Attribute-based encryption scheme with multi-keyword search and supporting attribute revocation in cloud storage

We propose an attribute-based encryption scheme with multi-keyword search and supporting attribute revocation in cloud storage environment, in which binary attributes and AND-gate access policy are used. Our proposal enjoys several advantages. Firstly, multi-keyword search is available, and only when a data user's attribute set satisfies access policy in keyword index, and keyword token generated by data user matches index successfully, then data user can obtain ciphertext containing keywords. In this way, more accurate keyword search is achievable. Secondly, the search privacy of data user is protected owing to cloud servers cannot obtain any knowledge of keywords which data user is interested in. Meanwhile, the ciphertext is able to be decrypted when data user's attribute set satisfies access policy specified in the ciphertext, which can both improve security of encryption and achieve secure fine-grained access control. Thirdly, the proposed scheme supports attribute revocation, in our scheme when a data user's attribute is revoked, the version number of attribute, non-revoked data users' secret keys and related ciphertexts will be updated, such that data user whose attribute is revoked does not decrypt updated ciphertext anymore. In addition, based on the assumption of decisional linear (DL) and decisional Diffie-Hellman (DDH), our scheme is proved to be secure against selectively chosen-keyword attacks and selectively chosen-plaintext attacks respectively, and it also ensures token privacy security.