Soft Computing

, Volume 23, Issue 2, pp 497–506 | Cite as

Forward and backward secure fuzzy encryption for data sharing in cloud computing

  • Jianghong WeiEmail author
  • Xuexian Hu
  • Wenfen Liu
  • Qihui Zhang
Methodologies and Application


The great benefits introduced by big data analysis technology motivate both individuals and enterprises to collect and share the data over the internet. Although cloud storage provides a perfect platform for data sharing, the security issue becomes the principal obstacle to preventing users from outsourcing their data to cloud servers, especially when the data involve sensitive information. As a new variant of public-key encryption scheme, attribute-based encryption (ABE) provides a fuzzy matching between the data encryptor and decryptor. That is, the encryptor ensures that all those users with attributes satisfying the defined access policy can decrypt the shared data, but cannot identify which one can do that. Thus, the ABE scheme can preserve user privacy, and is regarded as a promising solution of securing data sharing in the cloud storage system. But the original ABE scheme cannot be directly deployed for several practical issues, such as key exposure and user revocation. In this paper, we simultaneously conquer the above two issues and put forward a forward and backward secure ciphertext-policy ABE scheme such that a revealed user secret key is useless for decrypting any ciphertexts. The proposed forward and backward secure ABE scheme is proved secure under a q-type assumption in the selective model, without random oracles. The performance discussion indicates that the proposed scheme provides stronger security guarantees than other similar ABE schemes, and thus is more desirable for cloud storage systems.


Attribute-based encryption Data sharing Fuzzy identity Forward and backward security 



This work is supported by the National Nature Science Foundation of China (Nos. 61702549, 61502527, 61379150).

Compliance with ethical standards

Conflict of interest

The authors declare that they have no conflicts of interest.

