Revocable Attribute-Based Encryption Scheme with Cryptographic Reverse Firewalls

With the prevalence of information sharing, preserving the confidentiality of sensitive data has become paramount. Attribute-based encryption (ABE) has become a viable option to tackle this problem. Using a set of attributes, data owners can encrypt data with ABE, and data is only accessible by users with the required attributes and authorization. However, there are various limitations associated with the traditional CP-ABE scheme, such as embedding user-sensitive information in the access structures without any hidden operations, an inability to effectively address the issue of user attribute changes, and vulnerability to internal attacks from cryptography devices. To address these limitations, researchers have proposed various enhanced ABE schemes. Mironov presented a concept of cryptographic reverse firewall (CRF) in Eurocrypt 2015, which could resist certain compromised machines from leaking secret information. The CRF has been deployed in many cryptographic systems, but its application in the ABE field has been relatively limited. This paper presents a novel attribute-based encryption scheme which incorporates attribute revocation, hidden policy components, and CRF mechanism to prevent attackers from internal attacks on cryptography devices. This scheme is applicable in various applications, such as cloud computing, where secure data sharing is required.