A traceable and multi-authority CP-ABE scheme for IoT medical devices

The Internet of Things (IoT) is rapidly transforming healthcare, enabling real-time monitoring and intelligent services. However, secure and accountable data sharing in such settings remains challenging due to stringent privacy requirements and the limited computing capabilities of IoT medical devices. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is widely used for fine-grained access control, and its multi-authority variant (MCP-ABE) enhances scalability by allowing decentralized attribute management. While recent works have explored traceability in MCP-ABE, most existing schemes remain too computationally heavy for practical deployment on constrained medical devices. To overcome this issue, we propose a traceable multi-authority CP-ABE scheme specifically tailored for IoT healthcare environments. The scheme introduces an IoT-aware lightweight decryption framework, where a locally deployed Data User Assistant performs all pairing-based computations and delivers a partially decrypted result to the user. Unlike traditional outsourced decryption, our scheme requires the user to encrypt only the key not the full dataset and avoids any ciphertext re-encryption. In the final decryption phase, the user device completes only a single exponentiation, reducing the decryption complexity from multiple pairing operations to a minimal computation load. This design substantially lowers the burden on user devices, making the scheme practically deployable in real-world medical IoT systems. Furthermore, our scheme integrates traceability into a decentralized multi-authority structure, supporting white-box accountability under the LRSW assumption while preserving collaborative key management and user privacy. Performance evaluation demonstrates its efficiency and suitability for resource-constrained healthcare scenarios.