With the development of cloud computing, many enterprises have been interested in outsourcing their data to cloud servers to decrease IT costs and rise capabilities of provided services. To afford confidentiality and fine-grained data access control, attribute-based encryption (ABE) was proposed and used in several cloud storage systems. However, scalability and flexibility in key delegation and user revocation mechanisms are primary issues in ABE systems. In this paper, we introduce the concept of a fully distributed revocable ciphertext-policy hierarchical ABE (FDR-CP-HABE) and design the first FDR-CP-HABE scheme. Our scheme offers a high level of flexibility and scalability in the key delegation and user revocation phases. Moreover, our scheme is efficient and provides lightweight computation in the decryption phase. Indeed, by exploiting a computation outsourcing technique, most of the operations are executed by the powerful cloud server, and very few computations are left to the users. Also, the storage cost on the user side is significantly decreased as compared to similar schemes. Furthermore, using the hardness assumption of DBDH problem, we prove that our scheme is adaptively secure in the standard model. Our security analyses and implementation results indicate that our scheme is efficient, secure, and scalable.

随着云计算的发展，许多企业对将其数据外包到云服务器以降低IT成本和提高所提供服务的功能感兴趣。为了提供机密性和细粒度的数据访问控制，提出了基于属性的加密（ABE）并将其用于多个云存储系统。但是，密钥委派和用户吊销机制的可伸缩性和灵活性是ABE系统中的主要问题。在本文中，我们介绍了完全分布式的可撤销密文策略分层ABE（FDR-CP-HABE）的概念，并设计了第一个FDR-CP-HABE方案。我们的方案在关键委托和用户吊销阶段提供了高度的灵活性和可伸缩性。而且，我们的方案是有效的，并且在解密阶段提供轻量级的计算。确实，通过利用计算外包技术，大多数操作都由功能强大的云服务器执行，几乎没有计算留给用户。而且，与类似方案相比，用户侧的存储成本显着降低。此外，使用DBDH问题的硬度假设，我们证明了我们的方案在标准模型中是自适应安全的。我们的安全性分析和实施结果表明，我们的方案高效，安全且可扩展。我们证明了我们的方案在标准模型中是自适应安全的。我们的安全性分析和实施结果表明，我们的方案高效，安全且可扩展。我们证明了我们的方案在标准模型中是自适应安全的。我们的安全性分析和实施结果表明，我们的方案高效，安全且可扩展。