Attribute‐based encryption scheme for secure data sharing in cloud with fine‐grained revocation

Abstract Attribute‐based encryption (ABE) is a prominent cryptographic tool for secure data sharing in the cloud because it can be used to enforce very expressive and fine‐grained access control on outsourced data. The revocation in ABE remains a challenging problem as most of the revocation techniques available today, suffer from the collusion attack. The revocable ABE schemes which are collusion resistant require a semi‐trusted manager to update the secret keys of nonrevoked users in order to achieve revocation. This introduces computation and communication overhead, and also increases the overall security vulnerability. In this paper, we propose two collusion resistant revocable ABE schemes that do not require any semi‐trusted entity. Our first scheme supports revocation at the user‐level that is equivalent to revoking all the attributes from a user. Our second scheme supports revocation at the attribute‐level that enables more fine‐grained revocation by allowing selective attribute(s) revocation from a user. We call them user‐level revocable ABE (ULR‐ABE) and attribute‐level revocable ABE (ALR‐ABE), respectively. For both the schemes, the secret keys of the nonrevoked users are never affected and the decryption algorithm has the same performance as the baseline ABE scheme. We are able to achieve these at the cost of some increase (compared to the baseline scheme) in the size of the secret key and the ciphertext.