SMART-CPABE: secured multi-authority attribute revocable and traceable ciphertext-policy attribute-based encryption
摘要
The rapid advancement of computing technologies, including cloud computing, edge computing, IoT, and low-power mobile devices, has driven the need for a practical decentralized multi-authority ciphertext-policy attribute-based encryption (DMA-CP-ABE) solution to support fine-grained access control. The inclusion of features such as traceability, revocation, outsourced decryption, verifiability, policy updating, and policy obfuscation in DMA-CP-ABE systems has become a major research direction in recent years due to the growing diversity of their designs. However, many existing DMA-CP-ABE schemes incorporate only a subset of these features, limiting their ability to adapt to the dynamic requirements of users and cloud systems. In this manuscript, we present a practical DMA-CP-ABE system that satisfies advanced access control requirements, making it highly suitable for deployment in real-world cloud applications. First, to alleviate the computational burden of decryption, we provide secure outsourced decryption for users, supported by verifiability to ensure the correctness of transformations performed by the cloud. Second, our cryptosystem enables data owners to dynamically update access policies while employing policy obfuscation to conceal these policies from users. Third, each attribute authority (AA), along with the cloud, can invalidate any user attribute instantly through updation of the user secret key, ciphertext, and revocation lists. Finally, our cryptosystem offers white-box traceability alongside a revocation mechanism to accurately detect and dynamically remove malicious users from the system. We used the Charm crypto platform to implement the proposed cryptosystem and analyzed its experimental results with different test cases. We also present a theoretical analysis of our scheme and formally validate its correctness, security, and traceability.