Abstract:
Attribute-based encryption has great advantages in achieving fine-grained secure sharing for cloud data. Due to the dynamic changes of user access rights in cloud storage, data re-encryption is an effective method to ensure the forward security of ciphertext when the attribute or user private key is revoked, but the corresponding computation overhead and communication overhead of data uploading and downloading are too large. To address these issues, an updatable attribute-based encryption scheme is proposed to support dynamic changes of user rights (SDCUR-UABE). By constructing the attribute version key and user version key in ciphertext-policy attribute-based encryption, only the corresponding components of transformation key in user’s private key need to be updated when the user attribute is revoked. Similarly, when a system attribute is revoked, the corresponding attribute version key needs to be updated to implement replaceable update of part components for the ciphertext and key. Next, only the user version key needs to be updated when the user private key is revoked. Therefore the expensive computation and communication overhead caused by ciphertext update based on data re-encryption can be avoided. Besides, key segmentation is used to realize data decryption outsourcing to reduce the user’s decryption overhead in the construction of the scheme. Theoretical analysis and experimental verification show that the proposed scheme can effectively solve the computing efficiency and communication overhead of ciphertext update when the user rights are dynamically changed in the cloud storage system, and greatly reduce the computational complexity of user decryption under the premise of guaranteeing forward security for ciphertext.