Attribute-Based Encryption (ABE) must provide an efficient revocation mechanism since a user’s private key can be compromised or expired over time. The existing revocable ABE schemes have the drawbacks of heavy computational costs on key updates and encryption operations, which make the entities for performing these operations a possible bottleneck in practice applications. In this paper, we propose an efficient Ciphertext-Policy Attribute-Based Online/Offline Encryption with user Revocation (R-CP-ABOOE). We integrate the subset difference method with ciphertext-policy ABE to significantly improve key-update efficiency on the side of the trusted party from
Attribute-based encryption (ABE) is a promising alternative of encryption for achieving fine-grained access control of encrypted data. The notion of ABE is first proposed by Sahai and Waters [
Any ABE system must provide an efficient method to revoke users since a user’s private key can be compromised or expired over time. As a practical solution to the problem for ABE, Boldyreva et al. [
At the same time, in all revocable ABE schemes, the encryption process must perform a lot of exponentiations, and the encryption cost grows with the complexity of access policy or number of attributes. If a mobile device performs the encryption task, battery power and encryption time will be a large problem. To significantly reduce the encryption cost for mobile device, a few online/offline ABE schemes [
In this work, we propose an efficient ciphertext-policy attribute-based online/offline encryption with user revocation. In particular, our contributions have three aspects as follows:
ABE is a useful cryptographic technology to protect private data and achieve fine-grained access control simultaneously [
To reduce the encryption cost of ABE, a few works [
Therefore, it will be indispensable to reduce the heavy computational overhead on the key update work and the encryption task. Different from prior works, we integrate the SD method with the online/offline technique in the CP-ABE system, which not only may efficiently revoke users, but also can significantly improve the key-update efficiency and encryption efficiency.
We review some preliminaries in Section
In this section, we first elaborate the definitions of bilinear group and the complexity assumption for our R-CP-ABOOE scheme. Then we state a brief review of access structures and linear secret-sharing schemes (LSSS). Finally, we introduce the notions of full binary tree and the subset difference method.
We give some notations. For
Let
Given a security parameter
Let
Let
We follow the terminologies on the full binary tree in [
Let
Let
Let
As a general revocation methodology, Subset-Cover framework [
The SD scheme for the set
It outputs the covering collection
The R-CP-ABOOE scheme consists of eight algorithms: Setup, KeyGen, KeyUpdate, DecKey,
The correctness of R-CP-ABOOE: For
The selective security of R-CP-ABOOE is formally described as the following game between a challenger
This phase must be satisfied by the restricted condition as follows:
Only if
Our scheme is selectively secure if any PPT adversary can break the above game with negligible advantage.
At a high level we explain how to construct our scheme. We uses the full binary tree with
Given the revoked users’ set
For
Our R-CP-ABOOE scheme is described as follows:
Second, it retrieves
Finally, it outputs a decryption-key
Our scheme is selectively secure under chosen plaintext attacks if the
Suppose there exists a PPT adversary
Finally, it publishes public keys
If
If
If
If
If
This section elaborates the comparisons between our R-CP-ABOOE and some related ABE schemes on the functionalities and efficiency respects. We summarized the comparison results in Table
Comparisons of the related attribute-based encryption schemes.
Schemes | Online-Enc cost | Key-update cost | Ciphertext size | Update-key size | Rev |
---|---|---|---|---|---|
[ | | | | | |
[ | | - | | - | √ |
[ | | - | | - | √ |
[ | | - | | - | × |
Ours | | (14 | | | √ |
In Table
In addition, compared with the indirectly revocable ABE [
In this work, we deal with the key-update efficiency and the encryption efficiency issues in revocable CP-ABE systems and propose an efficient ciphertext-policy attribute-based online/offline encryption with user revocation (R-CP-ABOOE), which is proven to be selectively secure under the
“No data were used to support this study.”
The three authors confirm that they have no conflicts of interest.
This work is supported by Jiangsu Overseas Visiting Scholar Program for University Prominent Young and Middle-aged Teachers and Presidents, the National Natural Science Foundation of China (Nos. 61402244, 11371207, and 61762044), Nantong City Application Basic Research Project (No. GY12017024), and the Zhejiang Natural Science Foundation (LY15F020010).