As the only approved Identity-Based Encryption scheme in China that is also standardized by ISO, SM9-IBE has been widely adopted in many real-world applications. However, similar to other IBE standard algorithms, SM9-IBE currently lacks revocation mechanism, which is vital for a real system. Worse still, we find that existing revocable techniques may not be suitable and efficient when applying to SM9-IBE. Given the widespread use of SM9-IBE, an efficient and robust user revocation mechanism becomes an urgent issue.In this work, we propose a dedicated server-aided revocation mechanism, which for the first time achieves the secure, immediate and robust user revocation for SM9-IBE. Provided with a compact system model, the proposed method leverages an existing server to perform all heavy workloads during user revocation, thus leaving no communication and computation costs for the key generation center and users. Moreover, the mechanism supports key-exposure resistance, meaning the user revocation mechanism is robust even if the revocation key leaks. We then formally define and prove the security. At last, we present theoretical comparisons and an implementation in terms of computational latency and throughput. The results indicate the efficiency and practicability of the proposed mechanism.

中文翻译：

---

SM9 的服务器辅助立即和健壮的用户撤销机制

SM9-IBE 作为国内唯一获批并被 ISO 标准化的基于身份的加密方案，已在许多实际应用中得到广泛采用。但是，与其他 IBE 标准算法类似，SM9-IBE 目前缺乏对真实系统至关重要的撤销机制。更糟糕的是，我们发现现有的可撤销技术在应用于 SM9-IBE 时可能并不合适和有效。鉴于 SM9-IBE 的广泛使用，高效且稳健的用户撤销机制成为当务之急。在这项工作中，我们提出了一种专用的服务器辅助撤销机制，首次实现了安全、即时和稳健的用户撤销机制。 SM9-IBE。提供紧凑的系统模型，所提出的方法利用现有服务器在用户撤销期间执行所有繁重的工作负载，从而不给密钥生成中心和用户留下通信和计算成本。此外，该机制支持密钥暴露抵抗，这意味着即使撤销密钥泄漏，用户撤销机制也是健壮的。然后我们正式定义并证明安全性。最后，我们在计算延迟和吞吐量方面进行了理论比较和实现。结果表明了所提出机制的有效性和实用性。