Advances in Cryptology – CRYPTO 2012

Volume 7417 of the series Lecture Notes in Computer Science pp 199-217

Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption

  • Amit SahaiAffiliated withDepartment of Computer Science, UCLA
  • , Hakan SeyaliogluAffiliated withDepartment of Mathematics, UCLA
  • , Brent WatersAffiliated withDepartment of Computer Science, University of Texas at Austin


Motivated by the question of access control in cloud storage, we consider the problem using Attribute-Based Encryption (ABE) in a setting where users’ credentials may change and ciphertexts may be stored by a third party. Our main result is obtained by pairing two contributions:
  • We first ask how a third party who is not trusted with secret key information can process a ciphertext to disqualify revoked users from decrypting data encrypted in the past. Our core tool is a new procedure called ciphertext delegation that allows a ciphertext to be ‘re-encrypted’ to a more restrictive policy using only public information.

  • Second, we study the problem of revocable attribute-based encryption. We provide the first fully secure construction by modifying an attribute-based encryption scheme due to Lewko et al. [9] and prove security in the standard model.

We then combine these two results for a new approach for revocation on stored data. Our scheme allows a storage server to update stored ciphertexts to disqualify revoked users from accessing data that was encrypted before the user’s access was revoked while key update broadcasts can dynamically revoke selected users.