Online/offline unbounded multi-authority attribute-based encryption for data sharing in mobile cloud computing.

In order to realize attribute‐based data sharing in cloud computing, multi‐authority attribute‐based encryption (MA‐ABE) is extremely attractive. However, most of the existing MA‐ABE schemes cannot support a fully large attribute universe and are not suitable for resource‐constrained mobile data owners in that the computation cost in secret key generation and encryption is extremely heavy. To tackle the earlier challenges, we propose an online/offline MA‐ABE scheme, which realizes both the online/offline secret key generation and the online/offline encryption while supporting a fully large attribute universe. In the offline phase, one global‐identity authority and multiple attribute authorities do the majority of the work to issue attribute secret keys before knowing users' global identity and attributes. The data owner can perform most of the encryption computation tasks before knowing the actual message and access structure. Furthermore, the online phase can rapidly assemble the final decryption key and ciphertexts when related specifications become known. Particularly, global‐identity authority and attribute authorities need not to cooperate in the whole process. Our online/offline MA‐ABE scheme allows the access policies encoded in linear secret sharing schemes. The formal selective security proof and extensive performance analysis indicate that our scheme is very suitable for data sharing in mobile cloud computing. Copyright © 2016 John Wiley & Sons, Ltd.