Ring-LWE Identity-Based Encryption with Dynamic Revocation for Cloud Data Sharing
Article Sidebar
Main Article Content
Abstract
Cloud storage faces significant security and access control challenges due to reduced user oversight and the emerging threat of quantum computing to traditional cryptographic methods. Existing revocable Identity-Based Encryption (IBE) schemes are limited by their lack of postquantum security, inefficient revocation mechanisms that require re-encryption of data, and cumbersome key update procedures. We propose a post-quantum secure Ring-LWE IBE scheme with dynamic time-based revocation tailored for cloud environments. Our solution is built on the hardness of the Ring Learning with Errors (RLWE) problem to ensure quantum resistance and introduces a novel time-based revocation framework. In our approach, user access is bound to discrete periods and managed through a hierarchical binary tree structured over identities and time. This design eliminates the need to re-encrypt stored data upon user revocation. Instead, a trusted authority periodically distributes lightweight key updates exclusively to non-revoked users. Thanks to the binary tree structure, non-revoked users can compute updated decryption keys with only O (log Nₘₐₓ) overhead in both computation and communication, where Nₘₐₓ is the maximum number of users or periods. Revoked users, having no access to future updates, lose decryption capabilities. We provide formal security proofs showing the scheme’s resistance against adaptive identity and time-period-based attacks, grounded in the RLWE assumption. Overall, our scheme offers an effective combination of post-quantum security, efficient access control, and simplified key management, making it suitable for secure cloud data sharing in the quantum era.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
References
Mark Russinovich. Confidential computing: Elevating cloud security and privacy. Commun. ACM, 67(1):52–53, 2024.
DOI: https://doi.org/10.1145/3624577.
Nabeil Eltayieb, Rashad Elhabob, Abdeldime M. S. Abdelgader, Yongjian Liao, Fagen Li, and Shijie Zhou. Certificateless Proxy Re-Encryption with Cryptographic Reverse Firewalls for Secure Cloud Data Sharing. Future Gener. Comput. Syst., 162:107478, 2025. . URL DOI: https://doi.org/10.1016/j.future.2024.08.002
Tarun Kumar, Prabhat Kumar, and Suyel Namasudra. User revocation-enabled access control model utilising identity-based signatures in a cloud computing environment. Int. J. Interact. Multim. Artif. Intell., 9(1): 127, 2024. DOI: https://doi.org/10.9781/ijimai.2024.05.001
Rouzbeh Behnia, Attila A. Yavuz, Muslum Ozgur Ozmen, and Tsz Hon Yuen. Compatible Certificateless and Identity-Based Cryptosystems for Heterogeneous IoT, 2021. DOI: https://arxiv.org/abs/2103.09345
Qi Yuan, Hao Yuan, Jing Zhao, Meitong Zhou, Yue Shao, Yanchun Wang, and Shuo Zhao. Distributed identity authentication with Lenstra-Lenstra Lovász algorithm, ciphertext policy attribute-based encryption from lattices: An efficient approach based on the ring learning with errors problem. Entropy, 26(9), 729, 2024. DOI: https://doi.org/10.3390/e26090729
Yang Yang, Jianguo Sun, Zechao Liu, and Yuqing Qiao. Practical revocable and multi-authority CP-ABE scheme from RLWE for cloud computing. J. Inf. Secur. Appl., 65:103108, 2022. DOI: https://doi.org/10.1016/j.jisa.2022103108.
Mamatha, G. S., Dimri, N., & Sinha, R. Post Quantum Cryptography: Securing Digital Communication in the Quantum Era. arXiv preprint arXiv:2403.1174. DOI: https://doi.org/10.48550/arXiv.2403.11741
Goichiro Hanaoka and Shota Yamada. A survey on identity-based encryption from lattices. In Tsuyoshi Takagi, Masato Wakayama, Keisuke Tanaka, Noboru Kunihiro, Kazufumi Kimoto, and Dung Hoang Duong, editors, Mathemati-17cal Modelling for Next-Generation Cryptography: CREST Crypto-Math Project, Mathematics for Industry, pages 349–365. Springer Singapore, 2017.
DOI: https://doi.org/10.1007/978-981-10-5065-719
Juyan Li, Jialiang Peng, and Zhiqi Qiao. A ring learning with errors-based ciphertext-policy attribute-based proxy re-encryption scheme for secure big data sharing in a cloud environment. Big Data, 12(5), 357–366, 2024. DOI: https://doi.org/10.1089/big.2021.0301
Ximing Li, Hao Wang, and Sha Ma. An efficient ciphertext-policy weighted attribute-based encryption with collaborative access for cloud storage. Comput. Stand. Interfaces, 91:103872, 2025. DOI: https://doi.org/10.1016/j.csi.2024.103872
Oumaima Ghandour, Said El Kafhali, and Mohamed Hanini. Scalability performance analysis of computing resources in cloud computing data centres. J. Grid Comput., 21(4):61, 2023. DOI: https://doi.org/10.1007/s10723-023-09696-5
Zhen Zhao, Baocang Wang, and Wen Gao. Identity-based encryption with equality test supporting accountable authorization in cloud computing. J. Comput. Sci. Technol., 40(1): 215–228, 2025. DOI: https://doi.org/10.1007/s11390-024-2933-y
Nabeil Eltayieb, Rashad Elhabob, Abdeldime M. S. Abdelgader, Yongjian Liao, Fagen Li, and Shijie Zhou. Certificateless Proxy Re-Encryption with Cryptographic Reverse Firewalls for Secure Cloud Data Sharing. Future Gener. Comput. Syst., 162:107478, 2025.
