A Blockchain-Based Auto Insurance Data Sharing Scheme

. Auto electronic insurance policy and electronic maintenance list record the entire process of auto owners purchasing auto insurance and repairs after accident, respectively. They play a vital role in auto owners ’ applications for claims and insurance company ’ s judgment on whether to settle the claims. However, the privacy of insurance policy and the “ information island ” resulting from the nonsharing of data between users make the claim has low e ﬃ ciency. The notable features of blockchain technology are decentralization and tamper-proof, which can well solve data sharing and privacy protection. This paper proposes a blockchain-based auto insurance data sharing scheme to improve the existing auto insurance claim system. The scheme includes four main bodies: auto owner, insurance company, 4S Shop, and government authority. In the proposed scheme, the data sharing of authorized users is realized through proxy reencryption. Finally, we have analyzed the security and performance of the solution. The analysis results show that the proposed scheme can meet many security features such as user access control and data tamper resistance and has an ideal calculation and communication cost.


Introduction
With the constant development of society, the auto is everywhere in our life. However, some subjective or objective factors will inevitably cause damage to the auto during the use of the auto. It makes more and more people start to buy insurance for their autos. Now, the auto insurance policy and maintenance list have been digitized with the construction of the smart city. Electronic insurance policy has the advantages of convenient use, low cost, and timeliness and at the same time provides effective evidence for insurance claims. For the time being, these digital documents involve the privacy of auto owners, which shows that privacy protection is a key problem that digital insurance policy must face. The electronic insurance policy and the maintenance list are usually stored and managed by the insurance company and the 4S Shop, respectively. For example, in the process of reviewing claims, the insurance company needs to know the information of insurance purchased by the auto owner and the maintenance case of the auto. The policy information is stored in the insurance company's database, but the insurance company is not clear about the auto's maintenance case. If the insurance company solely relies on the words of the auto owner, it is easy for the auto owner to cheat the insurance and cause losses to the company. Therefore, we propose a scheme based on blockchain to solve the above problem. In the scheme, the insurance company can apply to legally obtain the maintenance records stored in the 4S Shop, and make a quick review to avoid the losses due to the "information island." 1.1. Related Works. Since the advent of blockchain [1], people have never stopped researching it. From the initial application in finance to the present, all walks of life are advocating the "blockchain+" model [2,3]. The insurance industry also began to join the "blockchain+" model in 2015 and actively try and explore the application of blockchain technology in its own business. As the third largest application scenario in blockchain applications, insurance is usually combined with other fields, such as the insurance and financial fields, auto insurance and maintenance services, and medical insurance and medical fields [4,5]. Zhao [4] described the current research and application of the insurance industry to blockchain and predicted the trends of "blockchain+insurance." Popovic et al. [5] summarized and gave the issues to be considered when using blockchain technology to solve insurance business problems. Note that in current various industries, the main research about blockchain focuses on information protection, data application, data storage, data sharing, etc., among which data storage and data sharing are the focuses of research [3,6,7]. For example, Ekblaw et al. [8] proposed a decentralized record management system that uses blockchain technology to process EMRs. The immutable feature of the blockchain ensures the accuracy of EMRs. However, the scheme did not set a data access strategy, leading to the risk of data leakage. Guo et al. [9] proposed an attribute-based multiauthority signature scheme, which authorizes multiple institutions to manage user attributes on the blockchain. But this scheme is difficult to resist collusion attacks by authorized agencies. Roehrs et al. [10] used the blockchain to build a patientcentric medical architecture model. Unfortunately, the model only integrates the medical data of different medical institutions into one view. These data are still stored on the blockchain, occupying a large amount of storage space on the blockchain. Given this situation, Hua et al. [11] outsourced and stored the data in the cloud after being encrypted, which not only protects patient privacy but also releases storage space of the blockchain. Fu and Fang [12] did further research based on the OPAL/Enigma encryption platform; in NTT services, better encryption algorithms are used to enforce distributed privacy. The scheme uses a trusted certification mechanism to replace proof of work to improve the consensus algorithm of the system. Liu [13] proposed a medical data sharing and protection scheme based on the hospital's private blockchain to improve the electronic health system of the hospital. Particularly, the proposed scheme is implemented by using PBC and OpenSSL libraries.

