The widespread adoption of cloud storage has made secure and flexible access control for outsourced data a core requirement. Although ciphertext-policy attribute-based encryption (CP-ABE) provides robust technical support for fine-grained access control, its practical deployment requires schemes that can simultaneously balance efficient user revocation and practical key tracing capabilities. However, existing CP-ABE schemes fail to meet these demands. To close this gap, we propose RT-CP-ABE, a revocable and traceable CP-ABE scheme. That is, it allows the authority to revoke users by broadcasting public update keys, while maintaining the ability to trace malicious users. The proposed RT-CP-ABE scheme, for the first time, unifies indirect revocation and fully collusion-resistant black-box tracing in prime-order groups. We rigorously demonstrate through formal proofs that our proposal achieves selective security and black-box traceability in the random oracle model. The theoretical analysis indicates that, compared with previous schemes, our scheme features compact key and ciphertext sizes. Moreover, it maintains millisecond-level encryption and decryption latency, demonstrating strong practicality.
Wang et al. (Mon,) studied this question.