Time-Based Direct Revocable Ciphertext-Policy Attribute-Based Encryption with Short Revocation List

  • Joseph K. LiuEmail author
  • Tsz Hon Yuen
  • Peng Zhang
  • Kaitai Liang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10892)


In this paper, we propose an efficient revocable Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme. We base on the direct revocation approach, by embedding the revocation list into ciphertext. However, since the revocation list will grow longer as time goes by, we further leverage this by proposing a secret key time validation technique so that users will have their keys expired on a date and the revocation list only needs to include those user keys revoked before their intended expired date (e.g. those user keys which have been stolen before expiry). These keys can be removed from the revocation list after their expiry date in order to keep the revocation list short, as these keys can no longer be used to decrypt ciphertext generated after their expiry time. This technique is derived from Hierarchical Identity-based Encryption (HIBE) mechanism and thus time periods are in hierarchical structure: year, month, day. Users with validity of the whole year can decrypt any ciphertext associated with time period of any month or any day within the year. By using this technique, the size of public parameters and user secret key can be greatly reduced. A bonus advantage of this technique is the support of discontinuity of user validity (e.g. taking no-paid leave).



This work was supported by Australian Research Council (ARC) Grant DP180102199, the National Natural Science Foundation of China (61702342), the Science and Technology Innovation Projects of Shenzhen (JCYJ20160307150216309, JCYJ20170302151321095) and Tencent “Rhinoceros Birds” -Scientific Research Foundation for Young Teachers of Shenzhen University.


