Attribute-Based Encryption with Efficient Keyword Search and User Revocation

  • Jingwei Wang
  • Xinchun YinEmail author
  • Jianting Ning
  • Geong Sen Poh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11449)


Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology and a key component that enable secure data sharing in a cloud environment through fine-grained access control. Since it was introduced, many interesting schemes have been proposed. However, in addition to managing data sharing through access control, a comprehensive scheme should also cater for user revocation and ciphertext queries. This is because in a cloud environment new users may join while existing users may leave the system. At the same time, given the potentially large amount of data stored in a cloud storage, user should be able to retrieve the required files efficiently in a privacy-preserving manner. To address the above issue, in this paper, we propose a practical searchable CP-ABE scheme supporting user revocation. In contrast to existing schemes that provide only single keyword query, our efficient search function provides conjunctive search, which allows user to locate a ciphertext related to a set of keywords. The computation overhead of our user revocation is at least on par with existing schemes. Besides, the security analysis indicates that the proposed scheme is secure under the decisional Bilinear Diffie-Hellman assumption. We also provide extensive experimental results to confirm the efficiency and feasibility of our proposed construction.


Attribute-based encryption Keyword search User revocation Access control Cloud storage 



We are grateful to the anonymous reviewers for their invaluable suggestions. This work was supported in part by the National Natural Science Foundation of China (61472343,61702237), the Natural Science Foundation of Jiangsu Province, China (BK20150241), National Research Foundation, Prime Minister’s Office, Singapore, under its Corporate Laboratory@University Scheme, National University of Singapore, and Singapore Telecommunications Ltd.


