Providing an efficient revocation mechanism for attribute-based encryption (ABE) is of
utmost importance since over time a user's credentials may be revealed or expired. All previously
known revocable ABE (RABE) constructions (a) essentially utilize the complete subtree (CS) scheme
for revocation purpose, (b) are bounded in the sense that the size of the public parameters depends
linearly on the size of the attribute universe and logarithmically on the number of users in the
system, and (c) are either selectively secure, which seems unrealistic in a dynamic system such
as RABE, or adaptively secure but built in a composite order bilinear group setting, which is
undesirable from the point of view of both efficiency and security. This paper presents the first
adaptively secure unbounded RABE using subset difference (SD) mechanism for revocation which
greatly improves the broadcast efficiency compared to the CS scheme. Our RABE scheme is built
on a prime order bilinear group setting resulting in practical computation cost, and its security
depends on the Decisional Linear assumption.
↧