Revocable Certificateless Public Key Encryption with Outsourced Semi-trusted Cloud Revocation Agent

Certificateless public key cryptography (CL-PKC) not only eliminates the need for certificates in traditional certificate-based PKC but also solves the inherent key escrow problem in identity-based PKC. However, an unsolved but critical issue in CL-PKC is how to revoke a misbehaving user. Some revocable certificateless public key encryption (RCL-PKE) schemes have been proposed, but these schemes have two main drawbacks: 1) public key uniqueness is not guaranteed, thus allowing the existence of multiple copies of each initial secret key. 2) The existing outsourced RCL-PKE schemes place excessive trust in the cloud server, which may continue to update decryption keys stealthily for misbehaving users. In this paper, we address these issues by proposing a novel RCL-PKE with semi-trusted cloud revocation agents (s-CRAs). We describe the framework and the security model for the RCL-PKE with s-CRA and prove that the proposed scheme is semantically secure against adaptive chosen-ciphertext attacks under the bilinear Diffie-Hellman assumption in the random oracle model. Furthermore, we compare the proposed scheme with previous RCL-PKE schemes in terms of performance and robustness. The evaluation results show that the proposed scheme achieves public key uniqueness and reliable revocation flexibility at low computational and communication costs.