Ethical standard

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. Abdalla M, Reyzin L (2000) A new forward-secure digital signature scheme. In: Advances in cryptology-ASIACRYPT 2000, Springer, pp 116–129Google Scholar
  2. Anderson R (1997) Two remarks on public key cryptology. Unpublished Available from http://www.clcamacuk/users/rja14
  3. Attrapadung N, Imai H (2009) Attribute-based encryption supporting direct/indirect revocation modes. In: IMA international conference on cryptography and coding, Springer, pp 278–300Google Scholar
  4. Beimel A (1996) Secure schemes for secret sharing and key distribution. Ph.D. thesis, Technion-Israel Institute of technology, Faculty of computer scienceGoogle Scholar
  5. Bellare M, Miner SK (1999) A forward-secure digital signature scheme. In: Advances in cryptology CRYPTO99, Springer, pp 431–448Google Scholar
  6. Boldyreva A, Goyal V, Kumar V (2008) Id-based encryption with efficient revocation. In: CCS 2008, ACM, pp 417–426Google Scholar
  7. Canetti R, Halevi S, Katz J (2007) A forward-secure public-key encryption scheme. J Cryptol 20(3):265–294MathSciNetCrossRefzbMATHGoogle Scholar
  8. Cui H, Deng RH, Li Y, Qin B (2016) Server-aided revocable attribute-based encryption. In: European symposium on research in computer security, Springer, pp 570–587Google Scholar
  9. Fu Z, Sun X, Liu Q, Zhou L, Shu J (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun 98(1):190–200CrossRefGoogle Scholar
  10. Fu Z, Huang F, Sun X, Vasilakos A, Yang CN (2016a) Enabling semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Serv Comput. doi: 10.1109/TSC.2016.2622697
  11. Fu Z, Wu X, Guan C, Sun X, Ren K (2016b) Toward efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Trans Inf Forensics Secur 11(12):2706–2716CrossRefGoogle Scholar
  12. He D, Wang D, Xie Q, Chen K (2017a) Anonymous handover authentication protocol for mobile wireless networks with conditional privacy preservation. Sci China Inf Sci 60(5):104CrossRefGoogle Scholar
  13. He D, Wang H, Zhang J, Wang L (2017b) Insecurity of an identity-based public auditing protocol for the outsourced data in cloud storage. Inf Sci 375:48–53CrossRefGoogle Scholar
  14. Hong J, Xue K, Li W (2015) Security analysis of attribute revocation in multiauthority data access control for cloud storage systems. IEEE Trans Inf Forensics Secur 10(6):1315–1317CrossRefGoogle Scholar
  15. Huang X, Liu JK, Tang S, Xiang Y, Liang K, Xu L, Zhou J (2015) Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans Comput 64(4):971–983MathSciNetCrossRefzbMATHGoogle Scholar
  16. Itkis G, Reyzin L (2001) Forward-secure signatures with optimal signing and verifying. In: Advances in cryptology crypto 2001, Springer, pp 332–354Google Scholar
  17. Kiraz MS (2016) A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing. J Ambient Intell Humaniz Comput 7(5):731–760CrossRefGoogle Scholar
  18. Kitagawa T, Kojima H, Attrapadung N, Imai H (2015) Efficient and fully secure forward secure ciphertext-policy attribute-based encryption. In: 16th International conference on information security, Springer, pp 87–99Google Scholar
  19. Kozlov A, Reyzin L (2003) Forward-secure signatures with fast key update. In: Security in communication networks, Springer, pp 241–256Google Scholar
  20. Kumari S, Khan MK, Atiquzzaman M (2015) User authentication schemes for wireless sensor networks: a review. Ad Hoc Netw 27:159–194CrossRefGoogle Scholar
  21. Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Future Gen Comput Syst 63:56–75CrossRefGoogle Scholar
  22. Kumari S, Li X, Wu F, Das AK, Choo KKR, Shen J (2017) Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Future Gen Comput Syst 68:320–330CrossRefGoogle Scholar
  23. Li J, Li X, Wang L, He D, Ahmad H, Niu X (2017) Fuzzy encryption in cloud computation: efficient verifiable outsourced attribute-based encryption. Soft Comput. doi: 10.1007/s00500-017-2482-1 Google Scholar
  24. Liang X, Li X, Lu R, Lin X, Shen X (2011) An efficient and secure user revocation scheme in mobile social networks. In: Global telecommunications conference (GLOBECOM 2011), IEEE, pp 1–5Google Scholar
  25. Liu JK, Yuen TH, Zhou J (2011) Forward secure ring signature without random oracles. In: International conference on information and communications security, Springer, pp 1–14Google Scholar
  26. Mayer-Schönberger V, Cukier K (2013) Big data: a revolution that will transform how we live, work, and think. Houghton Mifflin HarcourtGoogle Scholar
