Skip to main content
SpringerLink
Log in

Puncturable ciphertext-policy attribute-based encryption scheme for efficient and flexible user revocation

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

With the rapid deployment of storage services, secure and efficient user authorization and revocation data shared through the cloud have become a grand challenge hindering cloud data applications. When previous direct and indirect user revocation schemes implemented large-scale user revocation, they faced heavy communication and computational costs. To address these challenges, this study presents a new encryption scheme that combines ciphertext-policy attribute-based encryption (CP-ABE) with puncturable encryption to achieve efficient and flexible user revocation. We design a proxy server to reduce the computational overhead in the decryption phase. Because the puncture process is performed on a semi-honest cloud, we use the digital signature method to verify the correctness of its operation. Furthermore, we prove the security of our scheme under the chosen-plaintext attack (CPA), and compare it with other schemes to highlight its advantages. Numerical analysis and experimental simulation results reveal that our scheme is more suitable than other schemes for use in a cloud environment for user revocation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Feng X Q, Ma J F, Liu S B, et al. Auto-scalable and fault-tolerant load balancing mechanism for cloud computing based on the proof-of-work election. Sci China Inf Sci, 2022, 65: 112102

    Article  MathSciNet  Google Scholar 

  2. Wang C Y, Wang D, Xu G A, et al. Efficient privacy-preserving user authentication scheme with forward secrecy for industry 4.0. Sci China Inf Sci, 2022, 65: 112301

    Article  MathSciNet  Google Scholar 

  3. Helil N, Rahman K. CP-ABE access control scheme for sensitive data set constraint with hidden access policy and constraint policy. Secur Commun Netw, 2017, 2017: 1–13

    Article  Google Scholar 

  4. Liu Q, Wang G, Wu J. Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf Sci, 2014, 258: 355–370

    Article  Google Scholar 

  5. Cui J, Li B, Zhong H, et al. A practical and efficient bidirectional access control scheme for cloud-edge data sharing. IEEE Trans Parallel Distrib Syst, 2021, 33: 476–488

    Article  Google Scholar 

  6. Li X P, Pan D Y, Wang Y D, et al. Scheduling multi-tenant cloud workflow tasks with resource reliability. Sci China Inf Sci, 2022, 65: 192106

    Article  MathSciNet  Google Scholar 

  7. Zhao Y, Xu K, Li Q, et al. Intelligent networking in adversarial environment: challenges and opportunities. Sci China Inf Sci, 2022, 65: 170301

    Article  Google Scholar 

  8. Han D, Pan N, Li K C. A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection. IEEE Trans Dependable Secure Comput, 2022, 19: 316–327

    Article  Google Scholar 

  9. Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy, 2007. 321–334

  10. Hoang V H, Lehtihet E, Ghamri-Doudane Y. Forward-secure data outsourcing based on revocable attribute-based encryption. In: Proceedings of the 15th International Wireless Communications & Mobile Computing Conference, 2019. 1839–1846

  11. Junod P, Karlov A. An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies. In: Proceedings of the 10th Annual ACM Workshop on Digital Rights Management, 2010. 13–24

  12. Zhou Z, Huang D, Wang Z. Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Trans Comput, 2013, 64: 126–138

    Article  MathSciNet  MATH  Google Scholar 

  13. Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst, 2010, 22: 1214–1221

    Article  Google Scholar 

  14. Cui H, Deng R H, Ding X, et al. Attribute-based encryption with granular revocation. In: Proceedings of International Conference on Security and Privacy in Communication Systems. Cham: Springer, 2016. 165–181

    Google Scholar 

  15. Wei J, Chen X, Huang X, et al. RS-HABE: revocable-storage and hierarchical attribute-based access scheme for secure sharing of e-health records in public cloud. IEEE Trans Dependable Secure Comput, 2019,: 1

  16. Hao J, Tang W, Huang C, et al. Secure data sharing with flexible user access privilege update in cloud-assisted IoMT. IEEE Trans Emerg Top Comput, 2022, 10: 933–947

    Article  Google Scholar 

  17. Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Proceedings of Annual International Cryptology Conference. Berlin: Springer, 2005. 258–275

    Google Scholar 

  18. Lewko A, Sahai A, Waters B. Revocation systems with very small private keys. In: Proceedings of 2010 IEEE Symposium on Security and Privacy, 2010. 273–285

  19. Naor M, Pinkas B. Efficient trace and revoke schemes. In: Proceedings of International Conference on Financial Cryptography. Berlin: Springer, 2000. 1–20

    Google Scholar 

  20. Hao J, Liu J, Wu W, et al. Secure and fine-grained self-controlled outsourced data deletion in cloud-based IoT. IEEE Internet Things J, 2019, 7: 1140–1153

    Article  Google Scholar 

  21. Sahai A, Waters B. Fuzzy identity-based encryption. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, Berlin: Springer, 2005. 457–473

    Google Scholar 

  22. Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006. 89–98

  23. Guan Z T, Yang W T, Zhu L H, et al. Achieving adaptively secure data access control with privacy protection for lightweight IoT devices. Sci China Inf Sci, 2021, 64: 162301