Motivation and Contribution.
At present, since the development of blockchain technology itself is not particularly mature, and the application of blockchain in the insurance field has only been proposed with the construction of the smart city in recent years, the research on "blockchain +insurance" is still in its infancy. The existing research in this area has the following shortcomings [4,5]: (1) The vast majority of studies only discuss whether it is feasible to apply blockchain to the insurance industry and did not give a specific plan. (2) A small number of studies have given specific application schemes such as data sharing, but there are many disadvantages, such as high cost.
The purpose of this article is to design a blockchainbased auto insurance data sharing model. It can be utilized to help the insurance company store and manage policy data, and share the auto maintenance record information so that a rapid claim settlement is realized and effectively reduces the loss of the insurance company. The solution should be able to protect private information and have an ideal calculation and communication cost. The main contributions of this paper are as follows: (1) A blockchain-based sharing model of lightweight insurance policy data and auto maintenance records is proposed. By using proxy reencryption technology, this model can realize flexible and secure data sharing (2) The scheme stores the data of the insurance company and the 4S Shop in their database separately and stores the signatures on the blockchain. This can not only improve the security of the scheme but also reduce all kinds of costs 1.3. Organization of This Paper. The rest of this article is structured as follows. First of all, the preliminaries are presented in Section 2. In Section 3, we give a blockchainbased auto insurance data sharing scheme. In Section 4, we analyze the security of the proposed scheme. In Section 5, we analyze the calculation and communication cost of the scheme. Finally, we summarize the proposed scheme in Section 6.

Preliminaries
2.1. Blockchain. The blockchain is mainly to solve the security problems and trust problems generated in the transaction process. It is a distributed database according to a chronological list. Generally, blockchain is divided into the public chain, the consortium chain, and the private chain [14,15]. In the same blockchain system, all data or data characteristic values will be completely stored by each node. The blockchain structure is shown in Figure 1. A blockchain contains many blocks and the hash value of the previous block is connected to the hash value of the next block. In each block, information such as version number, timestamp, digital signature, and root hash value is stored. The main characteristics of blockchain technology are listed as follows [15]: (1) Decentralization: there is no special node, and the status of each node is equal. All transactions on the same blockchain are completed by all nodes, and any node can access the data and information on the blockchain. The nodes do not affect each other, and the damage to individual nodes will not have any impact on the system (2) Tamper resistance: modifying the data will result in a change in the hash value, and the current hash value will affect the hash value of the next node, which causes other nodes to make changes. Therefore, once the data information is written into the block, it 2 Wireless Communications and Mobile Computing cannot be changed or canceled unless more than 51% of the nodes are controlled. But in theory, this is very difficult and costly (3) Openness: in a short period, block transaction information will be copied to all other nodes in the network to realize the synchronization of data in the entire blockchain. Each node can trace the past of both parties to the transaction through its stored information of all transactions (4) Autonomy: in the system, all nodes can play the role of protector to jointly maintain the entire blockchain system to ensure the reliability and security of information (5) Anonymity: the identity of each account is encrypted by the algorithm in cryptography. Others can learn the information of this account, but they do not know the identity of the account. Any party on the blockchain will not know any private information of the other party 2.2. General Network Model. As shown in Figure 2, the general network model of the blockchain-based auto insurance data sharing scheme is mainly composed of four parties, which are the system manager, insurance company, 4S Shop, and the user who purchases auto insurance. In the model, the system manager plays a vital role in maintaining the normal operation of the entire network. Therefore, this role is usually played by a highly trusted institution such as government departments. When an auto owner needs to purchase auto insurance from an insurance company registered on the blockchain, he/she must first register with an authority to enter the blockchain. Then, the auto owner buys auto insurance from an insurance company. If the policy information is legal, the insurance company stores the policy information in its database and puts the owner's signature on the blockchain for broadcast reception and verification. If the verification is passed, the signature will be stored on the blockchain. When the auto is damaged, the owner sends the auto to a legal 4S Shop for repairs. If the maintenance record information is legal, the 4S Shop will store the maintenance record information in its database and put the owner's signature on the blockchain for broadcast reception and verification. If the verification is passed, it will be stored on the blockchain. Finally, when the insurance company obtains the permission of the auto owner during the claim review, it can check whether the auto repair is reasonable through the proxy reencryption and quickly make compensation.