  27. Okamoto T, Takashima K (2011) Efficient attribute-based signatures for non-monotone predicates in the standard model. In: Public key cryptography–PKC 2011, Springer, pp 35–52Google Scholar
  28. Park Y, Sur C, Rhee KH (2016) Pseudonymous authentication for secure V2I services in cloud-based vehicular networks. J Ambient Intell Humaniz Comput 7(5):661–671CrossRefGoogle Scholar
  29. Rouselakis Y, Waters B (2013) Practical constructions and new proof methods for large universe attribute-based encryption. In: CCS 2013, ACM, pp 463–474Google Scholar
  30. Sahai A, Waters B (2005) Fuzzy id-based encryption. In: Advances in cryptology–EUROCRYPT 2005, Springer, pp 457–473Google Scholar
  31. Seo JH, Emura K (2013) Revocable id-based encryption revisited: Security model and construction. In: Public-key cryptography–PKC 2013, Springer, pp 216–234Google Scholar
  32. Shi Y, Zheng Q, Liu J, Han Z (2015) Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Inf Sci 295:221–231MathSciNetCrossRefzbMATHGoogle Scholar
  33. Wang D, He D, Wang P, Chu CH (2015) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Secur Comput 12(4):428–442CrossRefGoogle Scholar
  34. Wang H, He D, Shen J, Zheng Z, Zhao C, Zhao M (2016) Verifiable outsourced ciphertext-policy attribute-based encryption in cloud computing. Soft Comput. doi: 10.1007/s00500-016-2271-2 zbMATHGoogle Scholar
  35. Wang H, He D, Shen J, Zheng Z, Yang X, Au MH (2017) Fuzzy matching and direct revocation: a new CP-ABE scheme from multilinear maps. Soft Comput. doi: 10.1007/s00500-017-2488-8 zbMATHGoogle Scholar
  36. Waters B (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Public key cryptography–PKC 2011, Springer, pp 53–70Google Scholar
  37. Wei J, Liu W, Hu X (2014) Forward-secure threshold attribute-based signature scheme. Comput J 58(10):2492–2506CrossRefGoogle Scholar
  38. Wei J, Liu W, Hu X (2015) Secure control protocol for universal serial bus mass storage devices. IET Comput Digit Tech 9(6):321–327CrossRefGoogle Scholar
  39. Wei J, Hu X, Liu W (2017a) Two-factor authentication scheme using attribute and password. Int J Commun Syst 30(1):1–14CrossRefGoogle Scholar
  40. Wei J, Liu W, Hu X (2017b) Forward-secure identity-based signature with efficient revocation. Int J Comput Math 94(7):1390–1411MathSciNetCrossRefzbMATHGoogle Scholar
  41. Wu W, Hu S, Yang X, Liu JK, Au MH (2017) Towards secure and cost-effective fuzzy access control in mobile cloud computing. Soft Comput 21(10):2643–2649CrossRefGoogle Scholar
  42. Xia Z, Wang X, Sun X, Wang Q (2016a) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst 27(2):340–352CrossRefGoogle Scholar
  43. Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K (2016b) A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(11):2594–2608CrossRefGoogle Scholar
  44. Xu J, Wen Q, Li W, Shen J, He D (2016) Succinct multi-authority attribute-based access control for circuits with authenticated outsourcing. Soft Comput. doi: 10.1007/s00500-016-2244-5 zbMATHGoogle Scholar
  45. Yang K, Jia X, Ren K, Zhang B, Xie R (2013) Dac-macs: effective data access control for multiauthority cloud storage systems. IEEE Trans Inf Forensics Secur 8(11):1790–1801CrossRefGoogle Scholar
  46. Yu J, Hao R, Kong F, Cheng X, Fan J, Chen Y (2011a) Forward-secure identity-based signature: security notions and construction. Inf Sci 181(3):648–660MathSciNetCrossRefzbMATHGoogle Scholar
  47. Yu J, Kong F, Cheng X, Hao R, Fan J (2011b) Forward-secure identity-based public-key encryption without random oracles. Fundam Inform 111(2):241–256MathSciNetzbMATHGoogle Scholar
  48. Yu S, Wang C, Ren K, Lou W (2010) Attribute based data sharing with attribute revocation. In: ASIACCS 2010, ACM, pp 261–270Google Scholar
  49. Zhang M, Wu L, Wang XA, Yang X (2016) Unidirectional ibpre scheme from lattice for cloud computation. J Ambient Intell Humaniz Comput 7(5):623–631CrossRefGoogle Scholar
  50. Zhang Y, Wu A, Zheng D (2017) Efficient and privacy-aware attribute-based data sharing in mobile cloud computing. J Ambient Intell Humaniz Comput. doi:  10.1007/s12652-017-0509-1
  51. Zhong H, Zhu W, Xu Y, Cui J (2016) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput. doi: 10.1007/s00500-016-2330-8 zbMATHGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  1. 1.State Key Laboratory of Mathematical Engineering and Advanced ComputingZhengzhouChina
  2. 2.School of Computer Science and Information Security, Guangxi Key Laboratory of Cryptography and Information SecurityGuilin University of Electronic TechnologyGuilinChina

Personalised recommendations