(Dual) server-aided revocable attribute-based encryption with decryption key exposure resistance

Abstract

Attribute-based encryption (ABE) is a promising approach that enables scalable access control on encrypted data. However, one of the main efficiency drawbacks of ABE is the lack of practical user revocation mechanisms. In ESORICS 2016, Cui et al. proposed the first cloud server-aided revocable ABE scheme to achieve efficient user revocation. However, the cloud server cannot be fully compromised by an adversary. Otherwise, it will suffer from local decryption key exposure (DKE) attacks. In this paper, we first revisit Cui et al. security model, and enhance it by capturing the DKE attacks on user’s local decryption keys and meanwhile allowing the adversary to fully corrupt the cloud server. We then construct a server-aided revocable ABE based on Rouselakis–Waters ciphertext-policy ABE (CCS 2013). It was showed that our scheme is secure in the new security model and maintains the outstanding properties of efficient user revocation, short local ciphertext size and fast local decryption. Further, we propose a dual framework for server-aided revocable ABE, in which the update keys are distributed to local users rather than the cloud server. With the exception of interaction with the KGC, the local user still has the same efficiency as that of first scheme.