Introduction
The existing blockchain-based data sharing methods in highway accident rescue scenarios face significant challenges in balancing efficiency and security. Traditional database systems used by various rescue departments often operate independently, lacking unified standards and interfaces, which leads to data silos and interoperability issues. Moreover, the opaque nature of traditional data sharing processes makes it difficult for users to verify data integrity and authenticity, undermining trust among stakeholders. While blockchain technology offers potential solutions to these problems, its application in highway accident rescue scenarios presents unique challenges that existing single-chain architectures fail to address adequately.
Highway accident rescue operations demand data sharing methods with high processing efficiency and rapid response capabilities to ensure timely information exchange among different departments. The critical nature of rescue operations makes data integrity paramount, as any tampering or loss could significantly impact rescue efforts. For instance, tampered vehicle or driver information might lead to incorrect accident liability determinations, affecting subsequent legal or insurance processes. Additionally, rescue data often contains sensitive personal information that requires protection against unauthorized access during sharing. These requirements highlight two core challenges in highway accident rescue data sharing: efficiency and security. Efficient data sharing ensures rapid information exchange among departments, while secure sharing guarantees data integrity, tamper-resistance, and privacy protection.
Current blockchain-based data sharing approaches struggle to achieve both efficiency and security simultaneously. Blockchain systems typically fall into three categories: public, private, and consortium chains. Public blockchains offer strong decentralization and high security but suffer from performance limitations due to complex consensus mechanisms. Consortium chains, with their smaller network sizes and efficient consensus algorithms, provide better performance but sacrifice some decentralization. Existing solutions using single-chain architectures either prioritize security at the expense of efficiency or vice versa, making them unsuitable for the demanding requirements of highway accident rescue scenarios.
This paper presents an efficient and secure data sharing solution called Efficient-DSS that addresses these challenges through a dual-chain architecture combining public and consortium blockchains, along with an innovative BBF-Merkle tree indexing structure for off-chain data. The dual-chain architecture leverages the strengths of both blockchain types: the public chain provides decentralized audit capabilities, while the consortium chain handles efficient data indexing and retrieval operations. This division of labor allows parallel processing of unrelated transactions, significantly improving overall network efficiency. Additionally, encrypted data is stored off-chain in IPFS, with the public and consortium chains storing data digests and indexes respectively, reducing on-chain storage pressure and avoiding performance bottlenecks.
To further enhance audit efficiency, the paper addresses the poor query performance of public chains through an innovative solution. The proposed BBF-Merkle tree indexing structure combines the advantages of Bloom filters, B+ trees, and Merkle trees to enable efficient retrieval while maintaining tamper-resistance for off-chain data. A layered query scheme incorporating cache, off-chain database, and public blockchain components reduces overall query time significantly compared to direct public chain queries.
System Architecture and Problem Description
The highway accident rescue data sharing framework consists of seven key entities: multiple authorization centers, data owners, data users, decentralized file storage system, consortium blockchain, public blockchain, and external database. This comprehensive architecture addresses the complex requirements of data sharing in emergency scenarios while maintaining security and efficiency.
Data owners include IoT-equipped vehicles and drivers. Vehicles collect accident-related data through onboard sensors and gateways, capturing environmental conditions, vehicle status, and other critical information. Drivers provide personal data such as identification, medical information, and insurance details necessary for post-accident processing and rescue operations. Before sharing data, owners compute digests of their information and upload these to the public blockchain for integrity verification. The actual data is encrypted and stored in IPFS, with the corresponding content identifiers (CIDs) shared via the consortium blockchain.
Data users represent various rescue departments and their members, including traffic police, medical teams, insurance companies, and other relevant agencies. These entities access shared data through dedicated channels on the consortium blockchain, using the proposed layered audit mechanism to verify data integrity. The decentralized file storage system (IPFS in this implementation) stores encrypted data and returns CIDs for efficient retrieval. Multiple authorization centers handle cryptographic key generation and distribution, consisting of a central authority and multiple attribute authorities that generate system parameters and user-specific attribute keys during initialization.
