Abstract: Attribute-based encryption (ABE) is a new type of public key encryption method that can implement fine-grained access control on data in cloud servers, but the computational overhead of key distribution, data encryption and data decryption processes in attribute-based encryption is too expensive, which causes a large computational burden on the user with limited computing resources. In order to solve this problem, this paper constructs an attribute-based encryption scheme which supports key attribute revocation, outsource key distribution and data decryption work to the cloud server, at the same time, the proposed scheme can verify the correctness of outsourcing computation by using Hash functions; the scheme uses online/offline encryption and transfers lots of computation to the offline, which can effectively protect the privacy of user data, reduce the amount of user computing, and promote the operation efficiency of the solution; in addition, we use the tree access policy to provide more fine-grained access control; and the method of re-encryption realizes fine-grained attribute revocation, revoking a single attribute indirectly by generating a re-encryption key to update attributes and ciphertext; Finally, the user identity is embedded into the key to achieve the user traceability property. The proposed scheme is proved to be indistinguishable against chosen-plaintext attack(IND-CPA) security under the standard model.

Key words: attribute-based encryption (ABE), outsourcing computation, attribute revocation, cloud storage, verifiability