Document Type : Research Article


1 Department of Informatics, University of Zurich, Switzerland

2 Department of Mathematics and Computer Science, Amirkabir University of Technology, Tehran, Iran

3 Electronic Research Institute, Sharif University of Technology, Tehran, Iran

4 Department of Electrical Engineering, Sharif University of Technology, Tehran, Iran


Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area.
However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices.
Additionally, access policies should be able to be updated efficiently by data owners, and in some circumstances, hidden access policies are necessary to preserve the privacy of clients and data.
In this paper, we propose a ciphertext-policy attribute-based access control scheme that, for the first time, simultaneously provides online/offline encryption, hidden access policy, and access policy update.
In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly.
Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties.
Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider.
In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key.
Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations.
The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie–Hellman (DBDH) and Decision Linear (D-Linear) assumptions.
Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.


1] M. Ali, S.U. Khan, and A.V. Vasilakos. Security in cloud computing: Opportunities and challenges. Information sciences, 305:357–383, 2015.
[2] A. Sahai and B. Waters. Fuzzy identity-based encryption. In Annual international conference on the theory and applications of cryptographic techniques, pages 457–473. Springer, 2005.
[3] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security, pages 89–98, 2006.
[4] J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In 2007 IEEE symposium on security and privacy(SP’07), pages 321–334. IEEE, 2007.
[5] Y. Zhang, R.H. Deng, S. Xu, J. Sun, Q. Li, and D. Zheng. Attribute-based encryption for cloud computing access control: A survey. ACM Computing Surveys (CSUR), 53(4):1–41, 2020.
[6] Y. Zhang, D. Zheng, and R.H. Deng. Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE Internet of Things Journal, 5(3):2130–2145, 2018.
[7] Y. Zhang, X. Chen, J. Li, D.S. Wong, H. Li, and I. You. Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing. Information Sciences, 379:42–61, 2017.
[8] A. Kapadia, P.P. Tsang, and S.W. Smith. Attribute-based publishing with hidden credentials and hidden policies. In NDSS, volume 7, pages 179–192, 2007.
[9] T. Nishide, K. Yoneyama, and K. Ohta. Attribute-based encryption with partially hidden encryptor-specified access structures. In International conference on applied cryptography and network security, pages 111–129. Springer, 2008.
[10] J. Li, K. Ren, B. Zhu, and Z. Wan. Privacy-aware attribute-based encryption with user accountability. In International Conference on Information Security, pages 347–362. Springer, 2009.
[11] J. Lai, R.H. Deng, and Y. Li. Fully secure cipertext-policy hiding cp-abe. In International conference on information security practice and experience, pages 24–39. Springer, 2011.
[12] J. Hao, C. Huang, J. Ni, H. Rong, M. Xian, and X.S. Shen. Fine-grained data access control with attribute-hiding policy for cloud-based iot.Computer Networks, 153:1–10, 2019.
[13] L. Zhang, G. Hu, Y. Mu, and F. Rezaeibagha. Hidden ciphertext policy attribute-based encryption with fast decryption for personal health record system. IEEE Access, 7:33202–33213, 2019.
[14] X. Liang, Z. Cao, H. Lin, and J. Shao. Attribute based proxy re-encryption with delegating capabilities. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pages 276–286, 2009.
[15] S. Luo, J. Hu, and Z. Chen. Ciphertext policy attribute-based proxy re-encryption. In International Conference on Information and Communications Security, pages 401–415. Springer, 2010.
[16] H.J. Seo and H.W. Kim. Attribute-based proxy re-encryption with a constant number of pairing operations. Journal of information and communication convergence engineering, 10(1):53–60, 2012.
[17] J. Li, S. Wang, Y. Li, H. Wang, H. Wang, H. Wang, J. Chen, and Z. You. An efficient attribute-based encryption scheme with policy update and file update in cloud computing. IEEE Transactions on Industrial Informatics, 15(12):6500–6509, 2019.
[18] Y. Zhang, J. Li, X. Chen, and H. Li. Anonymous attribute-based proxy re-encryption for access control in cloud computing. Security and Communication Networks, 9(14):2397–2411, 2016.
[19] S. Belguith, N. Kaaniche, and G. Russello. CUPS: Secure opportunistic cloud of things framework based on attribute-based encryption scheme supporting access policy update. Security and Privacy, 3(4):e85, 2020.
[20] Y. Jiang, W. Susilo, Y. Mu, and F. Guo. Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes. International Journal of Information Security, 17(5):533–548, 2018.
[21] S. Belguith, N. Kaaniche, M. Hammoudeh, and T. Dargahi. Proud: Verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted iot applications. Future Generation Computer Systems, 111:899–918, 2020.
[22] S. Hohenberger and B. Waters. Online/offline attribute-based encryption. In International workshop on public key cryptography, pages 293–310. Springer, 2014.
[23] P. Datta, R. Dutta, and S. Mukhopadhyay. Fully secure online/offline predicate and attribute-based encryption. In International Conference on Information Security Practice and Experience, pages 331–345. Springer, 2015.
[24] Y. Liu, Y. Zhang, J. Ling, and Z. Liu. Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Future Generation Computer Systems, 78:1020–1026, 2018.