The consortium blockchain, maintained collaboratively by participating departments, implements channel mechanisms that enable isolated data exchange between specific groups of users. This architecture ensures data privacy and access control while leveraging the consortium chain’s high throughput for efficient data sharing. The public blockchain stores data digests shared by owners, providing decentralized, tamper-proof verification capabilities. An external database synchronizes digest information from the public chain to enable efficient off-chain querying, using the BBF-Merkle tree structure for indexing and integrity preservation.
The data sharing process follows several distinct phases: initialization, digest upload and off-chain synchronization, data encryption, sharing, and audit. During initialization, the system generates cryptographic parameters and keys while assigning pseudonymous identities to users for privacy protection. Data owners then compute and upload data digests to the public chain, with synchronization mechanisms transferring this information to the external database. Encryption transforms sensitive data into ciphertext stored in IPFS, while the consortium chain handles the sharing of data indexes among authorized users. Finally, the audit phase allows data users to verify received information’s integrity through the layered query scheme.
This architecture addresses two fundamental problems in highway accident rescue scenarios: efficient data sharing and secure data sharing. Efficient sharing requires low-latency, high-throughput mechanisms to support rapid information exchange among multiple collaborating departments during emergencies. Secure sharing demands robust integrity protection, tamper-resistance, and auditability to ensure data reliability throughout the sharing process. The dual-chain approach with off-chain storage and specialized indexing structures provides a comprehensive solution that meets both requirements simultaneously.
Dual-Chain Architecture for Efficient Data Sharing
The proposed dual-chain architecture represents a significant advancement over traditional single-chain solutions by effectively combining the strengths of public and consortium blockchains. This innovative design enables the system to achieve both high performance and strong security guarantees, which are essential for highway accident rescue operations.
The consortium blockchain component specializes in high-frequency data sharing tasks, leveraging its permissioned nature and efficient consensus algorithms to provide the rapid transaction processing needed during emergencies. Departments participating in rescue operations form the consortium members, maintaining the blockchain through a practical Byzantine fault tolerance (PBFT) variant that ensures fast consensus without the computational overhead of proof-of-work mechanisms. The consortium chain implements sophisticated channel mechanisms that create isolated data sharing environments for different groups of users, allowing customized access policies while maintaining overall system integrity.
In parallel, the public blockchain component focuses on providing tamper-proof audit capabilities through its decentralized verification infrastructure. Data owners upload cryptographic digests of their information to the public chain, where the global network of nodes maintains an immutable record of these hashes. This approach ensures that any attempt to modify shared data becomes detectable through inconsistency between the stored digest and the actual data content. The public chain’s transparency and decentralization make it ideal for establishing trust among parties who may not have pre-existing relationships.
The interaction between these two chains occurs through well-defined interfaces that maintain their respective security properties while enabling system-wide functionality. The consortium chain stores IPFS content identifiers for encrypted data and manages access control through attribute-based encryption schemes. When data users retrieve information through the consortium chain, they can independently verify its integrity by checking corresponding digests on the public chain. This separation of concerns allows each blockchain type to specialize in its strengths: the consortium chain handles performance-critical data sharing operations, while the public chain provides decentralized audit capabilities without becoming a bottleneck for routine transactions.
Data storage follows a similarly optimized approach, with encrypted content residing in IPFS to avoid bloating either blockchain with large data volumes. The consortium chain stores only the IPFS content identifiers along with access control metadata, while the public chain maintains the much smaller data digests. This architecture significantly reduces storage requirements compared to systems that attempt to store all data directly on-chain, making the solution practical for large-scale deployment in accident-prone areas.
