) Initialization: given the group G 1 , G 2 and the mapping e: (2) Phase 1: adversary A runs the encryption algorithm multiple times.

The Proposed
e program mainly includes the following essential roles: patients, hospitals, doctors, cloud storage servers, edge server, and alliance chain. e description of symbols in the text is shown in Table 1.

Initialization.
e key generation center according to the security parameter λ generates the public parameter par � p, g, G 1 , G 2 , e, H 1 , H 2 , where G 1 and G 2 are the cyclic group of prime order p, the generator of group G 1 is g, e satisfies G 1 × G 1 ⟶ G 2 , and H 1 : 0, 1 { } * ⟶ G 1 and H 2 : G 2 ⟶ 0, 1 { } log p are two hash functions.

Key
Generation. e patient P randomly selects α ∈ Z * p and calculates h � g α , so the keys of P are (sk P � α, pk P � g α ). Similarly, the doctors D 1 and D 2 randomly select β and c and calculate d � g β and f � g c , so Security and Communication Networks the keys of D 1 and D 2 are (sk D � β, pk D � g β ) and (sk D 2 � c, pk D 2 � g c ).

Registration.
e patient P registers with the hospital H 1 , and the H 1 stores the patient's identification ID P , randomly selects the treatment key τ, and sends the encrypted Enc(pk P , τ) to P. e hospital H 1 makes an appointment with the attending doctor D 1 for the patient P and encrypts the appointment information App � ID D 1 � � � �Dep‖Aux with the τ and sends it to P. e patient uses τ to decrypt the App and obtains the doctor's ID D 1 , department Dep, and other auxiliary information Aux. At the same time, the hospital H 1 sends τ to the attending doctor D 1 .

Authorization.
e patient P authorizes the doctor D 1 to generate EMRs. P generates an authorization guarantee while signing it with the personal private key σ Gua 1 � sig(sk ρ , Gua 1 ) and encrypting it with the doctor's public key C 1 � Enc(pk D 1 , Gua 1 � � � � � σ Gua 1 ), and then sends C 1 to D 1 . e doctor D 1 decrypts C 1 with the personal private key sk D 1 to obtain the Gua 1 and the signature σ Gua 1 , and then the doctor verifies the correctness of the authorization with the patient's public key pk P .

Generation and Storage of Electronic Medical Records.
When the verification is passed, the doctor generates EMRs m 1 for P and sends them to edge server. e edge server calculates the ciphertext C m 1 � H 1 (k 1 )m 1 and then randomly selects u ∈ Z * p and calculates I 1 � g u , I 2 � H 2 (r), I � I 1 , I 2 , where r � e(H 1 (ID P ), pk u D ). Finally, it uploads A CS � C 1 , ID D 1 , I, C m 1 to the cloud server and uploads A BC � H 1 (ID P ), I 1 , I 2 , N to the blockchain, here N is the file number returned by the cloud server.
3.6. Access. When P registers and sees a doctor D 2 in the hospital H 2 , P first authorizes D 2 to access his EMRs through the authorization guarantee where σ Gua 2 � sig(sk ρ , Gua 2 ). e doctor D 2 sends C 2 � Enc(pk D 2 , Gua 2 � � � � � σ Gua 2 ) to edge server, the edge server decrypts C 2 with the personal private key sk D 2 to obtain the Gua 2 and the signature σ Gua 2 and then verifies the correctness of the authorization with the patient's public key pk P . When the verification is passed, the edge server calculates T � H 1 (ID P ′ ) β ∈ G 1 and sends A � Gua 2 , ID D 2 , T to the blockchain nodes. e blockchain nodes execute matching algorithms through H 2 (e(T, I 1 )) � I 2 and return  When P registers and sees a doctor D n in the hospital H n , repeat the above process.

Theorem 1. In the search phase, the blockchain nodes need to verify the identity of the visitor and secondly verify whether the trapdoor submitted by the edge server has corresponding index and other information, that is, needs to verify whether the equation H 2 (e(T CS , I 1 )) � I 2 is established. If the equation holds, the corresponding index is returned for the doctor; otherwise, the visit is denied.
Proof. According to the above, we know e T, I 1 � e H 1 ID P ′ β , g u , � e H 1 ID P ′ , g uβ , � e H 1 ID P ′ , pk u D . (1) then e H 1 ID P ′ , pk u D � e H 1 ID P , pk u D � r. So, rough the proof, we can find that the verification equation is established, the ciphertext retrieval verification is successful, and the result is correct. So, it can retrieve the index information corresponding to the patient's history EMRs, and the correctness of the scheme is verified.

Security.
e scheme satisfies the difficult problem of the BDH assumption; the proof is as follows.