    Article  MathSciNet  Google Scholar 

  24. Li Z P, Sharma V, Ma C G, et al. Ciphertext-policy attribute-based proxy re-encryption via constrained PRFs. Sci China Inf Sci, 2021, 64: 169301

    Article  MathSciNet  Google Scholar 

  25. Green M, Hohenberger S, Waters B. Outsourcing the decryption of ABE ciphertexts. In: Proceedings of the 20th USENIX Security Symposium, 2011. 523–538

  26. Lai J Z, Deng R H, Guan C, et al. Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inform Forensic Secur, 2013, 8: 1343–1354

    Article  Google Scholar 

  27. Qin B D, Deng R H, Liu S L, et al. Attribute-based encryption with efficient verifiable outsourced decryption. IEEE Trans Inform Forensic Secur, 2015, 10: 1384–1393

    Article  Google Scholar 

  28. Lin S, Zhang R, Ma H, et al. Revisiting attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inform Forensic Secur, 2015, 10: 2119–2130

    Article  Google Scholar 

  29. Hohenberger S, Waters B. Online/offline attribute-based encryption. In: Proceedings of International Workshop on Public Key Cryptography, 2014. 293–310

  30. Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007. 195–203

  31. Zhang P, Chen Z, Liang K, et al. A cloud-based access control scheme with user revocation and attribute update. In: Proceedings of Australasian Conference on Information Security and Privacy. Cham: Springer, 2016. 525–540

    Chapter  Google Scholar 

  32. Edemacu K, Jang B, Kim J W. Collaborative ehealth privacy and security: an access control with attribute revocation based on OBDD access structure. IEEE J Biomed Health Inform, 2020, 24: 2960–2972

    Article  Google Scholar 

  33. Tu S, Waqas M, Huang F, et al. A revocable and outsourced multi-authority attribute-based encryption scheme in fog computing. Comput Networks, 2021, 195: 108196

    Article  Google Scholar 

  34. Zhang R, Li J, Lu Y, et al. Key escrow-free attribute based encryption with user revocation. Inf Sci, 2022, 600: 59–72

    Article  Google Scholar 

  35. Wang J, Yin X, Ning J, et al. Attribute-based encryption with efficient keyword search and user revocation. In: Proceedings of International Conference on Information Security and Cryptology. Cham: Springer, 2018. 490–509

    Google Scholar 

  36. Green M D, Miers I. Forward secure asynchronous messaging from puncturable encryption. In: Proceedings of 2015 IEEE Symposium on Security and Privacy, 2015. 305–320

  37. Phuong T V X, Ning R, Xin C, et al. Puncturable attribute-based encryption for secure data delivery in Internet of Things. In: Proceedings of IEEE Conference on Computer Communications, 2018. 1511–1519

  38. Sun S F, Yuan X, Liu J K, et al. Practical backward-secure searchable encryption from symmetric puncturable encryption. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, 2018. 763–780

  39. Wei J, Chen X, Wang J, et al. Forward-secure puncturable identity-based encryption for securing cloud emails. In: Proceedings of European Symposium on Research in Computer Security, 2019. 134–150

  40. Sun S F, Sakzad A, Steinfeld R, et al. Public-key puncturable encryption: modular and compact constructions. In: Proceedings of IACR International Conference on Public-Key Cryptography. Cham: Springer, 2020. 309–338

    Google Scholar 

  41. Xiong H, Wang L, Zhou Z, et al. Burn after reading: adaptively secure puncturable identity-based proxy re-encryption scheme for securing group message. IEEE Internet Things J, 2022, 9: 11248–11260

    Article  Google Scholar 

  42. Dutta P, Jiang M, Duong D H, et al. Hierarchical identity-based puncturable encryption from lattices with application to forward security. In: Proceedings of the ACM on Asia Conference on Computer and Communications Security, 2022. 408–422

Download references

Acknowledgements

This work was supported by National Key Research and Development Program of China (Grant No. 2021YFB3101100), National Natural Science Foundation of China (Grant Nos. 61902290, 62072352), Key Research and Development Program of Shaanxi (Grant Nos. 2020ZDLGY09-06, 2019ZDLGY12-04), and Guangxi Key Laboratory of Trusted Software (Grant No. kx202004).

Author information

Authors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, 710126, China

    Dilxat Ghopur, Jianfeng Ma, Xindi Ma, Yinbin Miao & Tao Jiang

  2. Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology, Guilin, 541004, China

    Xindi Ma

  3. Xi’an Satellite Control Center, Xi’an, 710043, China

    Jialu Hao

Authors
  1. Dilxat Ghopur
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xindi Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yinbin Miao
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jialu Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tao Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xindi Ma.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ghopur, D., Ma, J., Ma, X. et al. Puncturable ciphertext-policy attribute-based encryption scheme for efficient and flexible user revocation. Sci. China Inf. Sci. 66, 172104 (2023). https://doi.org/10.1007/s11432-022-3585-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-022-3585-9

Keywords

Search

Navigation