ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2020, Vol. 57 ›› Issue (5): 1057-1069.doi: 10.7544/issn1000-1239.2020.20190254

Previous Articles     Next Articles

Updatable Attribute-Based Encryption Scheme Supporting Dynamic Change of User Rights

Yan Xincheng1, Chen Yue1, Ba Yang1, Jia Hongyong2, Wang Zhonghui3   

  1. 1( Strategic Support Force Information Engineering University, Zhengzhou 450001);2( School of Software and Applied Technology, Zhengzhou University, Zhengzhou 450001);3( Subordinate Unit of the Army Staff, Western Theater Command, Lanzhou 730030)
  • Online:2020-05-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61702549) and the Science and Technology Program of Henan Province (172102210017).

Abstract: Attribute-based encryption has great advantages in achieving fine-grained secure sharing for cloud data. Due to the dynamic changes of user access rights in cloud storage, data re-encryption is an effective method to ensure the forward security of ciphertext when the attribute or user private key is revoked, but the corresponding computation overhead and communication overhead of data uploading and downloading are too large. To address these issues, an updatable attribute-based encryption scheme is proposed to support dynamic changes of user rights (SDCUR-UABE). By constructing the attribute version key and user version key in ciphertext-policy attribute-based encryption, only the corresponding components of transformation key in user’s private key need to be updated when the user attribute is revoked. Similarly, when a system attribute is revoked, the corresponding attribute version key needs to be updated to implement replaceable update of part components for the ciphertext and key. Next, only the user version key needs to be updated when the user private key is revoked. Therefore the expensive computation and communication overhead caused by ciphertext update based on data re-encryption can be avoided. Besides, key segmentation is used to realize data decryption outsourcing to reduce the user’s decryption overhead in the construction of the scheme. Theoretical analysis and experimental verification show that the proposed scheme can effectively solve the computing efficiency and communication overhead of ciphertext update when the user rights are dynamically changed in the cloud storage system, and greatly reduce the computational complexity of user decryption under the premise of guaranteeing forward security for ciphertext.

Key words: cloud storage, attribute-based encryption, decryption outsourcing, attribute revocation, private key revocation

CLC Number: