What question did this study set out to answer?

The aim is to develop an efficient encryption scheme that ensures data security and revocation in IoT environments.

February 9, 2026Open Access

LOR-A2ABE: Lightweight and Revocable Attribute-Anonymous ABE with Outsourced Decryption in Centralized IoT

Key Points

The aim is to develop an efficient encryption scheme that ensures data security and revocation in IoT environments.
Proposed a novel Lightweight, Outsourced, and Revocable Anonymous Attribute-Based Encryption scheme.
Implemented lightweight client-side revocation using version numbers and timestamps.
Enabled outsourcing of computations to the cloud for reduced burden on terminal devices.
Optimized security model adapted for resource-constrained IoT systems.
LOR-A2ABE demonstrates reduced computational overhead for resource-limited devices during decryption.
Achieved IND-CPA security and anonymity under the Decisional Linear (DLIN) assumption.
Outperformed existing schemes in terms of decryption and revocation efficiency.

Abstract

Due to the rapid proliferation and evolution of the Internet of Things (IoT) in industrial and smart city applications, concerns over sensitive data security have become increasingly prominent. This is especially true in resource-constrained “cloud–terminal” centralized architectures, where ensuring privacy protection for downlink data and implementing fine-grained access control have become critical. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) serves as an effective solution due to its fine-grained access control capability. Nevertheless, conventional CP-ABE approaches face notable limitations when deployed in these practical settings, including the lack of an efficient and lightweight client-side revocation mechanism, excessive decryption overhead on terminal devices, and the practical difficulty in balancing security with performance. To address these issues, this paper proposes LOR-A2ABE, a Lightweight, Outsourced, and Revocable Anonymous Attribute-Based Encryption scheme. The scheme achieves lightweight client-side revocation through partial updates by embedding version numbers and timestamps into keys and ciphertexts via hash mapping. Furthermore, it employs outsourcing to offload the majority of computations to the cloud, allowing client-side decryption with only constant, low-complexity operations, thereby significantly reducing the computational burden on resource-constrained terminals. Considering the practical context where client devices are typically resource-limited sensors or microcontrollers and downlink data often require real-time processing, our scheme adopts a practical security model optimized for IoT constraints. This model prioritizes forward security and efficient revocation—the most critical requirements for operational IoT systems—while maintaining provable security under the Decisional Linear (DLIN) assumption within a bounded collusion model, achieving IND-CPA security and anonymity. Theoretical analysis and experimental simulations show that LOR-A2ABE incurs acceptable and controllable overhead in the key issuance and encryption phases, while outperforming most existing schemes in decryption and revocation efficiency, making it particularly suitable for “cloud–terminal” centralized IoT environments where terminal devices are resource-constrained and require frequent decryption operations.

Bookmark

View Full Paper