Toward Trustworthy Delegation: Verifiable Outsourced Decryption with Tamper-Resistance in Public Cloud Storage

摘要

For building a secure cloud storage service on top of a public cloud infrastructure, attribute-based encryption (ABE) has been a preferred solution due to its flexible access control. ABE, however, incurs heavy computation cost on users during decryption. Thus, previous studies solved this problem by enabling cloud servers to perform a part of decryption operations on behalf of the users. In order to empower users to verify the correctness of the delegated decryption by the cloud, they employed a cryptographic commitment or message authentication code (MAC) to enable users to check the correctness of partial decryption of the cloud. However, the previous schemes fail to ensure the correctness of computation in the presence of malicious cloud servers. In this paper, we propose a novel and generic commitment scheme for ABE, which is secure against tampering attacks by malicious cloud servers. According to the performance analysis, the proposed scheme is only 0.5 ms slower on average than the previous commitment-based schemes and two to three times faster than the MAC-based scheme.