The utmost important problem in identity-based cryptosystems is the issue of user revocation. One of the existing solutions in the literature is to issue extra time keys periodically for every non-revoked user over public channels. Unfortunately, this solution is inefficient and very impractical when applying to the cloud. Because the scheme requires different time keys to allow data decryption for different time periods, and therefore the user has to keep a long list of time keys, which grows linearly with time. Furthermore, it is worth noting that ciphertexts produced prior to the revocation will remain available to the revoked users, which is undesirable for most application scenarios. To the best of our knowledge, there is no existing work that can solve both the aforementioned problems simultaneously in a practical manner. In this paper, we present an efficient solution called ciphertext evolution. The ciphertexts evolve to new ones with cloud's aid and the old ones are deleted. At any time, the data user has to utilize its current decryption key to decrypt ciphertexts in the cloud. So, all the past time keys become invalid and the user only needs to keep the current one. If the user is revoked, it cannot decrypt any ciphertext in the cloud because it does not have the current time key. We present generic and concrete constructions of revocable identity-based encryption with ciphertext evolution (RIBE-CE), which are proven based on the IND-CPA security model. Subsequently, we also extend RIBE-CE to the broadcast setting by giving generic and concrete constructions of revocable identity-based broadcast encryption with ciphertext evolution, which are secure under the IND-sID-CPA security model. Our schemes can be applied to the (group) data sharing, which is very practical and applicable to the cloud setting.

在基于身份的密码系统中，最重要的问题是用户撤销问题。文献中现有的解决方案之一是通过公共频道为每个未撤销的用户定期发布额外的时间密钥。不幸的是，这种解决方案在应用于云时效率低下，而且非常不切实际。由于该方案需要不同的时间密钥以允许在不同时间段解密数据，因此用户必须保留一长列时间密钥，该列表随时间呈线性增长。此外，值得注意的是，撤消之前生成的密文将仍然可供撤消的用户使用，这对于大多数应用程序情况都是不希望的。据我们所知，尚无可同时解决上述两个问题的现有工作切实地。在本文中，我们提出了一种称为密文进化的有效解决方案。在云的帮助下，密文演变为新密文，而旧密文则被删除。在任何时候，数据用户都必须利用其当前的解密密钥来解密云中的密文。因此，所有过去的时间键都将变为无效，用户只需要保留当前的时间即可。如果用户被吊销，则它无法解密云中的任何密文，因为它没有当前时间密钥。我们介绍了具有密文演进功能的可撤销基于身份的加密的通用和具体构造（RIBE-CE），这是基于IND-CPA安全模型进行验证的。随后，我们还将RIBE-CE扩展到广播设置，方法是提供具有密文演变功能的可撤销基于身份的广播加密的通用和具体结构，这些结构在IND-sID-CPA安全模型下是安全的。我们的方案可以应用于（组）数据共享，这非常实用并且适用于云设置。