Traceable and revocable multi-authority ABE supporting decryption outsourcing and policy update for cloud data access control

Yan-Qing YAO; Yun-Jia ZHANG; Zhi-Yi LIU; Yu-Xuan WANG; Xin-Yu TAN; Zhengde ZHAI

doi:10.1007/s11704-025-41356-7

Front. Comput. Sci. ›› 2026, Vol. 20 ›› Issue (4) : 2004805 DOI: 10.1007/s11704-025-41356-7

Information Security

RESEARCH ARTICLE

Traceable and revocable multi-authority ABE supporting decryption outsourcing and policy update for cloud data access control

Author information +

History +

PDF (991KB)

Abstract

Nowadays, vast and rapidly growing information acts as digital records of social activities and is widely collected and stored as economic assets. To reduce the difficulty and local data management’s cost significantly, cloud storage services provide a highly available, high-performance, and low-cost solution for user data hosting, enabling remote access, backup, and sharing of data stored by the cloud. However, this service model is not without security risks, including user privacy exposure, low trustworthiness of data, and unauthorized access. To address these concerns, attribute-based encryption (ABE) schemes allow for the implementation of fine-grained access policies while ensure the confidentiality and availability of data stored under the cloud environment. The issues of collusion among authorities, excessive decryption computation overhead, and high complexity in attribute revocation have aroused many researchers’ attention, and many works have emerged. However, expanding the functionality of ABE schemes to satisfy multiple requirements and improving existing functionality of ABE schemes are still urgent problems to be solved. Motivated by these problems, here we propose a novel multi-functional multi-authority ABE scheme that incorporates functional features such as multi-authority key generation, outsourced decryption, malicious user tracking, flexible attribute revocation, and real-time policy updates, thereby providing fine-grained access control as well as confidentiality for data stored under cloud environments. Similar to prior works, we have analyzed the static security, forward security, and resistance to collusion attacks of our proposed scheme for completeness. Storage and computational efficiency evaluation shows that our proposed scheme achieves lower storage costs and computational overhead compared to existing schemes with similar functionalities.

Graphical abstract

Keywords

multi-authority attribute-based encryption / CP-ABE / decryption outsourcing / policy update / attribute revocation / white-box traceability / access control

Cite this article

Download citation ▾

Yan-Qing YAO, Yun-Jia ZHANG, Zhi-Yi LIU, Yu-Xuan WANG, Xin-Yu TAN, Zhengde ZHAI. Traceable and revocable multi-authority ABE supporting decryption outsourcing and policy update for cloud data access control. Front. Comput. Sci., 2026, 20(4): 2004805 DOI:10.1007/s11704-025-41356-7

登录浏览全文

4963

注册一个新账户忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Sahai A, Waters B. Fuzzy identity-based encryption. In: Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology. 2005, 457–473

[2]	Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006, 89–98

[3]	Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy. 2007, 321–334

[4]	Cheung L, Newport C. Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. 2007, 456–465

[5]	Goyal V, Jain A, Pandey O, Sahai A. Bounded ciphertext policy attribute based encryption. In: Proceedings of the 35th International Colloquium on Automata, Languages and Programming. 2008, 579–591

[6]	Chen N, Li J, Zhang Y, Guo Y . Efficient CP-ABE scheme with shared decryption in cloud storage. IEEE Transactions on Computers, 2022, 71( 1): 175–184

[7]	Liu Z, Ding Y, Yuan M, Wang B . Black-box accountable authority CP-ABE scheme for cloud-assisted e-health system. IEEE Systems Journal, 2023, 17( 1): 756–767

[8]	Chase M. Multi-authority attribute based encryption. In: Proceedings of the 4th Theory of Cryptography Conference on Theory of Cryptography. 2007, 515–534

[9]	Chase M, Chow S S M. Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. 2009, 121–130

[10]	Lewko A, Waters B. Decentralizing attribute-based encryption. In: Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology. 2011, 568–588

[11]	Li W, Xue K, Xue Y, Hong J . TMACS: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Transactions on Parallel and Distributed Systems, 2016, 27( 5): 1484–1496

[12]	Datta P, Komargodski I, Waters B. Fully adaptive decentralized multi-authority ABE. In: Proceedings of the 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology. 2023, 447–478

[13]	Li J, Zhang R, Lu Y, Han J, Zhang Y, Zhang W, Dong X . Multiauthority attribute-based encryption for assuring data deletion. IEEE Systems Journal, 2023, 17( 2): 2029–2038

[14]	Yang K, Jia X, Ren K, Zhang B. DAC-MACS: effective data access control for multi-authority cloud storage systems. In: Proceedings of 2013 Proceedings IEEE INFOCOM. 2013, 2895–2903

[15]	Ning J, Cao Z, Dong X, Liang K, Ma H, Wei L . Auditable σ-time outsourced attribute-based encryption for access control in cloud computing. IEEE Transactions on Information Forensics and Security, 2018, 13( 1): 94–105

[16]	Arthur Sandor V K, Lin Y, Li X, Lin F, Zhang S . Efficient decentralized multi-authority attribute based encryption for mobile cloud data storage. Journal of Network and Computer Applications, 2019, 129: 25–36

[17]	De S J, Ruj S . Efficient decentralized attribute based access control for mobile clouds. IEEE Transactions on Cloud Computing, 2020, 8( 1): 124–137

