Abstract

With the rapid advancement of cloud computing and the Internet of Things (IoT), massive data outsourcing has become an inevitable trend. However, this paradigm brings significant challenges to data security and fine-grained access control. Traditional single-authority Attribute-Based Encryption (ABE) schemes suffer from inherent drawbacks such as key escrow, heavy computational overhead, and inefficient user revocation. To overcome these limitations, this paper presents an efficient Multi-Authority Revocable Attribute-Based Encryption (MA-RABE) scheme. The proposed scheme eliminates the need for a centralized authority by employing a distributed key generation protocol, ensuring secure and decentralized master key distribution while mitigating single points of failure. Furthermore, a lightweight attribute revocation mechanism is designed, which only requires updating the user’s attribute key and one ciphertext component, significantly reducing computation and communication costs. To guarantee forward security, a version-based revocation strategy is introduced to prevent revoked users from decrypting previously accessible ciphertexts. In addition, the scheme supports outsourced decryption, allowing computationally intensive operations to be executed by a semi-trusted server, thereby minimizing local computational load on end devices. Security analysis shows that the proposed scheme achieves IND-CPA security and resists collusion attacks, while performance evaluation demonstrates that it achieves lower computational overhead in key generation, encryption, and decryption compared with existing approaches. Hence, the scheme is particularly suitable for resource-constrained mobile and IoT environments.

Keywords

Multi-Authority, Revocation, Outsourced Decryption, Forward Security, Cloud Security.

References

[1] Amit Sahai, and Brent Waters, “Fuzzy Identity-Based Encryption,” Advances in Cryptology – EUROCRYPT, vol. 3494, pp. 457-473, 2005.
[CrossRef] [Google Scholar] [Publisher Link]

[2] John Bethencourt, Amit Sahai, and Brent Waters, “Ciphertext-Policy Attribute-Based Encryption,” IEEE Symposium on Security and Privacy, pp. 321-334, 2007.
[CrossRef] [Google Scholar] [Publisher Link]

[3] Junbeom Hur, and Dong Kun Noh, “Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 7, pp. 1214-1221,  2011. 
[CrossRef] [Google Scholar] [Publisher Link]

[4] Vipul Goyal et al., “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data,” Proceedings of the 13^th ACM Conference on Computer and Communications Security, pp. 89-98, 2006.
[CrossRef] [Google Scholar] [Publisher Link]

[5] Melissa Chase, “Multi-Authority Attribute Based Encryption,” Theory of Cryptography, vol. 4392, pp. 515-534, 2007.
[CrossRef] [Google Scholar] [Publisher Link]

[6] Van-Hoan Hoang, Elyes Lehtihet, and Yacine Ghamri-Doudane, “Forward-Secure Data Outsourcing Based on Revocable Attribute-Based Encryption,” 15^th International Wireless Communications & Mobile Computing Conference, pp. 1839-1846, 2019.
[CrossRef] [Google Scholar] [Publisher Link]

[7] Hongjian Yin et al., “A Traceable CP-ABE Scheme Supporting Dynamic Revocation and Efficient Decryption for Medical Data Sharing,” IEEE Internet of Things Journal, vol. 12, no. 24, pp. 53610-53622, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[8] Shuaishuai Chang et al., “T-ABE: A Practical ABE Scheme to Provide Trustworthy Key Hosting on Untrustworthy Cloud,” IEEE 23^rd International Conference on Trust, Security and Privacy in Computing and Communications, pp. 960-967, 2024. 
[CrossRef] [Google Scholar] [Publisher Link]

[9] Sravya Gudipati, Syam Kumar Pasupuleti, and R. Padmavathy, “Quantum-Resistant Traceable, Revocable, and Key Escrow-Free CP-ABE for Cloud Storage,” Peer-to-Peer Networking and Applications, vol. 18, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[10] Alejandro Peñuelas-Angul, Claudia Feregrino-Uribe, and Miguel Morales-Sandoval, “A Revocable Multi-Authority Attribute-Based Encryption Scheme for Fog-Enabled IoT,” Journal of Systems Architecture, vol. 155, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[11] L.F. Guo, X.M. Xing, and H. Guo, “An Efficient Traceable and Revocable Attribute-Based Encryption Scheme for Cloud Storage,” Journal of Cryptology, vol. 10, no. 1, pp. 131-145, 2023.
[Google Scholar]

