PH-MG-ABE: A Flexible Policy-Hidden Multigroup Attribute-Based Encryption Scheme for Secure Cloud Storage

Ciphertext-policy attribute-based encryption (CP-ABE) has attracted significant attention due to its fine-grained access control capabilities, which are highly compatible with cloud computing. Most enterprises utilizing cloud storage technology consist of multiple user groups. However, the current multigroup CP-ABE scheme may pose a risk of sensitive information leakage due to the plaintext access policy mechanisms. To mitigate this issue, it is necessary to conceal access policies. In this article, we propose a flexible policy-hidden multigroup attribute-based encryption (PH-MG-ABE) scheme that enables unique multigroup operations, such as group merging and splitting without affecting user keys. Each attribute in the access policy is divided into attribute values and attribute names. The proposed scheme achieves partial policy hiding by concealing the attribute values. Our scheme allows to directly revoke and join arbitrary numbers of users. In order to reduce the local decryption burden for users, the heavy decryption tasks are outsourced to cloud servers and correctness of the outsourced decryption is verifiable. We prove that our scheme is indistinguishable against under chosen plaintext attacks secure (IND-CPA) based on the decisional q-bilinear Diffie-Hellman exponent assumption. In addition, the proposed scheme appears to be efficient through the performance evaluation.