Efficient Hidden Policy Ciphertext-Policy Attribute-Based Encryption Schemes In Cloud

Cloud storage services are more and more used by people owing to cloud computing’s huge development.A large amount of user data in cloud storage contains the extremely important personal privacy of each user.Therefore,ensuring data security and user privacy is the core of cloud storage technology.However,the storage mode of cloud storage makes it impossible for users to control the data in person.A method is needed to ensure the security of data storage and sharing on the cloud.Ciphertext-policy attribute-based encryption(CP-ABE)mechanism realizes data security through access control.The access control policy will be uploaded to the cloud by the data owner together with the ciphertext in the form of plaintext,which may leak the data owner’s and the user’s privacy.Hidden policy CP-ABE schemes(HP-CP-ABE)were born to address this problem.The HP-CP-ABE schemes are further divided into partially hidden policy CP-ABE(PHP-CP-ABE)and fully hidden policy CP-ABE(FHP-CP-ABE).This paper focuses on these two kinds of schemes and works as follows:1)Aiming at the low authentication efficiency and the lack of support for attribute revocation of existing PHP-CP-ABE schemes,a PHP-CP-ABE scheme that supports outsourcing authentication and attribute revocation is proposed.In the encryption stage,the scheme entrusts part of the calculation of encryption parameters to the cloud service provider for execution.The data owner encrypts the final ciphertext based on the outsourced encrypted ciphertext,which reduces the computational burden of the data owner.In the decryption phase,the scheme divides the user’s key into two parts: the outsourced decryption keys and the user’s private key.Cloud service providers use outsourced decryption keys to help users complete user authentication and partial decryption.After receiving the outsourced decrypted ciphertext,the user only needs to perform an exponentiation operation to restore the plaintext,which greatly reduces the user’s computational overhead.In addition,a dynamic revocation algorithm for users and attributes in the system is also designed.2)Aiming at the efficiency problem of existing FHP-CP-ABE schemes,a FHP-CP-ABE scheme that supports trusted mapping reconstruction and user revocation is proposed.During the decryption phase,the work of reconstructing the access control policy attribute mapping is handed over to the blockchain.At the same time,cloud service providers are used to help users perform identity authentication and most of the decryption work.After receiving the outsourced decryption results,users only need to perform a small number of operations to retrieve the plaintext.In existing schemes,users need to reconstruct attribute mapping and decryption by themselves.Compared with existing schemes,the proposed scheme reduces a large amount of computational burden on users.In addition,a user revocation method is also designed.When the user revokes,there is no need to re-encrypt the ciphertext and update the key,which reduces the communication overhead of the system.Finally,we prove the security of the proposed schemes with the theoretical analysis.The simulation results prove the high efficiency of the proposed schemes.