Flexible revocation in ciphertext-policy attribute-based encryption with verifiable ciphertext delegation

Attribute-based encryption (ABE) is a promising approach to enables fine-grained access control for encrypted data in cloud storage. However, to design a flexible and effective revocation mechanism has always been a tricky problem for ABE, especially for the situations where revocation occurs frequently. In this work, we propose a practical attribute-based access control scheme by introducing ciphertext-policy attribute-based encryption (CP-ABE) that allows the trusted authority (TA) to efficiently manage the credentials of data users. The problem of revocation is solved efficiently by exploiting user binary tree. To achieve flexible revocation, our scheme supports both attribute revocation and user revocation to accommodate different revocation needs. Non-revoked users can still decrypt the ciphertext as long as his/her remaining attributes satisfy the access policy associated with the ciphertext. Moreover, verifiable ciphertext delegation is presented to reduce the heavy computation cost brought by frequent revocation. The merits of the proposed scheme are proved by comparing its performance and security with the related works.