Security Requirements.
Under ideal circumstances, the system should meet the following basic requirements [16]: (1) Security and privacy protection: insurance policy data and auto maintenance information cannot be illegally used by anyone. The system should be able to resist general malicious attacks and be able to track illegal behaviors (2) Data access: after being authorized, auto owners can view all their data information, and the insurance company can access auto maintenance information under the authorization of the auto owner (3) User control: the user can manage all his/her historical data, and no one can obtain the historical data without the user's consent (4) Unified standards: in the model, all participants should use unified data standards and management schemes, which contribute to data sharing and improve system stability

Consensus Mechanism.
A remarkable feature of blockchain technology is that in a decentralized system with decentralized decision-making power and no trust, nodes can reach a consensus on the validity of block data. DPOS is an effective and reliable entrusted proof mechanism [17]. From a certain point of view, it is similar to the board of directors' parliamentary system. All nodes elect 101 representative nodes with equal rights by way of election, and these supernodes will take turns to be responsible for generating a new block. When a node cannot perform its duties, it will lose its accounting rights and be delisted and replaced by a newly elected supernode. The energy consumption of DPOS is lower than that of the POW mechanism, and it is more decentralized than the POS mechanism. It can complete the consensus process faster and improve efficiency.  3 Wireless Communications and Mobile Computing 2.5. Bilinear Mapping. Let G 1 and G 2 be two cyclic multiplication groups of order p, where p is a prime number. If there is a bilinear mapping e: G 1 × G 1 ⟶ G 2 satisfies the following properties, we call e as a bilinear pair [13].
(1) Bilinear: eðP a , Q b Þ = eðP, QÞ ab , where any P, Q ∈ G 1 and a, b ∈ ℤ * p (2) Nondegeneration: there exists P, Q ∈ G 1 , such that e ðP, QÞ ≠ 1 G 2 , where 1 G 2 is the identity element of G 2 (3) Computability: for any P, Q ∈ G 1 , eðP, QÞ can be calculated in polynomial time 2.6. Proxy Reencryption. Proxy reencryption is an algorithm for reencrypting and decrypting ciphertexts, which was first proposed by Blaze et al. [18] in 1998. In some schemes, a part A entrusts a trusted third party or a semihonest proxy to convert the ciphertext encrypted with its public key into the ciphertext encrypted with the public key of the other party B. Then, B can use the private key to decrypt the ciphertext, that is, to realize data sharing. In the whole process, the encrypted data is very safe, and there is no need to disclose A's private key. The specific steps are as follows [19]: (1) A uses its public key to encrypt the plaintext m; that is,

Proposed Auto Insurance Data Sharing Scheme
In this section, we will propose an auto insurance claim scheme based on the alliance blockchain of the insurance company, 4S Shop, policyholder, and the system manager.
The property proxy reencryption scheme in [20] is utilized. It has provided a data sharing mechanism for the member of this blockchain. The notations used in this paper are given in Table 1. As shown in Figure 3, the system manager SM, the insurance company IS i , the 4S Shop 4S j , and the policyholder P H i;j;n are the four main kinds of participants in the network. SM is the management institution that is a trusted third party and responsible for verifying node identity, generating the master key and system parameters, and verifying the signature of data. Insurance company IS i and 4S Shop 4S j first register with SM. If a person PH i;j;n insures for his/her auto with an insurance company, he/she must register with SM and set his/her public key and private key. If SM's verification has successfully passed, the policy information of PH i;j;n will be stored in the server, and the signatures of PH i;j;n and IS i will be stored on the blockchain. When the policyholder's auto has an accident, PH i;j;n contacts IS i to identify the auto and then IS i checks policy information. If the requirements are met, then it can quickly enter the claim process. IS i and PH i;j;n first decide which 4S j to repair the auto. Then, 4S j repairs the auto and generates maintenance information. Particularly, the maintenance information of 4S j about P H i;j;n will be stored in 4S j 's server, and the signatures of P H i;j;n and 4S j will be stored on the blockchain. If other 4S Shop 4S ′ j or insurance company IS ′ i on this alliance blockchain wants to query the maintenance record information or policy information of PH i;j;n , they should apply to the SM. If the application is approved, an agent first computes the conversion key. Then, SM generates the ciphertext of the maintenance records or policy information reencrypted by the 4S ′ j 's public key or IS ′ i 's public key and sends the ciphertext to 4S ′ j or IS′ i . In the following, we will give a detailed introduction of the proposed scheme, which includes six phases, i.e., initialization of system phase, insurance company join phase, 4S Shop join phase, policyholder join phase, signature store phase, and data sharing and search phase.

