A Secure Personal Health Record Sharing System with Key Aggregate Dynamic Searchable Encryption

Round 1

Reviewer 1 Report

In this paper, authors proposed a secure PHR sharing system by applying blockchain and IPFS to ensure integrity and solve the single point of failure problem. The idea is interested in a paper and well presented. I feel it is good paper and give some minor corrections to improve the paper.
1-Try to condense the abstract by keeping the main contributions and achievements of the study. (Purpose, Methodology, Findings, Originality/Value)

2-More explain Fiqure 1.

3- The proof of Theorem 1 must be presented carefully with details.
4-What effect is the use of the proposed model in achieving the objectives of the research? It is suggested that the results of the proposed model are stated in the conclusion with full detail.
5- In addition to expressing the superiority of the proposed method, its challenges need to be addressed.
6-In the research methodology section, explain why this idea was proposed and what is its superiority over other methods?

Author Response

Please find the attached file.

Author Response File: Author Response.pdf

Reviewer 2 Report

In this manuscript, a method for personal health record is given. My comments are given as follows.

(1) In the result patr, data to be encrypted is not shown.

(2) The results in this manuscript are simple. And the advantage of this work is unclear.

(3) The examples for applications are not addressed.

From the viewpoints mentioned above, I cannot recommend to publish this paper.

Author Response

Please find the attached file.

Author Response File: Author Response.pdf

Reviewer 3 Report

The authors present a manuscript detailing their proposed scheme for a secure Personal Health Record system. The proposed system uses IPFS as a storage layer and blockchain plus smart contracts as an operational layer. They argue that their system provides several security guarantees and also manages to keep computational costs down compared to other systems.

This work is timely and interesting and seems well grounded, still, I have a crucial question to which I could not find the answer in the manuscript. 

How does the Data Owner verify the Data Users' credentials (step 4 of the communication flow)?

The only reference I can find is the mutual authentication depicted in section 4.4 and proved in section 6.2. But this only achieves mutual authentication, there's no identity verification in the process. The authors did address impersonation attacks (section 5.1), but this only assumes an attacker trying to impersonate a particular DU, not the initial relationship between DO and DUs.

Maybe this is beside the scope of this work, but if so it should be stated.

A part from this, the manuscript should be proofread as there are too many English issues. Here are a few examples:

[line 34] "will be threatened the life" should probably be "live will be threatened"

[line 43] "was proposed that" -> "was proposed to"

[line 46] "that is" -> "that has"

[line 64] "usually does not be" -> "usually is not"

[line 300] "If there is no A can decide" -> "If there is no way that A can decide"

[line 476] "utilized it" -> "used"

[line 638] "ensure many security" -> "ensure more security"

Author Response

Please find the attached file.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

The author's research results in the manuscript are insufficient. I suggest rejecting the manuscript or the author adds more research results.