Puncturable Key-Policy Attribute-Based Encryption Scheme for Efficient User Revocation

Cloud computing, which provides a brand-new service model, has become an important infrastructure in the information age, and has been widely used in numerous fields. The Key-Policy Attribute-Based Encryption (KP-ABE) scheme allows the encrypted data with fine-grained access control in the cloud environment. However, achieving large-scale user revocation in the application scenario of KP-ABE becomes one of the thorny problems. Furthermore, the computation and communication costs of the previous user revocation schemes were generally high, especially when a large number of users were revoked. To address these problems, an enhanced high-performance user-revocable KP-ABE scheme combined with the puncture method was proposed. In this article, the user could be revoked by the fine-grained restriction policy. When revoking the user, the cloud would run the puncture algorithm to embed the restriction policy defined by the data owner into the ciphertext. This method could effectively omit the re-encryption and key updating processes, by which the computation and communication overhead of the user revocation are efficiently reduced, and the user revocation becomes more flexible and efficient. Moreover, the Chosen-Plaintext Attack (CPA) security proof and extensive simulation results demonstrate the reliability and efficiency of the proposed scheme for user revocation in a cloud environment.