Traceable and revocable multi-authority ABE supporting decryption outsourcing and policy update for cloud data access control

Nowadays, vast and rapidly growing information acts as digital records of social activities and is widely collected and stored as economic assets. To reduce the difficulty and local data management’s cost significantly, cloud storage services provide a highly available, highperformance, and low-cost solution for user data hosting, enabling remote access, backup, and sharing of data stored by the cloud. However, this service model is not without security risks, including user privacy exposure, low trustworthiness of data, and unauthorized access. To address these concerns, attribute-based encryption (ABE) schemes allow for the implementation of fine-grained access policies while ensure the confidentiality and availability of data stored under the cloud environment. The issues of collusion among authorities, excessive decryption computation overhead, and high complexity in attribute revocation have aroused many researchers’ attention, and many works have emerged. However, expanding the functionality of ABE schemes to satisfy multiple requirements and improving existing functionality of ABE schemes are still urgent problems to be solved. Motivated by these problems, here we propose a novel multi-functional multi-authority ABE scheme that incorporates functional features such as multi-authority key generation, outsourced decryption, malicious user tracking, flexible attribute revocation, and real-time policy updates, thereby providing fine-grained access control as well as confidentiality for data stored under cloud environments. Similar to prior works, we have analyzed the static security, forward security, and resistance to collusion attacks of our proposed scheme for completeness. Storage and computational efficiency evaluation shows that our proposed scheme achieves lower storage costs and computational overhead compared to existing schemes with similar functionalities.