查看文章

In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user secret key is associated with a set of attributes, and the ciphertext is associated with an access structure or decryption policy over attributes. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the decryption policy specified in the ciphertext. Several CP-ABE schemes have been proposed, however, to become practical the problem of revocation and delegation should be addressed. In this paper, we propose Ciphertext-Policy Attribute-Based Threshold Decryption (CP-ABTD) which extends CP-ABE with flexible attribute delegation and instantaneous attribute revocation. CP-ABTD has three advantages over CP-ABE. First, Alice (delegator), who has a secret key associated with a set of attributes, can delegate her authorization to Bob (delegatee). Second, Alice can decide whether to allow Bob to be able to delegate her authorization further. Third, the proposed scheme achieves instantaneous attribute revocation, that is, once the attribute is revoked the user cannot use it in the decryption phase. We demonstrate how to apply the proposed CP-ABTD scheme to securely manage Personal Health Records (PHRs).