Attribute‐Based Access Control With Credible Outsourcing and Collusion‐Resistant Revocation Based on Blockchain for Iomt

ABSTRACT The maturity of cloud computing and the Internet of Things (IoT) has greatly facilitated the growth of the healthcare industry. Nowadays, Personal Health Records (PHRs) collected by the Internet of Medical Things (IoMT) are shared with healthcare institutions through the public cloud. Ciphertext‐Policy Attribute‐Based Encryption (CP‐ABE) can protect PHRs' confidentiality while promoting sharing efficiency. However, current schemes suffer from high computation overhead and data leakage caused by privilege revocation. This paper proposes a CP‐ABE scheme with credible outsourcing and collusion‐resistant revocation based on blockchain for IoMT. Most encryption and decryption operations are outsourced to the cloud server, and the outsourced computation correctness is verified by the blockchain credibly. The user needs to perform only two exponential operations in encryption and one exponential operation in decryption. Furthermore, we no longer use the cloud server to update the ciphertext in privilege revocation to avoid data leakage. Meanwhile, we add a ciphertext private key bound to the ciphertext to perform decryption together with the attribute private key. Only users whose attributes satisfy the policy can obtain , and the smart contract credibly verifies this process. The revoked user cannot decrypt the ciphertext due to the lack of . We performed a rigorous security analysis of our scheme, encompassing confidentiality, collusion resistance, revocability, and blockchain, which collectively validate the robustness and security of our approach. What is more, we benchmarked our scheme against state‐of‐the‐art approaches in terms of storage, communication, and computation. The results demonstrate that our scheme maintains competitive performance across all metrics.