Initialization of System Phase
(1) Firstly, SM inputs a security parameter 1 k and selects the bilinear map e and two multiplicative groups G 1 and G 2 , which have the same prime order p, and g is a generator of G 1 . Secondly, SM chooses three secure hash functions H 1 : f0, 1g * ⟶ G 1 , H 2 : G 2 ⟶ f0, 1g k , and H 3 : G 1 × f0, 1g k × f0, 1g l ⟶ ℤ * p and a random function F : G 1 × G 2 × f0, 1g k ⟶ f0, 1g l−l 1 kf0, 1g l 1 , where l and l 1 are both security parameters. Lastly, SM randomly picks x ∈ ℤ * p as the system master key, sets the pubic key Y = g x , selects random elements g 1 , g 2 , u, v, d ∈ G 1 , and publishes fp, e, g, g 1 , g 2 , u, v, d, Y, H 1 , H 2 , H 3 , F, l, l 1 , G 1 , G 2 g (2) The insurance company IS i randomly picks x i ∈ ℤ * p as its private key and computes public key PK i = g x i (3) The 4S Shop 4S j randomly selects x j ∈ ℤ * p as its private key, and the public key is set as PK j = g x j (4) The policyholder PH i;j;n randomly chooses x n ∈ ℤ * p as his/her private key and computes the public key PK i;j;n = g x n 3.2. Insurance Company Join Phase. When a new insurance company decides to join the alliance blockchain, it needs to follow those steps combining with SM.
(1) IS i sends its identity ID i to SM (2) SM verifies its identity; if passes, SM randomly selects λ i ∈ ℤ * p and computes (1) 4S j sends its identity ID j to SM (2) SM verifies its identity; if passes, SM randomly selects λ j ∈ ℤ * p and computes PID j = E SM ðID j ⊕ λ j ∥ λ j Þ as 4S j 's pseudo-identity (3) 4S j receives PID j from SM through a secure channel 3.4. Policyholder Join Phase. If a person buys auto insurance from an insurance company IS i , he/she will become a policyholder PH i;j;n . Then, he/she needs to do the following steps, and the index n manifests the policyholder as the nth policyholder of IS i .
(1) PH i;j;n sends its identity ID i;j;n to SM (2) SM verifies its identity; if passes, SM randomly selects λ n ∈ ℤ * p and computes PID i;j;n = E SM ðID i;j;n ⊕ λ i;j;n kλ i;j;n Þ as PH i;j;n 's pseudo-identity (3) PH i;j;n receives PID i;j;n from SM through a secure channel (4) PH i;j;n sends its pseudo-identity PID i;j;n to IS i and then buys auto insurance in IS i . At the same time, IS i randomly selects δ ∈ ℤ * p as the evidence for the policyholder and sends δ to PH i;j;n  (5) IS i gives the policy information m 1 ; then, IS i inputs PK i;j;n , Y, m 1 , randomly selects r ∈ ℤ * p , and computes C 1 = g r 1 , C 2 = PK r i,j,n , U = eðY, g 2 Þ r , C 3 = H 2 ðUÞ, K = eðg, gÞ r , Þ, and C 5 = ðu h vdÞ r . IS i stores the ciphertext C i;j;n = ð C 1 , C 2 , C 3 , C 4 , C 5 Þ in its server and signs the message m 1 (6) When policyholder's auto has an accident, 4S j repairs the auto and generates maintenance information m 2 . Then, 4S j inputs PK i;j;n , Y and m 2 , randomly selects r ∈ ℤ * p , and computes C 1 = g r 1 , C 2 = PK r r,j,n , U = e ðY, g 2 Þ r , C 3 = H 2 ðUÞ, K = eðg, gÞ r , C 4 = ½FðK, C 1 , and C 5 = ðu h vdÞ r . 4S j stores the ciphertext C i;j;n = ðC 1 , C 2 , C 3 , C 4 , C 5 Þ in its server and signs the message m 2 3.5. Signature Store Phase. In a general DPOS, it needs to elect 101 legitimate participant delegates to record data on the blockchain. In our scheme, the insurance company and 4S Shop are two unrelated departments and have unique professional knowledge. Thus, the general DPOS is not suitable for the alliance blockchain. Because how to elect the delegates is a troublesome problem, and it also needs to take communication and calculation time. In our scheme, we proposed a lightweight and high-efficiency consensus mechanism as we can see in Algorithm 1, and it can be seen as an improvement on DPOS. Each insurance company and 4S Shop can be seen as delegates, who are responsible for broadcasting and recording their own generated data on the blockchain. Due to the high reliability of government agency, it is chosen as the supernode (multiple government agencies can be selected as supernodes to ensure the reliability of the scheme). Moreover, we set up a credit score scheme for the insurance company and 4S Shop to guarantee our mechanism is reliable. SM has the right to verify the signature of the insurance company and 4S Shop, if an error signature is found, the credit score of a relevant insurance company or 4S Shop will be reduced. If the credit score is reduced more than three times, it will be expelled from the blockchain. The verification steps of SM are listed as follows: (1) IS i or 4S j broadcasts the policy data or repair data on the blockchain, respectively (2) SM uses PK i or PK j to verify the signature every minute, and then, every twenty legitimate signatures are stored in one new block of the alliance blockchain   In this part, we give an example of an insurance company on how to know the auto maintenance information during the claim process. Therefore, after the insurance company obtains PH i;j;n 's permission, the algorithm enters PK j and PK i and performs the following steps: (1) PH i;j;n computes U 1 = g r′ and U 2 = g 1/x n 2 H 1 ðY r′ Þ and sends ðδ, U 1 , U 2 Þ to SM, where r ′ ∈ ℤ * p is a random number = PK r i and outputs the ciphertext C ′ i;j;n = ðC 1 , C ′ 2 , C 3 , C 4 , C 5 Þ to IS i , where the reencryption key rk i↔n = x i /x n mod p. Otherwise, the stage will be terminated (4) The server of 4S j sends the encrypted m 1 to SM 4 Þ l−l 1 , then IS i will obtain the ciphertext m 1 = ðC 4 Þ l 1 ⊕ ½FðK, C 1 , C 3 Þ l 1 . Otherwise, the stage will be terminated

