Search
Close
Search
Advanced Search
Search Menu

Abstract

With the progress of cloud computing, many users hope in time to upload their data into cloud for sharing. For sensitive data, the owner must encrypt it before sending it to cloud server. The state of the art method for fine-grained access control on encrypted data is attribute-based encryption (ABE). Though ABE is believed to be an outstanding technique for secure data sharing, it has many efficiency drawbacks. For example, its ciphertext size and decryption time increase linearly with the number of attributes used during encryption and decryption, and it is hard to revoke a user’s access ability. In this paper, we propose a method to outsource the decryption of ABE via public cloud computing, and to control a user’s decryption capacity through a bounded revocation technique. The public cloud server can transform any user’s ABE ciphertexts into short ElGamal-type ciphertexts via the user’s public transformation key. The transformed ciphertexts are actually ElGamal-type identity-based ciphertexts obtained through a bounded-collision identity-based encryption scheme, and the decryption time only requires one exponentiation. Our scheme can revoke user’s decryption ability. But it limits to scenario with bounded number of revocation.

© The British Computer Society 2018. All rights reserved. For permissions, please email: journals.permissions@oup.com
This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/journals/pages/about_us/legal/notices)
Issue Section:
Section D: Security in Computer Systems and Networks
You do not currently have access to this article.
Download all slides