  1. 1.
    Beimel, A.: Secure schemes for secret sharing and key distribution. Int. J. Pure Appl. Math. (1996)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)Google Scholar
  3. 3.
    De Caro, A., Iovino, V.: JPBC: Java pairing based cryptography. In: Computers and Communications, pp. 850–855 (2011)Google Scholar
  4. 4.
    Cui, J., Zhou, H., Zhong, H., Yan, X.: Akser: attribute-based keyword search with efficient revocation in cloud computing. Inf. Sci. 423, 343–352 (2018)CrossRefGoogle Scholar
  5. 5.
    Ge, X., Jia, Y., Chengyu, H., Zhang, H., Hao, R.: Enabling efficient verifiable fuzzy keyword search over encrypted data in cloud computing. IEEE Access 6, 45725–45739 (2018)CrossRefGoogle Scholar
  6. 6.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)Google Scholar
  7. 7.
    Imine, Y., Lounis, A., Bouabdallah, A.: Revocable attribute-based access control in mutli-autority systems. J. Netw. Comput. Appl. 122, 61–76 (2018)CrossRefGoogle Scholar
  8. 8.
    Lewko, A., Waters, B.: New proof methods for attribute-based encryption: achieving full security through selective techniques. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 180–198. Springer, Heidelberg (2012). Scholar
  9. 9.
    Li, J., Yao, W., Zhang, Y., Qian, H., Han, J.: Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans. Serv. Comput. 10(5), 785–796 (2017)CrossRefGoogle Scholar
  10. 10.
    Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, Hong Kong, China, March, pp. 386–390 (2011)Google Scholar
  11. 11.
    Li, W., Xue, K., Xue, Y., Hong, J.: Tmacs: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans. Parallel Distrib. Syst. 27(5), 1484–1496 (2016)CrossRefGoogle Scholar
  12. 12.
    Liang, K., Susilo, W.: Searchable attribute-based mechanism with efficient data sharing for secure cloud storage. IEEE Trans. Inf. Forensics Secur. 10(9), 1981–1992 (2017)CrossRefGoogle Scholar
  13. 13.
    Lin, S., Zhang, R., Ma, H., Wang, M.: Revisiting attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Inf. Forensics Secur. 10(10), 2119–2130 (2017)CrossRefGoogle Scholar
  14. 14.
    Ning, J., Cao, Z., Dong, X., Gong, J., Chen, J.: Traceable CP-ABE with short ciphertexts: how to catch people selling decryption devices on eBay efficiently. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part II. LNCS, vol. 9879, pp. 551–569. Springer, Cham (2016). Scholar
  15. 15.
    Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \(\sigma \) -time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 13(1), 94–105 (2017)CrossRefGoogle Scholar
  16. 16.
    Ning, J., Cao, Z., Dong, X., Liang, K., Wei, L., Choo, K.-K.R.: Cryptcloud+: secure and expressive data access control for cloud storage. IEEE Trans. Serv. Comput. (2018)Google Scholar
  17. 17.
    Ning, J., Cao, Z., Dong, X., Wei, L.: White-box traceable CP-ABE for cloud storage service: how to catch people leaking their access credentials effectively. IEEE Trans. Dependable Secur. Comput. 15(5), 883–897 (2016)CrossRefGoogle Scholar
  18. 18.
    Ning, J., Cao, Z., Dong, X., Wei, L., Lin, X.: Large universe ciphertext-policy attribute-based encryption with white-box traceability. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part II. LNCS, vol. 8713, pp. 55–72. Springer, Cham (2014). Scholar
  19. 19.
    Ning, J., Dong, X., Cao, Z., Wei, L.: Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015, Part II. LNCS, vol. 9327, pp. 270–289. Springer, Cham (2015). Scholar
  20. 20.
    Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forensics Secur. 10(6), 1274–1288 (2015)CrossRefGoogle Scholar
  21. 21.
    Ning, J., Jia, X., Liang, K., Zhang, F., Chang, E.-C.: Passive attacks against searchable encryption. IEEE Trans. Inf. Forensics Secur. 14(3), 789–802 (2019)CrossRefGoogle Scholar
  22. 22.
    Padhya, M., Jinwala, D.: A novel approach for searchable CP-ABE with hidden ciphertext-policy. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 167–184. Springer, Cham (2014). Scholar
  23. 23.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). Scholar
  24. 24.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, S&P 2000, Proceedings, pp. 44–55. IEEE (2000)Google Scholar
  25. 25.
    Su, H., Zhu, Z., Sun, L., Pan, N.: Practical searchable CP-ABE in cloud storage. In: 2nd IEEE International Conference on Computer and Communications (ICCC), pp. 180–185. IEEE (2016)Google Scholar
  26. 26.
    Sun, W., Yu, S., Lou, W., Hou, Y.T., Li, H.: Protecting your right: attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud. In: IEEE Proceedings on INFOCOM 2014, pp. 226–234. IEEE (2014)Google Scholar
  27. 27.
    Wang, H., Dong, X., Cao, Z.: Multi-value-independent ciphertext-policy attribute based encryption with fast keyword search. IEEE Trans. Serv. Comput. (2017)Google Scholar
  28. 28.
    Wang, S., Zhang, X., Zhang, Y.: Efficiently multi-user searchable encryption scheme with attribute revocation and grant for cloud storage. Plos One 11(11), e0167157 (2016)CrossRefGoogle Scholar
  29. 29.
    Wang, S., Zhou, J., Liu, J.K., Yu, J., Chen, J., Xie, W.: An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(6), 1265–1277 (2016)CrossRefGoogle Scholar
  30. 30.
    Xiong, A.-P., Gan, Q.-X., He, X.-X., Zhao, Q.: A searchable encryption of CP-ABE scheme in cloud storage. In: 10th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP 2013), pp. 345–349. IEEE (2013)Google Scholar
  31. 31.
    Yang, Y., Liu, J.K., Liang, K., Choo, K.-K.R., Zhou, J.: Extended proxy-assisted approach: achieving revocable fine-grained encryption of cloud data. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015, Part II. LNCS, vol. 9327, pp. 146–166. Springer, Cham (2015). Scholar
  32. 32.
    Yang, Y., Li, H., Liu, W., Yao, H., Wen, M.: Secure dynamic searchable symmetric encryption with constant document update cost. In: Global Communications Conference (GLOBECOM), IEEE 2014 , pp. 775–780. IEEE (2014)Google Scholar
  33. 33.
    Zhang, P., Chen, Z., Liang, K., Wang, S., Wang, T.: A cloud-based access control scheme with user revocation and attribute update. In: Liu, J.K.K., Steinfeld, R. (eds.) ACISP 2016, Part I. LNCS, vol. 9722, pp. 525–540. Springer, Cham (2016). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Jingwei Wang
    • 1
  • Xinchun Yin
    • 1
    • 2
    Email author
  • Jianting Ning
    • 3
  • Geong Sen Poh
    • 3
  1. 1.School of Information EngineeringYangzhou UniversityYangzhouChina
  2. 2.Yangzhou University Guangling CollegeYangzhouChina
  3. 3.Department of Computer ScienceNational University of SingaporeSingaporeSingapore

Personalised recommendations