  1. 1.
    Attrapadung, N., Imai, H.: Attribute-based encryption supporting direct/indirect revocation modes. In: Parker, M.G. (ed.) IMACC 2009. LNCS, vol. 5921, pp. 278–300. Springer, Heidelberg (2009). Scholar
  2. 2.
    Attrapadung, N., Imai, H.: Conjunctive broadcast and attribute-based encryption. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 248–265. Springer, Heidelberg (2009). Scholar
  3. 3.
    Attrapadung, N., Libert, B.: Functional encryption for inner product: achieving constant-size ciphertexts with adaptive security or support for negation. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 384–402. Springer, Heidelberg (2010). Scholar
  4. 4.
    Attrapadung, N., Libert, B., de Panafieu, E.: Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 90–108. Springer, Heidelberg (2011). Scholar
  5. 5.
    Au, M.H., Huang, Q., Liu, J.K., Susilo, W., Wong, D.S., Yang, G.: Traceable and retrievable identity-based encryption. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 94–110. Springer, Heidelberg (2008). Scholar
  6. 6.
    Au, M.H., Liu, J.K., Yuen, T.H., Wong, D.S.: Practical hierarchical identity based encryption and signature schemes without random oracles. IACR Cryptology ePrint Archive 2006/368 (2006)Google Scholar
  7. 7.
    Au, M.H., Yuen, T.H., Liu, J.K., Susilo, W., Huang, X., Xiang, Y., Jiang, Z.L.: A general framework for secure sharing of personal health records in cloud system. J. Comput. Syst. Sci. 90, 46–62 (2017)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Balu, A., Kuppusamy, K.: Ciphertext-policy attribute-based encryption with user revocation support. In: Singh, K., Awasthi, A.K. (eds.) QShine 2013. LNICST, vol. 115, pp. 696–705. Springer, Heidelberg (2013). Scholar
  9. 9.
    Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: CCS, pp. 417–426. ACM (2008)Google Scholar
  10. 10.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). Scholar
  11. 11.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). Scholar
  12. 12.
    Chow, S.S.M., Liu, J.K., Zhou, J.: Identity-based online/offline key encapsulation and encryption. In: ASIACCS, pp. 52–60. ACM (2011)Google Scholar
  13. 13.
    Chu, C., Liu, J.K., Zhou, J., Bao, F., Deng, R.H.: Practical id-based encryption for wireless sensor network. In: ASIACCS, pp. 337–340. ACM (2010)Google Scholar
  14. 14.
    Cui, H., Deng, R.H., Li, Y., Qin, B.: Server-aided revocable attribute-based encryption. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 570–587. Springer, Cham (2016). Scholar
  15. 15.
    Datta, P., Dutta, R., Mukhopadhyay, S.: General circuit realizing compact revocable attribute-based encryption from multilinear maps. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 336–354. Springer, Cham (2015). Scholar
  16. 16.
    Datta, P., Dutta, R., Mukhopadhyay, S.: Adaptively secure unrestricted attribute-based encryption with subset difference revocation in bilinear groups of prime order. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 325–345. Springer, Cham (2016). Scholar
  17. 17.
    He, K., Weng, J., Liu, J.K., Zhou, W., Liu, J.-N.: Efficient fine-grained access control for secure personal health records in cloud computing. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 65–79. Springer, Cham (2016). Scholar
  18. 18.
    Hong, J., Xue, K., Li, W.: Comments on “DAC-MACS: effective data access control for multiauthority cloud storage systems”/security analysis of attribute revocation in multiauthority data access control for cloud storage systems. IEEE Trans. Inf. Forensics Secur. 10(6), 1315–1317 (2015)CrossRefGoogle Scholar
  19. 19.
    Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)CrossRefGoogle Scholar
  20. 20.
    Liang, K., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S., Yang, G., Phuong, T.V.X., Xie, Q.: A dfa-based functional proxy re-encryption scheme for secure public cloud data sharing. IEEE Trans. Inf. Forensics Secur. 9(10), 1667–1680 (2014)CrossRefGoogle Scholar
  21. 21.
    Liang, K., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S., Yang, G., Yu, Y., Yang, A.: A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 52, 95–108 (2015)CrossRefGoogle Scholar
  22. 22.
    Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener. Comput. Syst. 52, 67–76 (2015)CrossRefGoogle Scholar
  23. 23.
    Liu, J.K., Au, M.H., Huang, X., Lu, R., Li, J.: Fine-grained two-factor access control for web-based cloud computing services. IEEE Trans. Inf. Forensics Secur. 11(3), 484–497 (2016)CrossRefGoogle Scholar
  24. 24.
    Liu, J.K., Yuen, T.H., Zhang, P., Liang, K.: Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list. IACR Cryptology ePrint Archive (2018)Google Scholar
  25. 25.
    Liu, Z., Wong, D.S.: Practical ciphertext-policy attribute-based encryption: traitor tracing, revocation, and large universe. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 127–146. Springer, Cham (2015). Scholar
  26. 26.
    Naruse, T., Mohri, M., Shiraishi, Y.: Attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating. In: Park, J., Stojmenovic, I., Choi, M., Xhafa, F. (eds.) Future Information Technology. LNEE, vol. 276, pp. 119–125. Springer, Heidelberg (2014). Scholar
  27. 27.
    Naruse, T., Mohri, M., Shiraishi, Y.: Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating. Hum.-Centric Comput. Inf. Sci. 5(1), 1–13 (2015)CrossRefGoogle Scholar
  28. 28.
    González-Nieto, J.M., Manulis, M., Sun, D.: Fully private revocable predicate encryption. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 350–363. Springer, Heidelberg (2012). Scholar
  29. 29.
    Qian, H., Li, J., Zhang, Y., Han, J.: Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. Int. J. Inf. Sec. 14(6), 487–497 (2015)CrossRefGoogle Scholar
  30. 30.
    Ruj, S., Nayak, A., Stojmenovic, I.: DACC: distributed access control in clouds. In: TrustCom 2011, pp. 91–98. IEEE Computer Society (2011)Google Scholar
  31. 31.
    Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012). Scholar
  32. 32.
    Shi, J., Huang, C., Wang, J., He, K., Wang, J.: An access control scheme with direct cloud-aided attribute revocation using version key. In: Sun, X., Qu, W., Stojmenovic, I., Zhou, W., Li, Z., Guo, H., Min, G., Yang, T., Wu, Y., Liu, L. (eds.) ICA3PP 2014. LNCS, vol. 8630, pp. 429–442. Springer, Cham (2014). Scholar
  33. 33.
    Wang, P., Feng, D., Zhang, L.: Towards attribute revocation in key-policy attribute based encryption. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 272–291. Springer, Heidelberg (2011). Scholar
  34. 34.
    Wang, S., Liang, K., Liu, J.K., Chen, J., Yu, J., Xie, W.: Attribute-based data sharing scheme revisited in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(8), 1661–1673 (2016)CrossRefGoogle Scholar
  35. 35.
    Wang, S., Zhou, J., Liu, J.K., Yu, J., Chen, J., Xie, W.: An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(6), 1265–1277 (2016)CrossRefGoogle Scholar
  36. 36.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Cryptology ePrint Archive, Report 2008/290 (2008).
  37. 37.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). Scholar
  38. 38.
    Xhafa, F., Wang, J., Chen, X., Liu, J.K., Li, J., Krause, P.: An efficient PHR service system supporting fuzzy keyword search and fine-grained access control. Soft Comput. 18(9), 1795–1802 (2014)CrossRefGoogle Scholar
  39. 39.
    Xie, X., Ma, H., Li, J., Chen, X.: An efficient ciphertext-policy attribute-based access control towards revocation in cloud computing. J. UCS 19(16), 2349–2367 (2013)Google Scholar
  40. 40.
    Xie, X., Ma, H., Li, J., Chen, X.: New ciphertext-policy attribute-based access control with efficient revocation. In: Mustofa, K., Neuhold, E.J., Tjoa, A.M., Weippl, E., You, I. (eds.) ICT-EurAsia 2013. LNCS, vol. 7804, pp. 373–382. Springer, Heidelberg (2013). Scholar
  41. 41.
    Yang, K., Jia, X., Ren, K., Zhang, B.: DAC-MACS: effective data access control for multi-authority cloud storage systems. In: INFOCOM, pp. 2895–2903. IEEE (2013)Google Scholar
  42. 42.
    Yang, K., Jia, X., Ren, K., Zhang, B., Xie, R.: DAC-MACS: effective data access control for multiauthority cloud storage systems. IEEE Trans. Inf. Forensics Secur. 8(11), 1790–1801 (2013)CrossRefGoogle Scholar
  43. 43.
    Yang, Y., Ding, X., Lu, H., Wan, Z., Zhou, J.: Achieving revocable fine-grained cryptographic access control over cloud data. In: Desmedt, Y. (ed.) ISC 2013. LNCS, vol. 7807, pp. 293–308. Springer, Cham (2015). Scholar
  44. 44.
    Yang, Y., Liu, J.K., Liang, K., Choo, K.-K.R., Zhou, J.: Extended proxy-assisted approach: achieving revocable fine-grained encryption of cloud data. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 146–166. Springer, Cham (2015). Scholar
  45. 45.
    Yang, Y., Liu, J., Wei, Z., Huang, X.: Towards revocable fine-grained encryption of cloud data: reducing trust upon cloud. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 127–144. Springer, Cham (2017). Scholar
  46. 46.
    Ye, J., Zhang, W., Wu, S., Gao, Y., Qiu, J.: Attribute-based fine-grained access control with user revocation. In: Linawati, L., Mahendra, M.S., Neuhold, E.J., Tjoa, A.M., You, I. (eds.) ICT-EurAsia 2014. LNCS, vol. 8407, pp. 586–595. Springer, Heidelberg (2014). Scholar
  47. 47.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: ASIACCS, pp. 261–270. ACM (2010)Google Scholar
  48. 48.
    Yuen, T.H., Zhang, Y., Yiu, S.M., Liu, J.K.: Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 130–147. Springer, Cham (2014). Scholar
  49. 49.
    Zhang, M.: New model and construction of ABE: achieving key resilient-leakage and attribute direct-revocation. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 192–208. Springer, Cham (2014). Scholar
  50. 50.
    Zuo, C., Shao, J., Liu, J.K., Wei, G., Ling, Y.: Fine-grained two-factor protection mechanism for data sharing in cloud storage. IEEE Trans. Inf. Forensics Secur. 13(1), 186–196 (2018)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Joseph K. Liu
    • 1
    Email author
  • Tsz Hon Yuen
    • 2
  • Peng Zhang
    • 3
  • Kaitai Liang
    • 4
  1. 1.Faculty of Information TechnologyMonash UniversityMelbourneAustralia
  2. 2.HuaweiSingaporeSingapore
  3. 3.Shenzhen UniversityShenzhenChina
  4. 4.University of SurreyGuildfordUK

Personalised recommendations