DOI: https://doi.org/10.1016/j.future.2024.08.002.
Rouzbeh Behnia, Attila A. Yavuz, Muslum Ozgur Ozmen, and Tsz Hon Yuen. Compatible Certificateless and Identity-Based Cryptosystems for Heterogeneous IoT, 2021. DOI: https://arxiv.org/abs/2103.09345
Tarun Kumar, Prabhat Kumar, and Suyel Namasudra. User revocation-enabled access control model utilising identity-based signatures in a cloud computing environment. Int. J. Interact. Multim. Artif. Intell., 9(1): 127, 2024. DOI: https://doi.org/10.9781/ijimai.2024.05.001.
Mikael Carmona, Doryan Lesaignoux, and Antoine Loiseau. On the Implementation of a Lattice-Based Revocable Hierarchical IBE. In Sabrina De Capitani di Vimercati and Pierangela Samarati, editors, Proceedings of the 20th International Conference on Security and Cryptography, SECRYPT 2023, Rome, Italy, July 10-12, 2023, pages 617–623. SCITEPRESS, 2023.
DOI: https://doi.org/10.5220/0012047800003555
Yuri Lucas Direbieski, Hiroki Tanioka, Kenji Matsuura, Hironori Takeuchi, Masahiko Sano, and Tetsushi Ueta. Security Impact Analysis of Degree of Field Extension in Lattice Attacks on Ring-LWE Problem. In Hossain Shahriar, Yuuichi Teranishi, Alfredo Cuzzocrea, Moushumi Sharmin, Dave Towey, A. K. M. Jahangir Alam Majumder, Hiroki Kashiwazaki, Ji-Jiang Yang, Michiharu Takemoto, Nazmus Sakib, Ryohei Banno, and Sheikh Iqbal Ahamed, editors, 47th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2023, Torino, Italy, June 26-30, 2023, pages 1441–1446. IEEE, 2023. DOI: https://doi.org/10.1109/COMPSAC57700.2023.00221
Cecilia Boschini, Darya Kaviani, Russell W. F. Lai, Giulio Malavolta, Akira Takahashi, and Mehdi Tibouchi. Ringtail: Practical two-round threshold signatures from learning with errors. IACR Cryptol. ePrint Arch., page 1113, 2024. URL https://eprint.iacr.org/2024/1113
Dana Dachman-Soled, Huijing Gong, Mukul Kulkarni, and Aria Shahverdi. (in)Security of Ring-LWE under Partial Key Exposure. J. Math. Cryptol., 15(1): 72–86, 2021. DOI: https://doi.org/10.1515/jmc-2020-0075.
Qi Yuan, Hao Yuan, Jing Zhao, Meitong Zhou, Yue Shao, Yanchun Wang, and Shuo Zhao. Distributed identity authentication with Lenstra-Lenstra-Lovász algorithm, ciphertext policy attribute-based encryption from lattices: An efficient approach based on the ring learning with errors problem. Entropy, 26(9), 729, 2024. DOI: https://doi.org/10.3390/e26090729.
Yixin Jiang, Chuang Lin, Minghui Shi, and Xuemin (Sherman) Shen. Hash-BinaryTree Based Group Key Distribution with Time-Limited Node Revocation, pages 339–366. 2007. https://uwaterloo.ca/broadband-communications-research-lab/publications/hash-binary-tree-based-group-key-distribution-time-limited
Ximing Li, Hao Wang, and Sha Ma. An efficient ciphertext-policy weighted attribute-based encryption with collaborative access for cloud storage. Comput. Stand. Interfaces, 91:103872, 2025. DOI: https://doi.org/10.1016/j.csi.2024 .103872.
Hua Deng, Hui Yin, Zheng Qin, Lu Ou, Fangmin Li, and Ningchao Ge. Toward Fine-Grained and Forward-Secure Access Control in Cloud-Assisted IoT. IEEE Internet Things J., 11(22):36569–36580, 2024. DOI: https://doi.org/10.1109/JIOT .2024.3423367.
Dan Brownstein, Shlomi Dolev, and Niv Gilboa. Broadcast encryption with both temporary and permanent revocation. In Stabilization, Safety, and Security of Distributed Systems, pages 469–483. Springer, 2017. https://dblp.org/pid/d/ShlomiDolev