[12] Kai Zhang et al., “A Traceable and Revocable Multiauthority Attribute-Based Encryption Scheme with Fast Access,” Security and Communication Networks, vol. 2020, pp. 1-14, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[13] Melissa Chase, and Sherman S.M. Chow, “Improving Privacy and Security in Multi-Authority Attribute-Based Encryption,” Proceedings of the 15^th ACM Conference on Computer and Communications Security, pp. 121-130, 2009.
[CrossRef] [Google Scholar] [Publisher Link]

[14] Huang Lin et al., “Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority,” Information Sciences, vol. 180, no. 13, pp. 2618-2632, 2010.
[CrossRef] [Google Scholar] [Publisher Link]

[15] Y. Liu, S. Xu, and Z. Yue, “Partially Hidden Policy Multi-Authority CP-ABE Scheme with Constant Length Ciphertext", Journal on Communications, vol. 45, no. 8, pp. 20-36, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[16] Guangli Xiang et al., “An Attribute Revocable CP-ABE Scheme,” Seventh International Conference on Advanced Cloud and Big Data, pp. 198-203, 2019.
[CrossRef] [Google Scholar] [Publisher Link]

[17] Yousheng Zhou et al., “TRE-DSP: A Traceable and Revocable CP-ABE based Data Sharing Scheme for IoV with Partially Hidden Policy,” Digital Communications and Networks, vol. 11, no. 2, pp. 455-464, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[18] Shahzad Khan et al., “OO-ABMS: Online/Offline-Aided Attribute-Based Multi-Keyword Search,” IEEE Access, vol. 9, pp. 114392-114406, 2021. 
[CrossRef] [Google Scholar] [Publisher Link]

[19] Juyan Li et al., “Online/Offline MA-CP-ABE with Cryptographic Reverse Firewalls for IoT,” Entropy, vol. 25, no. 4, pp. 616, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[20] Wei Luo et al., “FOC-PH-CP-ABE: An Efficient CP-ABE Scheme with Fully Outsourced Computation and Policy Hidden in the Industrial Internet of Things,” IEEE Sensors Journal, vol. 24, no. 18, pp. 28971-28981, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[21] Brent Waters, “Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization,” International Workshop on Public Key Cryptography, vol. 6571, pp. 53-70, 2011.
[CrossRef] [Google Scholar] [Publisher Link]       

[22] Kwangsu Lee, “Ciphertext Outdate Attacks on the Revocable Attribute-Based Encryption Scheme with Time Encodings,” IEEE Access, vol. 7, pp. 165122-165126, 2019.
[CrossRef] [Google Scholar] [Publisher Link]

[23] Yuhan Bai et al., “CR-FH-CPABE: Secure File Hierarchy Attribute-Based Encryption Scheme Supporting User Collusion Resistance in Cloud Computing,” IEEE Internet of Things Journal, vol. 11, no. 10, pp. 17727-17739, 2024.
[CrossRef] [Google Scholar] [Publisher Link] 

[24] Sangjukta Das, and Suyel Namasudra, “Multiauthority CP-ABE-Based Access Control Model for IoT-Enabled Healthcare Infrastructure,” IEEE Transactions on Industrial Informatics, vol. 19, no. 1, pp. 821-829, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[25] Zhongxiang He et al., “Revocable and Traceable Undeniable Attribute-Based Encryption in Cloud-Enabled E-health Systems,” Entropy, vol. 26, no. 1, pp. 1-17, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[26] Guojun Wang, Qin Liu, and Jie Wu, “Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Storage Services,” Proceedings of the 17^th ACM Conference on Computer and Communications Security, pp. 735-737, 2010.
[CrossRef] [Google Scholar] [Publisher Link]

[27] Wu Zhaoxia, and Jiang Xu, “Multi-Authority Attribute-Based Security Solution for Policy Renewability in Cloud Healthcare Environments,” Application Research of Computers, vol. 42, no. 6, pp. 1868-1872, 2025.
[CrossRef] [Publisher Link]

[28] Chunpeng Ge et al., “Attribute-Based Proxy Re-Encryption With Direct Revocation Mechanism for Data Sharing in Clouds,” IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 2, pp. 949-960, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[29]Jiguo Li et al., “PH-MG-ABE: A Flexible Policy-Hidden Multigroup Attribute-Based Encryption Scheme for Secure Cloud Storage,” IEEE Internet of Things Journal, vol. 12, no. 2, pp. 2146-2157, 2025.
[CrossRef] [Google Scholar] [Publisher Link]