Permanent Revocation in Attribute Based Broadcast Encryption

Abstract

We propose a new and efficient scheme for broadcast encryption. A broadcast encryption system allows a broadcaster to send an encrypted message to a dynamically chosen subset RS, |RS|=n, of a given set of users, such that only users in this subset can decrypt the message. An important component of broadcast encryption schemes is revocation of users by the broadcaster, thereby updating the subset RS. Revocation may be either temporary, for a specific cipher text, or permanent. In the existing public key schemes which support temporary revocation of the users, the broadcaster is required to keep track of the revoked users. We present the first public key broadcast encryption scheme that supports permanent revocation of users. Unlike previous schemes, the broadcaster in our scheme should not keep track of the revoked users (saving memory and computation power). Our scheme is fully collusion-resistant. In other words, even if all the revoked users collude, the revoked user cannot encrypt messages without receiving new keys from the broadcaster. The procedure is based on Cipher-text Policy Attribute-Based Encryption (CP-ABE). The overhead of revocation in our system is constant in all major performance measures including length of private and public keys, computational complexity, user's storage space, and computational complexity of encryption and decryption. The scheme we construct improves on our original scheme in a poster presentation [7] by a factor of O(log n) in all major performance measures.