Access control mechanisms build on attribute-based encryption to enable flexible policy definitions that match organizational structures in rescue operations. Three policy types accommodate different sharing scenarios: channel-level policies that grant access to all members of a specific consortium chain channel, organization-level policies that restrict access to particular departments, and user-level policies that target individual rescuers. Data owners can select appropriate policies when encrypting information, ensuring that sensitive data reaches only authorized recipients while maintaining efficient sharing within trusted groups.
The initialization phase establishes necessary cryptographic parameters and user credentials while preserving privacy through pseudonymous identities. Each user receives a persistent pseudonym generated through cryptographic operations involving secret values known only to the user and the authorization centers. These pseudonyms appear in all blockchain transactions, preventing real-world identity exposure while maintaining accountability through the trusted authorization infrastructure.
Data synchronization between the public chain and external database employs two complementary trigger mechanisms: a data volume trigger (DVT) that batches digests based on quantity thresholds, and a time interval trigger (TIT) that ensures periodic updates regardless of activity levels. This dual-trigger approach maintains query efficiency across varying workload conditions—the DVT handles bursts of accident data during peak periods, while the TIT prevents excessive delays during lulls in activity. The synchronization process forms a crucial bridge between the immutable public chain and the performance-optimized external database that supports efficient queries.
BBF-Merkle Tree for Efficient Audit Queries
The BBF-Merkle tree represents a novel indexing structure that combines the efficiency benefits of modern database techniques with the integrity guarantees of cryptographic authentication. This hybrid design addresses a critical limitation in existing blockchain systems—the poor query performance of public chains—while maintaining the tamper-evident properties essential for trust in rescue operations.
At its core, the BBF-Merkle tree integrates three fundamental computer science concepts: Bloom filters for probabilistic membership testing, B+ trees for efficient range queries and disk-based storage, and Merkle trees for cryptographic integrity verification. The fusion of these elements creates an indexing structure that supports fast queries comparable to traditional databases while allowing verification that returned results match the authoritative record on the public blockchain.
The tree structure consists of several node types designed for specific functions. Root nodes contain Bloom filters that enable rapid exclusion of irrelevant data branches during searches, significantly reducing the number of disk accesses required for typical queries. These filters provide probabilistic indications of whether a sought value might exist in particular subtrees, allowing the query algorithm to prune large portions of the search space early in the process. Extension nodes facilitate navigation through the tree hierarchy, while leaf nodes store the actual data values and associated metadata. A special metadata node maintains the connection to the public blockchain by storing the root hash of each tree batch and its corresponding block height.
Construction of the BBF-Merkle tree begins with transforming raw hash values into a more index-friendly format. The original cryptographic hashes, while excellent for security purposes, distribute randomly and lack patterns that enable efficient indexing. The solution applies a modulo operation to these hashes, creating derived keys that exhibit sufficient structure for tree organization while maintaining cryptographic relationships to the original data. Collisions from the modulo operation resolve through chaining in leaf nodes, preserving all original hash values despite key duplication.
Batch processing forms an essential characteristic of the BBF-Merkle approach. Rather than updating the index continuously, the system accumulates data on the public chain until reaching thresholds that trigger synchronization to the external database. Each batch generates a new BBF-Merkle tree, with its root hash recorded on the public chain to establish an immutable reference point. This batching strategy provides several benefits: it amortizes the cost of tree construction across multiple records, maintains clear boundaries between different data sets, and simplifies integrity verification by associating each tree with specific blockchain transactions.
Query processing follows a hierarchical path that begins with the Bloom filter checks to eliminate impossible matches, proceeds through tree navigation to locate potential values, and concludes with verification of any results found. For positive matches, the system provides Merkle proofs that allow clients to independently verify the authenticity of returned data against the public blockchain record. These proofs consist of the minimal set of hash values needed to recompute the tree root from the located value, demonstrating its inclusion in the original batch without requiring full tree traversal.
