Certificateless cryptosystems have attracted great interests in cryptographic research since its invention. Because compared with traditional public key cryptosystems or identity-based cryptosystems, they could not only simplify the certificate management, but also alleviate the key escrow problem. In certificateless cryptosystems, user revocation is a challenging issue. To address this issue, one popular method is to update the key via public channels. However, most of the existing schemes in this approach are impractical because of the following two shortcomings. Firstly, the user needs to maintain a list of decryption keys, but the size of the list will keep increasing. Secondly, the revoked user can still recover the plaintexts of the encrypted data prior to revocation, and this is a particular threat in some applications. To solve these problems, this paper presents revocable certificateless encryption with ciphertext evolution. We give a generic construction and then describe how it can be initialized concretely. In our proposed scheme, the user only needs to keep one decryption key, and once a user is revoked, it can no longer decrypt any ciphertext in the server. Moreover, the IND-CCA security model is defined against three types of attacks. And our schemes are formally proved to satisfy these security requirements.

中文翻译：

---

CCA 安全和可撤销的无证书加密与密文演进

无证书密码系统自发明以来就引起了密码学研究的极大兴趣。因为与传统的公钥密码系统或基于身份的密码系统相比，它们不仅可以简化证书管理，还可以缓解密钥托管问题。在无证书密码系统中，用户撤销是一个具有挑战性的问题。为了解决这个问题，一种流行的方法是通过公共渠道更新密钥。然而，由于以下两个缺点，这种方法中的大多数现有方案都是不切实际的。首先，用户需要维护一个解密密钥列表，但列表的大小会不断增加。其次，被撤销的用户仍然可以在撤销之前恢复加密数据的明文，这在某些应用程序中是一个特殊的威胁。为了解决这些问题，本文提出了具有密文演化的可撤销无证书加密。我们给出一个通用结构，然后描述如何具体初始化它。在我们提出的方案中，用户只需要保留一个解密密钥，一旦用户被撤销，就不能再解密服务器中的任何密文。此外，IND-CCA 安全模型针对三种类型的攻击进行了定义。并且我们的方案被正式证明可以满足这些安全要求。IND-CCA 安全模型针对三种类型的攻击进行了定义。并且我们的方案被正式证明可以满足这些安全要求。IND-CCA 安全模型针对三种类型的攻击进行了定义。并且我们的方案被正式证明可以满足这些安全要求。