Abstract:
To ensure the security of sensitive data on cloud storage, people need to store them in encrypted form. Attribute-based encryption (ABE) is widely applied to the fine-grained sharing of encrypted data stored in the third parties. However, there exist three types of data confidentiality issues in ABE schemes: 1) As secret key does not contain identity-specified information, a user can share his/her secret key without being identified; 2) Key generation center (KGC) can generate a user’s secret key with arbitrary access structure or attribute set; 3) KGC can decrypt ciphertext directly using its master key. As the existence of these three issues, the security of data in the ABE system faces great challenges. In this paper, we proposed an accountable key-policy attribute-based encryption scheme without key escrow (WoKE-AKP-ABE). In our construction, we have two authorities which are KGC and attribute authority (AA). KGC generates identity-related part in user’s secret key, and KGC and AA generate attribute-related part through cooperation. Our scheme has chosen plaintext security in the selective-set model under the decisional bilinear Diffie-Hellman assumption and can resist the attack from not only dishonest user or authority but also the collusion between user and single authority. Our scheme can trace decoder box in black-box model.