An Encryption and Decryption Outsourcing CP-ABE scheme Supporting Efficient Ciphertext Evolution

Abstract

Attribute-based encryption (ABE) provides fine-grained access control policy for encrypted data in semi-trusted cloud storage system, while encryption and decryption are quite expensive for users with resource constrained devices. Besides, key compromise also brings great security risks to the stored ciphertext for its long-term immutability. On one hand, ABE with decryption outsourcing is preferred to relieve user's computation cost, but the computational overhead of encryption for users also needs to be taken into account. On the other, the stored ciphertext needs to be updated periodically with a new method instead of data re-encryption with heavy computation and communication overhead. Therefore, a novel ciphertext-policy attribute-based encryption scheme supporting efficient periodic ciphertext evolution with encryption and decryption outsourcing (EDO-CE-CPABE) was proposed which can solve the aforementioned issues. It can ensure that the ciphertext and the key are transformed synchronously. As a result, legitimate users can always access data, while the key and the ciphertext are changing periodically from the view of an attacker. Security and performance analysis demonstrate the security, effectiveness and practicability of the proposed scheme, which also illustrates that periodic ciphertext evolution can reduce the probability for successful attacks and attribute revocation is supported to change user's access rights timely and effectively. Also, computation cost for users can be effectively reduced by encryption and decryption outsourcing.