Decentralized, Revocable and Verifiable Attribute-Based Encryption in Hybrid Cloud System

Cloud can provide storage space and services for data owners to host their data, where data privacy and confidentiality become critical issues. Ciphertext policy attribute-based encryption (CP-ABE) is one of the most suitable methods to protect data privacy and provide structured access control. In this paper, we propose a multi-authority CP-ABE scheme with a direct attribute revocation mechanism, cause revocation is an inevitable problem in the application process. Under our proposed revocation mechanism, the remaining users need not to update their secret keys when revocation happens. It relies on the matching of public keys’ version and ciphertext’ version. In a cloud storage model, the update of ciphertext is executed by public cloud, which cannot be fully trusted by data owners. In this case, we propose a hybrid CP-ABE cloud storage model aiming at solving the public cloud trust management problem. The data owners can authorize private cloud to verify whether their ciphertexts have been updated to the newest version. In addition, we prove our construction secure in selective-CPA model. Finally, we compare our scheme with similar multi-authority CP-ABE schemes from functionality, communication overhead and computation cost. The simulation results show that our scheme is more efficient than similar works in encryption, decryption and revocation stages.