[25] J. Li, Y. Zhang, X. Chen, and Y. Xiang. Secure attribute-based data sharing for resource-limited users in cloud computing. Computers & Security, 72:1–12, 2018.
[26] K. Huang, X. Wang, and Z. Lin. Practical multiauthority attribute-based access control for edge-cloud-aided internet of things. Security and Communication Networks, 2021, 2021.
[27] M. La Manna, P. Perazzo, and G. Dini. Seabrew: A scalable attribute-based encryption revocable scheme for low-bitrate iot wireless networks. Journal of Information Security and Applications, 58:102692, 2021.
[28] M. Ali, J. Mohajeri, M.R. Sadeghi, and X. Liu. Attribute-based fine-grained access control for outscored private set intersection computation. Information Sciences, 536:222–243, 2020.
[29] M. Ali, J. Mohajeri, M.R. Sadeghi, and X. Liu. A fully distributed hierarchical attribute-based encryption scheme. Theoretical Computer Science, 815:25–46, 2020.
[30] Maryam Zarezadeh, Maede Ashouri Taluki, and Mohammad Siavashi. Attribute-based access control for cloud-based electronic health record(ehr) systems. ISeCure, 12(2), 2020.
[31] Aniseh Najafi, Majid Bayat, and Hamid Haj Seyyed Javadi. Privacy preserving attribute-based encryption with conjunctive keyword search for e-health records in cloud. ISeCure, 13(2), 2021.
[32] Sajjad Palanki and Alireza Shafieinejad. Attribute-based encryption with efficient attribute revocation, decryption outsourcing, and multi-keyword searching in cloud storage. ISeCure, 14(3), 2022.
[33] X. Yan, H. Ni, Y. Liu, and D. Han. Privacy-preserving multi-authority attribute-based encryption with dynamic policy updating in phr. Computer Science and Information Systems, 16(3):831–847, 2019.
[34] H. Xiong, Y. Zhao, L. Peng, H. Zhang, and K.H.Yeh. Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Generation Computer Systems, 97:453–461, 2019.
[35] S. Even, O. Goldreich, and S. Micali. On-line/off-line digital signatures. Journal of Cryptology, 9(1):35–67, 1996.
[36] M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In International Conference on the Theory and Applications of Cryptographic Techniques, pages 127–144. Springer, 1998.
[37] Q. Liu, G. Wang, and J. Wu. Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Information sciences, 258:355–370, 2014.
[38] Q. Liu, G. Wang, and J. Wu. Clock-based proxy re-encryption scheme in unreliable clouds. In 2012 41st International Conference on Parallel Processing Workshops, pages 304–305. IEEE, 2012.
[39] H. Li, D. Liu, K. Alharbi, S. Zhang, and X. Lin.Enabling fine-grained access control with efficient attribute revocation and policy updating in smart grid. TIIS, 9(4):1404–1423, 2015.
[40] Q. Huang, L. Wang, and Y. Yang. Decent: Secure and fine-grained data access control with policy updating for constrained iot devices. World Wide Web, 21(1):151–167, 2018.
[41] K. Sethi, A. Pradhan, and P. Bera. Practical traceable multi-authority cp-abe with outsourcing decryption and access policy updation. Journal of Information Security and Applications, 51:102435, 2020.
[42] Jingwei Wang, Xinchun Yin, Jianting Ning, Shengmin Xu, Guowen Xu, and Xinyi Huang. Secure updatable storage access control system for ehrs in the cloud. IEEE Transactions on Services Computing, 2022.
[43] X. Yan, G. He, J. Yu, Y. Tang, and M. Zhao. Of-fline/online outsourced attribute-based encryption with partial policy hidden for the internet of things. Journal of Sensors, 2020, 2020.
[44] H. Tian, X. Li, H. Quan, C.C. Chang, and T. Baker. A lightweight attribute-based access control scheme for intelligent transportation system with full privacy protection. IEEE Sensors Journal, 2020.
[45] J. Sun, H. Xiong, X. Liu, Y. Zhang, X. Nie, and R.H. Deng. lightweight and privacy-aware fine-grained access control for iot-oriented smart health. IEEE Internet of Things Journal, 7(7):6566–6575, 2020.
[46] Chenbin Zhao, Li Xu, Jiguo Li, He Fang, and Yinghui Zhang. Toward secure and privacy-preserving cloud data sharing: Online/offline multiauthority cp-abe with hidden policy. IEEE Systems Journal, 16(3):4804–4815, 2022.
[47] Yinghui Zhang, Xuanni Wei, Jin Cao, Jianting Ning, Zuobin Ying, and Dong Zheng. Blockchain-enabled decentralized attribute-based access control with policy hiding for smart healthcare. Journal of King Saud University-Computer and
Information Sciences, 34(10):8350–8361, 2022.
[48] Jing Cheng and Mi Wen. An efficient attribute encryption scheme with privacy-preserving policy in smart grid. International Journal of Network Security, 25(1):140–150, 2023.
[49] M. Chegenizadeh, M. Ali, J. Mohajeri, and M.R.Aref. An anonymous attribute-based access control system supporting access structure update. In 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pages 85–91. IEEE, 2019.
[50] Mahdi MahdaviOliaee and Zahra Ahmadian. Fine-grained flexible access control: ciphertext policy attribute based encryption for arithmetic circuits. Journal of Computer Virology and Hacking Techniques, pages 1–14, 2022.
[51] Mahdi Mahdavi, Mohammad Hesam Tadayon, Mohammad Sayad Haghighi, and Zahra Ahmadian. Iot-friendly, pre-computed and outsourced attribute based encryption. Future Generation Computer Systems, 150:115–126, 2024.
[52] D. Boneh and M. Franklin. Identity-based encryption from the weil pairing. In Annual international cryptology conference, pages 213–229. Springer, 2001.
[53] D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In Annual international cryptology conference, pages 41–55. Springer, 2004.
[54] O. Blazy, E. Conchon, M. Klingler, and D. Sauveron. An iot attribute-based security framework for topic-based publish/subscribe systems. IEEE Access, 9:19066–19077, 2021.
[55] L. Cheung and C. Newport. Provably secure ciphertext policy abe. In Proceedings of the 14th ACM conference on Computer and communications security, pages 456–465, 2007.