Expressive ciphertext-policy attribute-based encryption with direct user revocation

Abstract

Attribute-based encryption enables fine-grained access control on sensitive data with a specific user set. However, traditional ABE schemes cannot satisfy practical requirements of data sharing applications where users may leave or join a system frequently. In this paper, a ciphertext-policy ABE scheme with direct user revocation (DUR-CP-ABE) is proposed. In DUR-CP-ABE, both the private key and the ciphertext contain partial components associated with a user identity and a revocation list, respectively. A user can decrypt a ciphertext if and only if he/she is not in the revocation list and his/her attribute set satisfies the access policy, simultaneously. In addition, whenever revocation events occur, only ciphertext components associated with the revocation list need to be updated. Finally, the DUR-CP-ABE scheme is proved selectively secure under the decisional q-bilinear Diffie-Hellman exponent assumption in the standard model. Compared with the existing revocation-related schemes, the new scheme can achieve high efficiency and ensure the expression ability of access structure.