The layered query scheme builds upon the BBF-Merkle tree to create a comprehensive data retrieval system that optimizes for both performance and trust. At the highest level, an in-memory cache stores frequently accessed data to serve the majority of queries with minimal latency. Requests that miss the cache proceed to the external database with its BBF-Merkle index, where most remaining queries should resolve efficiently. Only queries that cannot be satisfied from the database—either because the data hasn’t synchronized yet or because integrity checks fail—require accessing the public blockchain directly.
This layered approach delivers dramatic performance improvements over direct blockchain queries while maintaining equivalent security guarantees. Experimental results demonstrate query speedups of seven times compared to public chain access, with the gap widening as data volumes increase. The system achieves these gains without compromising on decentralization or auditability—all query results can be verified against the authoritative public chain record when necessary, and the external database’s contents can be audited for tampering through the BBF-Merkle structure’s cryptographic linkages.
Integrity verification plays a central role in the query process, ensuring that performance optimizations don’t undermine data reliability. When the external database returns a positive match, the system must verify two aspects: that the data hasn’t been tampered with in the database, and that it matches the original information stored by the data owner. The first check compares the current root hash of the relevant BBF-Merkle tree against the value stored on the public blockchain—any discrepancy indicates tampering. The second check confirms that the data digest matches the hash of received content, proving its authenticity. Together these verifications provide end-to-end assurance equivalent to querying the public chain directly, but with substantially better performance.
For cases where the database contents fail integrity checks, the system includes recovery mechanisms that repair inconsistencies using the authoritative public chain record. By identifying the specific tree nodes where hashes diverge from expected values, the system can pinpoint tampered data and restore correct values from the blockchain. This self-healing capability enhances system robustness against potential attacks or corruption while maintaining the performance benefits of off-chain query processing.
Performance Evaluation and Security Analysis
Experimental evaluation demonstrates the effectiveness of the proposed Efficient-DSS method across multiple dimensions, including query performance, system throughput, and security guarantees. The testing environment comprised a mix of local machines and cloud-based virtual machines to simulate realistic deployment conditions, with the consortium blockchain network distributed across multiple nodes to evaluate distributed operation.
The performance benchmarks focused on two key metrics: query latency for audit operations and overall system throughput for data sharing. Testing compared the BBF-Merkle tree implementation against several alternative approaches, including direct public blockchain queries and other off-chain indexing methods. Results showed consistent superiority of the proposed method, particularly as data volumes scaled upward. For instance, querying 1000 records completed in approximately 50 seconds with Efficient-DSS, compared to over 400 seconds for direct Ethereum queries—an eightfold improvement that becomes more pronounced with larger datasets.
The BBF-Merkle tree’s efficiency advantages stem from several design choices. The Bloom filter component eliminates unnecessary tree traversals early in the query process, reducing disk I/O operations. The balanced tree structure maintains consistent performance regardless of query patterns, unlike some alternatives that degrade with certain access sequences. Batch processing minimizes the frequency of expensive tree construction operations while keeping individual trees at manageable sizes for efficient navigation. These optimizations collectively deliver query performance approaching traditional databases while maintaining blockchain-grade integrity verification.
Security analysis confirms that Efficient-DSS provides robust protection against relevant threats while meeting the requirements of highway accident rescue scenarios. The dual-chain architecture establishes multiple layers of defense: the consortium blockchain’s permissioned nature restricts access to authorized parties, while the public blockchain’s decentralization prevents single points of failure or control. Data encryption ensures confidentiality during storage and transmission, with attribute-based access policies enforcing least-privilege principles. Integrity protection mechanisms detect any unauthorized modifications, whether occurring during transmission, in storage, or through malicious database alterations.
The BBF-Merkle tree’s security properties merit particular examination, as they enable the performance benefits of off-chain querying without compromising auditability. Each tree batch’s root hash stored on the public blockchain serves as a trusted anchor point—any modification to the tree’s data would require recalculating all hashes along the path to the root, resulting in a mismatch with the blockchain record. The Merkle proof mechanism allows efficient verification of individual records without needing to process entire datasets, making integrity checking practical even for resource-constrained devices participating in rescue operations.
