^{1}

^{1}

^{1}

^{2}

^{3}

^{1}

^{2}

^{3}

Outsourced decryption ABE system largely reduces the computation cost for users who intend to access the encrypted files stored in cloud. However, the correctness of the transformation ciphertext cannot be guaranteed because the user does not have the original ciphertext. Lai et al. provided an ABE scheme with verifiable outsourced decryption which helps the user to check whether the transformation done by the cloud is correct. In order to improve the computation performance and reduce communication overhead, we propose a new verifiable outsourcing scheme with constant ciphertext length. To be specific, our scheme achieves the following goals.

Attribute-based encryption (ABE) derives from identity-based encryption (IBE) introduced in [

We introduce some basic knowledge about bilinear groups, security assumption, access structure, and CP-ABE which our scheme relies on.

Bilinearity: for all

Nondegeneracy: there exists

Computability: for all

Let

Access structure is being referred to in [

Assume that

Briefly speaking, a user interacts with the CSP as illustrated in Figure

System architecture of our scheme.

We review the notion of CP-ABE in [

Lai et al. [

The RCCA security of outsourced decryption CP-ABE is described as a game in both an adversary and a challenger. According to the game in [

Without loss of generality, we suppose that an adversary does not launch transformation key query for attribute set

An outsourcing decryption CP-ABE scheme is RCCA secure if all probabilistic polynomial-time (PPT) adversaries have at most a negligible advantage of winning in this game.

The verifiability for CP-ABE with outsourced decryption is depicted via a game in both an adversary and a challenger. The game proceeds as follows.

Without loss of generality, we suppose that the adversary does not launch transformation key query for attribute set

An outsourcing decryption CP-ABE scheme is verifiable if PPT adversary has at most a negligible advantage in the above game.

Our new scheme consists of seven algorithms.

If

Note that

Note that, in our scheme, a ciphertext consists of three parts:

Assume that the scheme in [

We prove that our Basic CP-ABE scheme is selectively CPA-secure by the following two games.

This theorem is proven via the following lemmas. Lemma

Assume that the scheme in [

If the adversary

Let

Note that if

Assume that the CP-ABE scheme in [

If the adversary

Let

Now we have proven that the Basic CP-ABE scheme is selectively CPA-secure. After that we prove that if Basic CP-ABE scheme is selectively CPA-secure, then our new scheme is selectively CPA-secure.

Assume that Basic CP-ABE scheme is selectively CPA-secure. Then our new scheme is selectively CPA-secure.

If

If the guess

Our CP-ABE scheme is verifiable if the discrete logarithm assumption defined in Section

Suppose that there exists an adversary

Tables

Size of each value.

PK | MK | SK | CT | TK | RK | | |
---|---|---|---|---|---|---|---|

LCL 13 [ | | | None | | | | |

LDG 13 [ | | | | | | | |

GHW 11 [ | | | None | | | | |

Our scheme | | | | | | | |

Computational times.

Encrypt | Decrypt | Transform | | |
---|---|---|---|---|

LCL 13 [ | | None | | |

LDG 13 [ | | | | |

GHW 11 [ | | None | | |

Our scheme | | | | |

Property of each scheme.

Outsourcing | Verifiability | Constant ciphertext length | |
---|---|---|---|

LCL 13 [ | Yes | No | No |

LDG 13 [ | Yes | Yes | No |

GHW 11 [ | Yes | No | No |

Our scheme | Yes | Yes | Yes |

In order to evaluate the efficiency for our scheme, we implement our scheme with java pairing-based cryptography (JPBC) library [

Decryption time.

Transformation time.

Outsourcing decryption time.

Ciphertext length.

Partial decryption ciphertext length.

In this article, we propose a new verifiable outsourced CP-ABE scheme with constant ciphertext length and, moreover, we prove that our scheme is secure and verifiable in standard model. Security in our scheme is reduced to that of scheme in [

The authors declare that they have no competing interests.

This research is supported by the National Natural Science Foundation of China (61272542, 61472083, 61202450, 61402110, and 61672207), Jiangsu Provincial Natural Science Foundation of China (BK20161511), the Priority Academic Program Development of Jiangsu Higher Education Institutions, the Fundamental Research Funds for the Central Universities (2016B10114), Jiangsu Collaborative Innovation Center on Atmospheric Environment and Equipment Technology, and the Project of Scientific Research Innovation for College Graduate Student of Jiangsu Province (KYZZ15_0151).