Security Analysis
According to the security requirements given in Section 2.3, this section will analyze the solution from the following security attributes.
(i) Security and privacy: all nodes need to register with SM when applying to join the blockchain. SM checks whether the identities of the auto owner, insurance company, and 4S Shop are legal. Only nodes with legal identities are allowed to join. After the insurance company or 4S Shop registers with S M, SM will generate a fake identity for it. When the owner goes to insure or repair the auto, SM also calculates a false identity for the owner. In the follow-up process, all nodes use fake identities instead of real identities, and privacy is greatly protected. All transaction information is encrypted by asymmetric encryption, which can effectively prevent unauthorized node access. When the insurance company needs to query the auto owner's maintenance record, the proxy reencryption technology will be used with the owner's consent. When SM finishes the confirmation, the agent will convert the relevant maintenance record into a document that the insurance company can decrypt with its private key. In this way, data sharing between different institutions is realized under the premise of ensuring data privacy. Therefore, the solution has good privacy and security (ii) Data access: this scheme uses proxy reencryption technology to realize data sharing between different institutions. For example, if an insurance company wants to obtain the relevant data stored in the 4S Shop, the insurance company needs to obtain the consent of the applicant. Then, the insurance company will obtain the reencrypted ciphertext and decrypt it with its private key to get the data (iii) User control: the insurance policy and maintenance records are stored in the respective servers of the insurance company and the 4S Shop. For example, if the insurance company wants to obtain the relevant data of the 4S Shop, the insurance company must first obtain the consent of the applicant. Therefore, the policyholders can control access to data (iv) Unified standards: in this scheme, we can use unified data standards, such as the keywords of auto damage, which is conducive to data sharing and protection (v) Tamper resistance: in this solution, the encrypted insurance data and auto maintenance records are stored in the servers of the insurance company and the 4S Shop, respectively, and their signatures are stored on the blockchain. Since the server is not completely trusted, it may tamper with data. One is that the server first colludes with the signer to modify the original data, then resigning the data and replacing the original signature on the blockchain. However, due to the existence of the timestamp, the replaced signature can never be completely consistent with the original signature.

