Compulsory Black-Box Traceable CP-ABE with Outsourcing of Computation

As an asymmetric encryption method capable of performing one-to-many encryption, the ciphertext-policy attribute-based encryption (CP-ABE) is widely recognized as an ideal cryptographic tool for cloud-based applications. It can empower data owners to independently and flexibly define and enforce access control policies for cloud-stored data. However, the practical implementation of CP-ABE-based cryptographic access control remains hindered by critical challenges. Firstly, malicious users may engage in key abuse by delegating attribute keys to unauthorized parties or exploiting their keys to construct decryption black-boxes for providing illegal decryption services. Consequently, a secure CP-ABE scheme must incorporate the capability to trace such malicious users who misuse their privileges. Secondly, for resource-constrained IoT devices, the substantial computational overhead of CP-ABE becomes prohibitive, making its deployment in scenarios like IoT-cloud services particularly challenging. In this paper, we propose a new CP-ABE scheme with black-box traceability and computational outsourcing capabilities. Our scheme can improve the tracing efficiency from O(N3) or O(rlogN) (as seen in traditional schemes) to O(1), where N is the number of system users. Furthermore, the proposed scheme features compulsory traceability and maintains outstanding performance in the aspects of encryption, decryption, and tracing operations.