Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation
Attribute-based encryption (ABE) enables fine-grained access control over encrypted data. A practical and popular approach for handing revocation in ABE is to use the indirect revocation mechanism, in which a key generation centre (KGC) periodically broadcasts key update information for all data users over a public channel. Unfortunately, existing RABE schemes are vulnerable to decryption key exposure attack which has been well studied in the identity-based setting. In this paper, we introduce a new notion for RABE called re-randomizable piecewise key generation by allowing a data user to re-randmomize the combined secret key and the key update to obtain the decryption key, and the secret key is unrecoverable even both the decryption key and the key update are known by the attacker. We then propose a new primitive called re-randomizable attribute-based encryption (RRABE) that can achieve both re-randomizable piecewise key generation and ciphertext delegation. We also refine the existing security model for RABE to capture decryption key exposure resistance and present a generic construction of RABE from RRABE. Finally, by applying our generic transformation, we give a concrete RABE scheme achieving decryption key exposure resistance and ciphertext delegation simultaneously.