Wireless Communications and Mobile Computing
Additionally, the signature stored on the blockchain will not be changed due to the immutable feature of the blockchain. The other one is the server forges the signature to modify the data and calculates the private key SK ′ which is the same as the private key SK of the signature node; that is, SK ′ = SK. However, according to the difficulty of discrete logarithms, this method is not feasible. In summary, the data signature stored on the blockchain is tamper resistance, and it also ensures that the data stored on the insurance company and 4S Shop servers are tamper resistance (vi) Defend against modification attack: based on the above analysis, we know that it is difficult for the adversary to directly forge a new document to replace the target document, but we need to further consider the adversary's modification attack on the target document. In our scheme, we have two security mechanisms to resist this modification attack. The first is the signature verification mechanism. Under this mechanism, the insurance company, the 4S Shop, and the auto owner need to sign the insurance policy or the maintenance record sheet and then hand it over to SM to verify. Only the successfully verified document is valid. The voucher is based on a secure signature algorithm, and it is also impossible to forge or modify a document [21]. The second is the tamper resistance mechanism based on the blockchain. If the adversary cannot destroy the security of the blockchain, then the adversary cannot destroy the security of the system through a document modification attack. Besides, the use of timestamp also can prevent changes to the data. Therefore, the proposed scheme can resist the modification attack very well

