RLP-ABE: Puncturable CP-ABE for Efficient User Revocation From Lattices in Cloud Storage

Cloud computing has become the predominant platform for data sharing due to its adaptability, cost-effectiveness, and ability to scale resources according to user demand. Ensuring secure and efficient data sharing has long been a central research focus, with attribute-based encryption (ABE) serving as a key cryptographic primitive. In real-world scenarios, user attributes often change, necessitating timely revocation of access rights. Common user revocation methods include direct and indirect revocation. Direct revocation is controlled by the data owner, who adds revocation information to a list and embeds it into ciphertext to revoke permissions. Indirect revocation is managed by an authorized authority or delegated third party, dynamically publishing revocation information and generating new keys and ciphertexts. Conventional direct and indirect revocation methods incur substantial communication and computation overheads, limiting their practical effectiveness, particularly in environments with frequent user access terminations. To address these challenges, we propose a novel puncturable ciphertext-policy ABE scheme based on lattice cryptography for user revocation, eliminating the need for key regeneration and revocation-list maintenance. The proposed approach effectively resists collusion, quantum, and chosen-plaintext attacks, and experimental evaluations demonstrate its advantages in storage consumption, communication cost, and computational overhead.