Revocation and renewal of access rights of users are desirable requirements of a practical access control solution. Recently, key-aggregate cryptosystems have attracted significant attention of the research community, due to their elegance and efficiency, as a tool for access control enforcement. However, key-aggregate encryption schemes proposed so far in the literature are suitable only for enforcing static predefined access control policies. This paper proposes a novel key-aggregate encryption scheme that efficiently handles dynamic access control policies. The proposed scheme not only has all key-aggregate characteristics, but can also efficiently revoke/add any data class from/to a given aggregate set. Further, unlike conventional key-aggregate cryptosystems, the proposed scheme can introduce a new data class in the cryptosystem without having to initialize it all over again. The proposed scheme requires constant length master-secret to be stored by the data owner and is proved IND-CPA secure under standard model assumption. We define forward security for the proposed key-aggregate cryptosystem and formally prove that the proposed construction is secure under the definition of forward security. Performance analysis in a practical dynamic hierarchical access control scenario further confirms suitability of the proposed scheme for enforcing dynamic access control policies.

撤销和更新用户的访问权限是实际访问控制解决方案的理想要求。近年来，由于密钥集合加密系统的优雅和高效，它已成为访问控制实施的一种工具，引起了研究界的极大关注。但是，到目前为止，文献中提出的密钥聚合加密方案仅适用于强制执行静态预定义的访问控制策略。本文提出了一种新颖的密钥聚合加密方案，可以有效处理动态访问控制策略。所提出的方案不仅具有所有密钥聚合特征，而且还可以有效地撤消/添加给定聚合集合中的任何数据类/向给定聚合集合添加任何数据类。此外，与传统的密钥聚合密码系统不同，所提出的方案可以在密码系统中引入新的数据类，而不必再次对其进行初始化。提出的方案要求数据所有者存储恒定长度的主密钥，并在标准模型假设下证明IND-CPA是安全的。我们为拟议的密钥聚合密码系统定义了前向安全性，并在前向安全性的定义下正式证明了所提出的构造是安全的。在实际的动态分层访问控制方案中的性能分析进一步证实了所提出的方案用于执行动态访问控制策略的适用性。我们为拟议的密钥聚合密码系统定义了前向安全性，并在前向安全性的定义下正式证明了所提出的构造是安全的。在实际的动态分层访问控制方案中的性能分析进一步证实了所提出的方案用于执行动态访问控制策略的适用性。我们为拟议的密钥聚合密码系统定义了前向安全性，并在前向安全性的定义下正式证明了所提出的构造是安全的。在实际的动态分层访问控制方案中的性能分析进一步证实了所提出的方案用于执行动态访问控制策略的适用性。