CCA-Secure Revocable Identity-Based Encryption With Ciphertext Evolution in the Cloud

Identity-based encryption (IBE) is a very attractive cryptographic primitive due to its unnecessity of any certificate managements. Nevertheless, the user revocation problem in IBE remains an elusive research problem and hence, it is an important research topic. One possible approach in achieving revocations is to update user's decryption keys. However, to avoid the need of secret channels, public time keys need to be issued to allow this update to occur. It is unfortunate that this method often suffers from two problems: 1) the user has to maintain linearly growing decryption keys; and 2) the revoked users can still access ciphertexts prior to revocation. At the first glance, proxy re-encryption technique may provide a solution to this problem, but the ciphertexts will become longer after each re-encryption, which makes it impractical. In this paper, we present a revocable identity-based encryption scheme with cloud-aided ciphertext evolution. Our construction solves the two aforementioned problems via ciphertext evolution implemented by the cloud. In addition, the size of ciphertexts in the cloud remains constant size regardless of evolutions. The scheme is provably secure against chosen ciphertext attacks based on the BDH problem. The comparisons with the existing related works show that our scheme enjoys better efficiency, and thus it is practical for the data sharing in cloud storage.