Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes

Yinhao Jiang, Willy Susilo, Yi Mu, Fuchun Guo

Research output: Contribution to journalArticlepeer-review

22 Citations (Scopus)


Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated, but the original encryptor might be unavailable to re-encrypt the message, which makes it impractical. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to update access policies in ciphertext-policy attribute-based encryption (CP-ABE) systems efficiently without encrypting each ciphertext with new access policies. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the augmented multi-sequences of exponents decisional Diffie–Hellman assumption. We also present a different construction in which certain attributes in an access policy can be preserved by the original encryptor, while other attributes can be revoked efficiently so that the ability of attribute revocation can be appropriately restrained.
Original languageEnglish
Pages (from-to)533-548
Number of pages16
JournalInternational Journal of Information Security
Issue number5
Early online date07 Aug 2017
Publication statusPublished - 2018


Dive into the research topics of 'Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes'. Together they form a unique fingerprint.

Cite this