[18]	Sethi K, Pradhan A, Bera P . Practical traceable multi-authority CP-ABE with outsourcing decryption and access policy updation. Journal of Information Security and Applications, 2020, 51: 102435

[19]	Wu Y, Li X, Liu Z. Attribute-based keyword searchable encryption scheme for multi-authority in cloud storage. In: Proceedings of 2022 IEEE 22nd International Conference on Communication Technology. 2022, 933–939

[20]	Pirretti M, Traynor P, McDaniel P, Waters B. Secure attribute-based systems. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006, 99–112

[21]	Yu S, Wang C, Ren K, Lou W. Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. 2010, 261–270

[22]	Hur J, Noh D K . Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on Parallel and Distributed Systems, 2011, 22( 7): 1214–1221

[23]	Fan K, Liu T, Zhang K, Li H, Yang Y . A secure and efficient outsourced computation on data sharing scheme for privacy computing. Journal of Parallel and Distributed Computing, 2020, 135: 169–176

[24]	Yang K, Jia X, Ren K. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. 2013, 523–528

[25]	Yang K, Jia X . Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Transactions on Parallel and Distributed Systems, 2014, 25( 7): 1735–1744

[26]	Imine Y, Lounis A, Bouabdallah A . Revocable attribute-based access control in mutli-autority systems. Journal of Network and Computer Applications, 2018, 122: 61–76

[27]	Ge C, Susilo W, Baek J, Liu Z, Xia J, Fang L . Revocable attribute-based encryption with data integrity in clouds. IEEE Transactions on Dependable and Secure Computing, 2022, 19( 5): 2864–2872

[28]	Xiong H, Huang X, Yang M, Wang L, Yu S . Unbounded and efficient revocable attribute-based encryption with adaptive security for cloud-assisted internet of things. IEEE Internet of Things Journal, 2022, 9( 4): 3097–3111

[29]	Chen S, Li J, Zhang Y, Han J . Efficient revocable attribute-based encryption with verifiable data integrity. IEEE Internet of Things Journal, 2024, 11( 6): 10441–10451

[30]	Li J, Zhang E, Han J, Zhang Y, Shen J . PH-MG-ABE: a flexible policy-hidden multigroup attribute-based encryption scheme for secure cloud storage. IEEE Internet of Things Journal, 2025, 12( 2): 2146–2157

[31]	Yang K, Jia X, Ren K . Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Transactions on Parallel and Distributed Systems, 2015, 26( 12): 3461–3470

[32]	Liu Z, Jiang Z L, Wang X, Yiu S . Practical attribute-based encryption: outsourcing decryption, attribute revocation and policy updating. Journal of Network and Computer Applications, 2018, 108: 112–123

[33]	Yang M, Wang H, Wan Z . PUL-ABE: an efficient and quantum-resistant CP-ABE with policy update in cloud storage. IEEE Transactions on Services Computing, 2024, 17( 3): 1126–1139

[34]	Li J, Huang Q, Chen X, Chow S S M, Wong D S, Xie D. Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. 2011, 386–390

[35]	Wang Y, Chen K, Long Y, Liu Z . Accountable authority key policy attribute-based encryption. Science China Information Sciences, 2012, 55( 7): 1631–1638

[36]

Zhou J, Cao Z, Dong X, Lin X. TR-MABE: white-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems. In: Proceedings of 2015 IEEE Conference on Computer Communications (INFOCOM). 2015, 2398–2406

[37]	Liu Z, Cao Z, Wong D S . Traceable CP-ABE: how to trace decryption devices found in the wild. IEEE Transactions on Information Forensics and Security, 2015, 10( 1): 55–68

[38]	Ning J, Dong X, Cao Z, Wei L. Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. In: Proceedings of the 20th European Symposium on Research in Computer Security on Computer Security. 2015, 270–289

[39]	Liu Z, Wong D S . Practical attribute-based encryption: traitor tracing, revocation and large universe. The Computer Journal, 2016, 59( 7): 983–1004

[40]	Liu Z, Duan S, Zhou P, Wang B . Traceable-then-revocable ciphertext-policy attribute-based encryption scheme. Future Generation Computer Systems, 2019, 93: 903–913

[41]	Zhang K, Li H, Ma J, Liu X . Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability. Science China Information Sciences, 2018, 61( 3): 032102

[42]	Li Q, Zhu H, Ying Z, Zhang T . Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in eHealth cloud. Wireless Communications and Mobile Computing, 2018, 2018( 1): 1701675

[43]	He X, Li L, Peng H . An enhanced traceable CP-ABE scheme against various types of privilege leakage in cloud storage. Journal of Systems Architecture, 2023, 136: 102833

[44]	Li J, Zhang Y, Ning J, Huang X, Poh G S, Wang D . Attribute based encryption with privacy protection and accountability for CloudIoT. IEEE Transactions on Cloud Computing, 2022, 10( 2): 762–773

[45]	Rouselakis Y, Waters B. Practical constructions and new proof methods for large universe attribute-based encryption. In: Proceedings of 2013 ACM SIGSAC Conference on Computer & Communications Security. 2013, 463–474

[46]	Waters B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography on Public Key Cryptography. 2011, 53–70

[47]	Liu Z, Cao Z, Wong D S. Efficient generation of linear secret sharing scheme matrices from threshold access trees. Cryptology ePrint Archive, Paper 2010/374, 2010

[48]	Rouselakis Y, Waters B. Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Proceedings of the 19th International Conference on Financial Cryptography and Data Security. 2015, 315–332