Practical traceable multi-authority CP-ABE with outsourcing decryption and access policy updation

Abstract

Multi-authority ciphertext policy attribute-based encryption (CP-ABE) is one of the promising approaches where multiple authorities issue and manage various attributes to achieve fine-grained access control on stored data in cloud platforms. However, the practical use of multi-authority CP-ABE (MCP-ABE) requires satisfaction of different features. Firstly, in MCP-ABE, users having the same set of attributes must share the same decryption privileges. This may potentially lead to exposure of decryption keys by some malicious users. Thus, there is a need of designing MCP-ABE with traceability to overcome this problem. Secondly, as the cost of decryption increases with the complexity of access policy, it is preferred to provide the functionality of outsourcing decryption to reduce the computational burden on the user. Finally, the data owners must have flexibility to change the access policy. Hence, policy updation must be an integral part of MCP-ABE scheme. In this paper, we construct a new multi-authority CP-ABE scheme over large attribute universe with decentralization of authorities that supports white-box traceability along with policy updation and outsourcing decryption. Our proposed cryptosystem is built on prime order groups and supports monotonic access structures. These features improve efficiency and expressiveness of our system. We implemented our proposed cryptosystem in Charm cryptographic framework and analyzed its performance with a diverse set of test cases.