Abstract: Attribute-based encryption (ABE) scheme which can achieve fine-grained access control is more and more widely used in cloud storage. However, it is an important challenge to solve dynamic user and attribute revocation in the original scheme. In order to solve this problem, this paper proposes a ciphertext-policy ABE (CP-ABE) scheme which can achieve attribute level user attribution, namely if an attribute of some user is revoked, it cannot influence the common access of other legitimate attributes. If an attribute is revoked, the ciphertext corresponding to this attribute should be updated based on the designed broadcast attribute-based encryption scheme so that only the persons whose attributes meet the access strategy and have not been revoked will be able to carry out the key updating and decrypt the ciphertext successfully. Our scheme is proved secure based on the q-Parallel Bilinear Diffie-Hellman Exponent assumption in the standard model, therefore, it has stronger security. In addition, the relative operations associated with the attributes revocation are migrated to the cloud storage provider (CSP) to implement, which reduces the computational load of attribute authority (AA) greatly. Finally, the performance analysis and experimental verification are carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although our scheme increases the computational load of CSP for achieving the attribute revocation, it does not need the participation of AA, which reduces the computational load of AA. In addition, the user does not need any additional parameters to achieve the attribute revocation except of the private key, thus saving the storage space greatly.

Key words: attribute-based encryption (ABE), data outsourcing, ciphertext policy, revocation, access control