Application Research Of Revocable Attribute-Based Encryption System

With the rapid development and popularity of cloud computing,individuals and enterprises begin to outsource their data to public clouds,and store,manage and share data via the clouds.Unfortunately,the introduction of cloud computing gives birth to more complex security requirements including the secure data sharing among different users.Motivated by these security requirements,the notion of Attribute-Based Encryption(ABE)has been proposed accordingly.Different from the traditional public key encryption system,an ABE scheme uses the attribute to represent the user's identity,and uses the attribute to define the access policy,so that the attribute-based encryption has the characteristics of one-to-many encryption and fine-grained access control.Due to the many-to-many relationship between users and attributes,it is difficult to revoke some specific attributes or users precisely.Therefore,the ABE scheme supporting the revocation function has attracted the attention from the cryptographic community.In order to promote the application of revocable ABE schemes in the real world,this paper has concentrated on the construction of revocable ABE with provable security.The contributions in this paper are listed as follows:1)This paper systematically classifies and summarizes the revocation mechanism in the existing ABE schemes.This paper also introduces two major categories of direct revocation and indirect revocation according to the basic classification of revocation.Besides,the advantages and disadvantages of existing revocation methods are also presented.2)This paper proposes an efficiently revocable attribute-based encryption scheme with privacy protection.Compared with traditional ABE schemes,the proposed scheme achieves the purpose of protecting users' privacy through partially hiding the access policy attached to the ciphertext.In addition,the solution supports direct revocation,in which revoking a specific user will not affect other users.Considering that some users may be equipped with resource-constrained devices,the proposed scheme introduces the outsourcing technology,which greatly reduces the computational overhead caused by the decryption.3)Based on the revocation mechanism in the attribute-based encryption scheme supporting non-monotone access structure,this paper presents an efficient and flexible puncturable encryption scheme.Compared with the puncturable encryption scheme for the first time proposed by Green and Miers,the proposed scheme realizes constant-size ciphertexts,so the communication overheads are obviously reduced in the encryption system.In the proposed scheme,the user can selectively update the private key,which achieves fine-grained revocation of the decryption capability for single or multiple ciphertexts.When the private key is exposed,the ciphertexts that are revoked still keep confidential.That is,the fine-grained forward secrecy is achieving.By combining a hierarchical identity-based encryption scheme with the proposed scheme,this paper further propsoed a puncturable forward security encryption scheme,which effectively reduces the storage space for the users' private keys.