Blockchain, as one of the underlying key technologies of digital currency, has received extensive attention with the rapid development of digital currency. Due to the decentralization, tamper resistance, traceability, and other properties of blockchain, more and more enterprise/individual users now choose to use blockchain technology to achieve data transmission and recording. On the one hand, the openness and transparency of the blockchain can fully guarantee the availability of data, but on the other hand, it brings high risks to users' privacy. In order to balance the confidentiality and availability of data, homomorphic encryption is usually employed in security solutions of blockchain. However, in practice, the security strength of the deployed homomorphic encryption schemes is likely to change over time. Considering the complex diversity and distributed characteristics of blockchain application scenarios, once a homomorphic encryption scheme is deployed, the corresponding workload will be very heavy when its security strength needs to be adjusted over time. To make things worse, in practice of blockchain, when considering the regulation requirements in many cases (especially for the data published and transmitted by certain group members), a trusted third party (TTP) such as a regulator, which is able to decrypt all the corresponding ciphertexts on the chain, is needed. If a traditional homomorphic encryption scheme is deployed, the TTP needs to store all users' secret keys, which introduces lots of practical problems to key management and storage of the TTP. According to the current application scenarios and security requirements of blockchain, an additive homomorphic encryption scheme is proposed, whose security is based on the decisional k-Lin assumption over ZN2* where N=pq.. The proposed scheme can be proved IND-CCA1 secure in the standard model, and has the following three advantages:(i) fine-grained adjustment of the security strength of the proposed scheme can achieved via adjusting the parameter k; (ii) it is a double decryption scheme (i.e., it has two kinds of secret keys, where one of them is held by a certain user, and the other is kept by the TTP, so the TTP can use this key to decrypt all the ciphertexts encrypted by the users under their own public keys); (iii) it can easily degenerate into an IND-CPA secure homomorphic encryption scheme, such that the obtaining scheme, with shorter public-secret key pair and shorter ciphertexts, is also an additively homomorphic, double decryption scheme.