Revocable Certificateless Encryption with Ciphertext Evolution

The user revocation of certificateless cryptosystems is an important issue. One of the existing solutions is to issue extra time keys periodically for every non-revoked user. However, since the scheme requires different time keys to decrypt data for different time periods, the user needs to hold a long list of time keys (linear growth with time), which is inefficient in practical applications. Moreover, the ciphertexts produced before revocation are still available to the revoked users, which is not acceptable in most applications such as cloud storage. To overcome these shortcomings, in this paper, we present an efficient solution called revocable certificateless encryption with ciphertext evolution. In our scheme, a current time key together with a private key are enough for the decryptions by non-revoked users. Meanwhile, revoked users cannot make decryptions on ciphertexts in the past any more. We give formal security proofs based on the IND-CPA model under the standard BDH problem.