An Expressive “Test-Decrypt-Verify” Attribute-Based Encryption Scheme With Hidden Policy for Smart Medical Cloud

With the rapid development of cloud computing and the Internet of Things, many companies or individuals store their data in the cloud server, which brings new challenges to the security and privacy. Although traditional encryption schemes could solve some problems, data owners (DOs) might lose the access control over the data, which is important in some specific application scenarios, such as the smart medical cloud system. In order to address these problems, some ciphertext-policy attribute-based encryption (CP-ABE) schemes have been proposed to protect the privacy and security of data; but these schemes still have the following defects: 1) most of the existing hidden policy CP-ABE schemes only enable restricted access structure, such as "AND" gate; 2) several schemes supporting flexible access control are inefficient in decryption, because most of them are constructed in the composite order bilinear group; and 3) many of the proposed schemes fail to check the correctness of decryption message. In this article, we construct a "test-decrypt-verify" CP-ABE scheme based on prime order bilinear group to solve the above-mentioned problems. The proposed scheme supports secure outsourcing decryption, because the return value is an intermediate value unrelated to the encapsulation value of message encrypted by the DO.