CP-ABE Optimization via the Flexible Integration of Access Policies Containing Multiple Shared Subpolicies

Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) is a cryptographic scheme that is suitable for cloud storage and can realize secure data sharing. However, in most existing CP-ABE schemes, the encryption computational overhead is proportional to the number of attributes in the access policy. Therefore, reducing the computational overhead of the scheme’s encryption is an important consideration to improve its efficiency. Furthermore, in the scenario where the access control policies corresponding to different data shared by the same data owner have multiple shared subpolicies, there is still further optimizing space for encryption. This study proposes an optimization approach for CP-ABE via the flexible integration of access policies with multiple shared subpolicies. Regarding the root nodes of policies being both the same and different, we provide optimal policy integration methods to reduce the overall encryption computation cost of the data associated with these access policies. Under the premise of preserving the original security of the CP-ABE scheme, this scheme avoids repeated calculation related to the shared subpolicies during encryption, thus improving the scheme’s efficiency. Finally, the correctness and feasibility of the scheme are examined and verified by theoretical analysis and experiments.