Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation

Attribute-based encryption (ABE) enables an access control mechanism by specifying access control policies among decryption keys and ciphertexts. In this paper, we propose a novel ABE variant, dubbed directly revocable key-policyABEwith verifiable ciphertext delegation (drvuKPABE), which supports direct revocation and verifiable ciphertext delegation. The drvuKPABE offers the following features which are promising in the data sharing applications: (1) it allows the trusted authority to revoke users by solely updating the revocation list while mitigating the interaction with non-revoked users, which is unlikely to indirectly revokable ABE; (2) it allows the third party to update ciphertexts with public information so that those non-revoked users cannot decrypt them; and (3) it enables any auditor (authorized by data owners) to verify whether the untrusted third party updated ciphertexts correctly or not. We formalize the syntax and security properties for drvuKPABE, and propose the construction based on the multilinear maps. Our solution attains the security properties under the (d+3)(d+3)-Multilinear Decisional Diffie–Hellman assumption in the random oracle model.