Theorem 2. Assuming that the BDH problem is difficult, the scheme is indistinguishable under adaptive chosen ciphertext attacks (IND-CCA2).
Suppose H 1 : (0, 1) * ⟶ G 1 and H 2 : 0, 1 { } * ⟶ Z * p are two random oracles; A is the adversary of the superior ε(k) attack scheme. At any time, A can ask H 1 or H 2 and ask at most q H 1 and q H 2 times, respectively. Constructing the simulator B can solve the BDH problem with at least the advantage of 2ε(k)/eq H 2 and the running time of O(time(A)).
Proof. Suppose the simulator B has known g, g x , g y , g z (x, y, z ∈ Z * p ) and simulate the challenger, with A as the adversary, and the goal is to calculate D � e(g, g) xyz ∈ G 2 .
For simplicity, suppose (1) A will not initiate the same query to H 1 (ID P ) twice, and (2) if A requests a trapdoor for keyword ID P , it has already asked H 1 (ID P ) before.
(1) System establishment: the simulator B builds the system, generates the safety parameter λ, runs the algorithm setup (1 λ ), obtains the safety parameter par � p, g, G 1 , G 2 , e, H 1 , H 2 , and generates the keys K C � (sk C , pk C ) and keeps the private key sk C . e simulator chooses (x, y, z ∈ Z * p ), setup g, u 1 � g x , u 2 � g y , u 3 � g z ∈ G 1 . e simulator challenger B returns the parameters Par and the public key pk C to adversary A, and A asks the simulator B with random oracles.
(2) H 1 and H 2 query: B randomly chooses l ∈ 1, · · · , q H 1 . l is the guess value of B, and the l-th  H 1 (w yg a b , g ac )) � H 2 (e(g a b , g az ) az(y+a b ) ). According to this definition, C is a valid trapdoor for the keyword w b . (5) Trapdoor query: A can continue to do trapdoor queries for the keyword w i ; the only restriction is that w i ≠ w 0 , w 1 , and B responds as before. (6) Guess: A outputs the guess b ′ ∈ (0, 1), and B randomly selects 〈r i , v i 〉 from H list 2 and outputs r/e(u 1 , u 3 ) a b as his guess of e(g, g) xyz , where a b is the value used in the challenge phase. is is because e advantage of B choosing the correct result is 2ε(λ)/eq H 2 , so the probability that B breaks the security of the proposed scheme is Pr|A(r/e(u 1 , u 3 ) a b ) � e(g, g) az (y + a b )| ≥ 2ε(λ)/eq H 2 .  Table 2, we can find that all the above schemes are based on blockchain and realized access control and privacy protection functions. But none of the literatures [11,20,22,23] can implement data deduplication. In addition, reference [11] did not use searchable encryption technology to realize ciphertext search, and reference [20] did not realize data sharing. erefore, the function of this scheme is better.
Nowadays, there are many researches on EMRs, but it still faces many problems to be solved urgently. For example, we are familiar with privacy protection, access control, and data-sharing issues. With the development of science and technology, more problems have been exposed between the increasing demand of people and the actual status of EMRs. For example, there are no systematic EMRs for patients, and the storage of patients' EMRs is relatively scattered and unsystematic, which makes patients unable to understand personal health systematically. In addition, given the huge data storage and limited storage space of EMRs, deduplication is particularly important. Deduplication can effectively reduce storage consumption and improve storage efficiency. erefore, it is also one of the urgent problems to be solved in EMRs. In response to the above problems, this article provides some solutions, as shown in the following.
According to Table 3, the plan allows the doctor to update the patient's previous EMRs, so the EMRs system can store the latest medical record in time which ensures the timeliness of the data and realizes integrity and systematic of the patient's EMRs data. Secondly, the deletion of duplicate data effectively improves storage efficiency and reduces storage overhead.

Simulation.
e operating system used in the simulation experiment in this article is Windows 10, Intel CPU i7-9750H, and MyEclipse 2015 CI. From the initialization, key generation, encryption, decryption, indexing, and trapdoor generation stages, the execution efficiency of the scheme is investigated. e initialization phase is the configuration of system parameters. e key generation stage is mainly used to generate participants' personal keys. e encryption and decryption use symmetric encryption algorithms. Indexes and trapdoors are used for file query and retrieval. e program selected documents [22,23] for comparison, and the selected documents were all EMRs sharing schemes based on the blockchain. e comparison results of each stage are shown in Figure 2.
It can be seen from Figure 2 that the execution efficiency of this article is relatively higher than that of documents [22,23], and documents [22] need to be improved in terms of efficiency. In the index generation stage, the cost of this article is slightly higher than literature [23], while other stages are lower than the comparative literature. is is because literature [23] does not require bilinear operation in the index generation stage, while the solution of this paper needs to perform the bilinear operation, which makes the efficiency relatively lower than literature [23]. In the encryption and decryption stages, literatures [22,23] require complex operations with the high cost of bilinear pairing and modular idempotence. While this scheme only needs one hash and one inverse operation, computational efficiency is relatively high. In the trapdoor generation stage, the solution in this paper only needs to perform power operation and hash operation, which is more efficient than the comparative literature.
In addition, to further verify the program's performance, the program uses keywords as variables to compare the execution efficiency of the index, trapdoor generation, and search phrases. Figure 3 is the execution time of the index generation phase, Figure 4 is the execution time of the trapdoor generation phase, and Figure 5 is the execution time of the retrieval phase.
It can be seen from Figures 3-5 that with the increase of keywords, the running time of the trapdoor, indexing and retrieval phases in this article, and the comparative literature show an increasing trend. Literature [23] has a higher running time cost with the increase of keywords in the three stages. e running time cost of this article and the literature [22] is relatively consistent, and its execution efficiency is relatively low. Compared with literature [22], the keyword ciphertext matching of this scheme belongs to exact matching, while literature [22] belongs to fuzzy matching. So, the keyword matching result of this scheme is more accurate than literature [22].

Conclusions
is article proposes a cross-domain sharing of EMRs among different hospitals based on blockchain and edge computing, which solves the difficulty of EMRs data sharing among hospitals and the problem of isolated and duplicated storage. rough patient authorization, cross-domain secure sharing of EMRs is realized and making the patient's personal EMRs more systematic and complete. e use of blockchain technology ensures that the data cannot be tampered with, and the use of searchable encryption ensures the security of EMRs and personal privacy. Edge servers offload the computing tasks of cloud services and improve computing efficiency. By analysis, it is found that the security of the scheme is proved based on the BDH assumption. Performance analysis and simulation experiments show that the computational complexity is relatively low and has high execution efficiency.

Data Availability
e data used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.