Resistance to various attack vectors demonstrates the system’s robustness. Tampering attempts against off-chain data become detectable through integrity checks, while direct attacks against the blockchain networks would require compromising a majority of nodes—an impractical feat given their decentralized nature. Even if attackers gained write access to the external database, they couldn’t produce valid cryptographic proofs for altered data without also compromising the public blockchain. The system’s design ensures that any unauthorized changes either get rejected during consensus or detected during subsequent verification attempts.
Privacy protections balance the need for accountability with individual rights in emergency situations. Pseudonymous identities prevent casual association of blockchain records with real-world individuals, while authorized entities can establish identity when legally required through cooperation with the authorization centers. Fine-grained access control ensures that sensitive information such as medical records reaches only relevant parties like emergency medical teams, not all participants in the rescue effort. These measures comply with emerging standards for privacy-preserving emergency response systems while maintaining the transparency needed for post-incident analysis and accountability.
The system’s architecture also addresses practical deployment considerations. The separation between performance-sensitive components (consortium chain, external database) and security-critical components (public chain) allows appropriate scaling of each part according to its requirements. Resource-intensive operations like blockchain consensus occur away from the critical path of emergency data access, ensuring that rescue teams face minimal delays when retrieving vital information. The use of existing, well-tested components like IPFS for storage and Redis for caching reduces implementation risks while benefiting from ongoing maintenance and security updates in these open-source projects.
Comparative analysis with related works highlights Efficient-DSS’s innovations. Previous single-chain solutions either sacrificed performance for security or vice versa, while earlier off-chain query approaches lacked robust integrity verification mechanisms. The dual-chain design represents a principled approach to separating concerns between efficiency and security, avoiding the compromises inherent in trying to optimize a single blockchain for conflicting requirements. The BBF-Merkle tree advances beyond simple database indexes or direct blockchain queries by providing a dedicated structure that genuinely reconciles performance with cryptographic assurance—a combination particularly valuable in time-sensitive emergency scenarios.
Conclusion
The Efficient-DSS method represents a significant advancement in blockchain-based data sharing for critical applications like highway accident rescue. By combining a dual-chain architecture with innovative BBF-Merkle tree indexing, the system achieves both high performance and strong security guarantees that single-chain solutions cannot match. The architecture’s clear separation of concerns allows each component to specialize in its strengths—consortium chains for efficient data sharing, public chains for decentralized auditing, and optimized off-chain indexes for rapid queries.
The practical implications for emergency response are substantial. Rescue teams gain access to critical information more quickly while maintaining confidence in its accuracy and completeness. Coordinating agencies can share sensitive data without compromising privacy or security, even across organizational boundaries. The system’s design accommodates real-world constraints like network connectivity issues during disasters through its layered query approach, ensuring degraded operation remains possible when ideal conditions don’t prevail.
Future work could explore several promising directions. Layer 1 optimizations or cross-chain technologies might further improve efficiency without compromising security. Enhanced privacy-preserving techniques could provide additional protections for sensitive medical or personal data. Integration with emerging edge computing infrastructures could decentralize components further, improving resilience during large-scale emergencies. The core principles of Efficient-DSS—dual-chain architectures and authenticated indexing structures—could also apply to other domains requiring efficient, verifiable data sharing, from healthcare coordination to supply chain management.
As blockchain technology matures and finds increasing application in critical systems, solutions like Efficient-DSS that address both performance and security concerns will become essential. The methods described here provide a blueprint for building practical, trustworthy systems that can handle real-world requirements while maintaining the fundamental benefits of decentralization and cryptographic assurance. For highway accident rescue and similar high-stakes scenarios, such balanced approaches may make the difference between effective, timely response and preventable tragedy.
doi:10.19734/j.issn.1001-3695.2024.09.0292 https://doi.org/10.19734/j.issn.1001-3695.2024.08.032310.19734/j.issn.1001-3695.2024.09.0292
Was this helpful?
0 / 0