Performance Analysis
In this section, we will compare the proposed scheme with two similar blockchain-based data sharing solutions [22,23]. For the convenience of comparison, we use M to represent the multiplication operator, E to represent the power exponent operator in the finite field of prime numbers, and P to represent the bilinear pairing operator. It can be seen from [24] that the cost of a single multiexponentiation is about 1.2 times the cost of single exponentiation. The remaining operators are negligible due to their low calculation time.
In [25], they simulated the user's environment through Windows XP OS on Inter(R) Pentium IV 3.0 GHz processor and 512 MB RAM. At the same time, they simulated the C environment to run on a 32-bit Intel(R) PXA270 624 MHz processor and 128 MB of memory through Windows CE 5.2 OS. The system takes 20.04 ms to execute a bilinear pairing operator P, 2.38 ms to execute a multiplication operator M, and 5.31 ms to execute a power exponent operator E. In this article, we will use the basic test results in [25] to estimate the calculation cost.
According to Table 2 and Figure 4, the proposed solution takes less time in the encryption and decryption stages than the other two solutions. The time in the reencryption and redecryption stages is higher than the other two solutions, and the longest is 102.58 ms. But here the caveat is that the step of reencryption is completed by the agent, and its calculation ability is usually sufficient, so the extra time spent in our solution can be accepted. Particularly, the total time cost is decreased by 7% compared with the scheme in [23].
For the communication cost, the auto owner and the insurance company, the auto owner and the 4S Shop, and the insurance company and the 4S Shop in the three stages of data broadcasting, data verification, and data access are considered. In the proposed scheme, the auto owner PH i;j;n needs to send ðU 1 , U 2 Þ to SM, where U 1 and U 2 are the elements of G 1 . If the insurance company wants to query the owner's maintenance records, the owner PH i;j;n will send the private key x n to the SM, where x n is the element of ℤ * p . For insurance company and 4S Shop, it also needs to send the private key x i or x j to SM and receive the required history records, where x i and x j are also elements of ℤ * p , and the ciphertext of the historical records is C i;j;n . Also, insurance company and 4S Shop are responsible for broadcasting ciphertexts C i;j;n = ðC 1 , C 2 , C 3 , C 4 , C 5 Þ, block ID, user pseudo-identities, public keys, and signatures on the blockchain. C 1 , C 2 , and C 5 are elements of G 1 , C 3 is an element of size k, and C 4 is an element of size l; the user's pseudo-identity is an element of the general ciphertext space (the length of the element is expressed as |x | ), the public key is an element of G 1 , and the signature can be regarded as an element of the general ciphertext space. Therefore, the communication cost of our solution is ðn + 5ÞjG 1 j + 5jℤ * p j + 1jxj + 2jIDj + 2k + 1l. Table 3 and Figure 5 show the comparison of communication cost. We assume that the size of the message sent in the alliance chain is jxj = 160 bits. When we encrypt the ciphertext with a key length of 80 bits, the size of q is 1024 bits. Therefore, the size of the element in G 1 is 1024 bits, and the size of the element in ℤ * p is 2048 bits. However, we can use standard compression techniques [26] to reduce the size of elements in G 1 to 520 bits (65 bytes), and the size of elements in ℤ * p is 1024 bits (128 bytes). In addition, the length of jIDj is 8 bits, which occupies one byte, and the length of both k and l is 512 bits. When only one user is considered, the communication cost of scheme [22] is 8jG 1 j + 4jℤ * p j + 1jxj + 1jIDj + 3k + 2l = 8 × 65 + 4 × 128 + 1 × 20 + 1 × 1 + 3 × 64 + 2 × 64 = 1373 bytes, the communication cost of scheme [23] is ðn + 3ÞjG 1 j + ðn + 2Þjℤ * p j + 1j xj + 4jIDj + 2k + 2l = 4 × 65 + 3 × 128 + 1 × 20 + 4 × 1 + 2 × 64 + 2 × 64 = 924 bytes, and the communication cost of ours is ðn + 5ÞjG 1 j + 5jℤ * p j + 1jxj + 2jIDj + 2k + 1l = 6 × 65 + 5 × 128 + 1 × 20 + 2 × 1 + 2 × 64 + 1 × 64 = 1244 bytes. The proposed scheme's total communication cost is decreased by 10% compared with scheme [22]. The communication cost of scheme [23] is lower than ours, but this is only for a single user. As the number of users continues to grow, the advantages of the proposed scheme will be revealed.
With the increase of blockchain network users, the required calculation cost and communication cost will also increase. Next, we will analyze and compare the changing trend of the communication cost and calculation cost of our solution and other solutions when the user scale changes. The analysis results are shown in Figures 6 and 7. It can be seen from Figure 6 that the calculation costs of [22] and ours continue to increase with the number of users, but the growth rate is much lower than the solution proposed in [23]. It can be seen from Figure 7 that the communication cost of the solution proposed in [22] is not affected by the number of users n and always remains at a low level. The communication costs of [23] and ours are linearly positively correlated with the Communication cost (byte) [22] [23] Ours Figure 6: Impact of the number of users on calculation time. 9 Wireless Communications and Mobile Computing number of users n. However, it can be seen that the communication cost of [23] is the highest, and the gap with the other two schemes is also getting bigger with the continuous increase of n. In conclusion, the proposed scheme has higher comprehensive performance.

Conclusion
The basic features of blockchain technology make it very suitable for data protection and sharing. This paper proposes a blockchain-based insurance claim data sharing model. For example, the insurance company can access the user's auto maintenance record through proxy reencryption technology and realize multiuser data sharing while protecting data privacy. The analysis results show that the proposed scheme meets many security requirements and has higher comprehensive performance compared with the existing two schemes.

Data Availability
All data included in this study are available upon request by contact with the corresponding author.

Conflicts of Interest
The authors declare that there are no conflicts of interest concerning the publication of this paper.