Toward Secure and Privacy-Preserving Cloud Data Sharing: Online/Offline Multiauthority CP-ABE With Hidden Policy

The continuous development of cloud storage service technology, secure access control, and privacy issues have attracted more and more attention. The previous ciphertext policy attribute-based encryption (CP-ABE) schemes with the function of hidden policy are only suitable for a single authority, and the existing multiauthority CP-ABE schemes do not realize the hidden policy. In addition, a large number of schemes utilize AND gate access policies so that expressiveness is weak. In this article, a scheme of online/offline multiauthority CP-ABE supporting the policy hiding function is proposed. The proposed scheme uses a combination of multiple attribute authorities (AAs) and one central authority (CA). Each AA, respectively, controls different attribute sets and distributes attribute private keys to users. Moreover, the AA can also relieve the computation overhead of the CA. In order to enhance the expressiveness than that of the existing schemes, we adopt the access policy of the linear secret sharing scheme. In the previous schemes, the access policy is used as the ciphertext component and uploaded directly to the cloud server. Especially, in the scenario of medical cloud data sharing, access policy may contain sensitive information. Therefore, the proposed scheme preserves privacy information by realizing the technology of the hidden policy. To improve the performance, our scheme utilizes the online/offline encryption to achieve a low computation cost in the online phase. Additionally, we also proved that the proposed scheme is secure based on the standard model.