Published November 30, 2025 | Version CC-BY-NC-ND 4.0
Journal article Open

Ring-LWE Identity-Based Encryption with Dynamic Revocation for Cloud Data Sharing

Authors/Creators

  • 1. Department of Computer Science, University of Cape Coast, Cape Coast, Ghana.

Contributors

Contact person:

  • 1. Department of Computer Science, University of Cape Coast, Cape Coast, Ghana.
  • 2. Department of Computer Science, Ho Technical University, Ho, Ghana.

Description

Abstract: Cloud storage faces significant security and access control challenges due to reduced user oversight and the emerging threat of quantum computing to traditional cryptographic methods. Existing revocable Identity-Based Encryption (IBE) schemes are limited by their lack of postquantum security, inefficient revocation mechanisms that require re-encryption of data, and cumbersome key update procedures. We propose a post-quantum secure Ring-LWE IBE scheme with dynamic time-based revocation tailored for cloud environments. Our solution is built on the hardness of the Ring Learning with Errors (RLWE) problem to ensure quantum resistance and introduces a novel time-based revocation framework. In our approach, user access is bound to discrete periods and managed through a hierarchical binary tree structured over identities and time. This design eliminates the need to re-encrypt stored data upon user revocation. Instead, a trusted authority periodically distributes lightweight key updates exclusively to non-revoked users. Thanks to the binary tree structure, non-revoked users can compute updated decryption keys with only O (log Nₘₐₓ) overhead in both computation and communication, where Nₘₐₓ is the maximum number of users or periods. Revoked users, having no access to future updates, lose decryption capabilities. We provide formal security proofs showing the scheme’s resistance against adaptive identity and time-period-based attacks, grounded in the RLWE assumption. Overall, our scheme offers an effective combination of post-quantum security, efficient access control, and simplified key management, making it suitable for secure cloud data sharing in the quantum era.

Files

B144105021125.pdf

Files (964.2 kB)

Name Size Download all
md5:ab538525045aadea62356341469d2298
964.2 kB Preview Download

Additional details

Identifiers

DOI
10.54105/ijcns.B1441.05021125
EISSN
2582-9238

Dates

Accepted
2025-11-15
Manuscript received on 09 June 2025 | First Revised Manuscript received on 04 July 2025 | Second Revised Manuscript received on 16 October 2025 | Manuscript Accepted on 15 November 2025 | Manuscript published on 30 November 2025.

References

  • Mark Russinovich. Confidential computing: Elevating cloud security and privacy. Commun. ACM, 67(1):52–53, 2024. DOI: https://doi.org/10.1145/3624577.
  • Nabeil Eltayieb, Rashad Elhabob, Abdeldime M. S. Abdelgader, Yongjian Liao, Fagen Li, and Shijie Zhou. Certificateless Proxy ReEncryption with Cryptographic Reverse Firewalls for Secure Cloud Data Sharing. Future Gener. Comput. Syst., 162:107478, 2025. . URL DOI: https://doi.org/10.1016/j.future.2024.08.002
  • Tarun Kumar, Prabhat Kumar, and Suyel Namasudra. User revocationenabled access control model utilising identity-based signatures in a cloud computing environment. Int. J. Interact. Multim. Artif. Intell., 9(1): 127, 2024. DOI: https://doi.org/10.9781/ijimai.2024.05.001
  • Rouzbeh Behnia, Attila A. Yavuz, Muslum Ozgur Ozmen, and Tsz Hon Yuen. Compatible Certificateless and Identity-Based Cryptosystems for Heterogeneous IoT, 2021. DOI: https://arxiv.org/abs/2103.09345
  • Qi Yuan, Hao Yuan, Jing Zhao, Meitong Zhou, Yue Shao, Yanchun Wang, and Shuo Zhao. Distributed identity authentication with Lenstra-Lenstra Lovász algorithm, ciphertext policy attribute-based encryption from lattices: An efficient approach based on the ring learning with errors problem. Entropy, 26(9), 729, 2024. DOI: https://doi.org/10.3390/e26090729
  • Yang Yang, Jianguo Sun, Zechao Liu, and Yuqing Qiao. Practical revocable and multi-authority CP-ABE scheme from RLWE for cloud computing. J. Inf. Secur. Appl., 65:103108, 2022. DOI: https://doi.org/10.1016/j.jisa.2022103108.
  • Mamatha, G. S., Dimri, N., & Sinha, R. Post-Quantum Cryptography: Securing Digital Communication in the Quantum Era. arXiv preprint arXiv:2403.1174. DOI: https://doi.org/10.48550/arXiv.2403.11741
  • Goichiro Hanaoka and Shota Yamada. A survey on identity-based encryption from lattices. In Tsuyoshi Takagi, Masato Wakayama, Keisuke Tanaka, Noboru Kunihiro, Kazufumi Kimoto, and Dung Hoang Duong, editors, Mathemati-17cal Modelling for NextGeneration Cryptography: CREST Crypto-Math Project, Mathematics for Industry, pages 349–365. Springer Singapore, 2017. DOI: https://doi.org/10.1007/978-981-10-5065-719
  • Juyan Li, Jialiang Peng, and Zhiqi Qiao. A ring learning with errorsbased ciphertext-policy attribute-based proxy re-encryption scheme for secure big data sharing in a cloud environment. Big Data, 12(5), 357– 366, 2024. DOI: https://doi.org/10.1089/big.2021.0301
  • Ximing Li, Hao Wang, and Sha Ma. An efficient ciphertext-policy weighted attribute-based encryption with collaborative access for cloud storage. Comput. Stand. Interfaces, 91:103872, 2025. DOI: https://doi.org/10.1016/j.csi.2024.103872
  • Oumaima Ghandour, Said El Kafhali, and Mohamed Hanini. Scalability performance analysis of computing resources in cloud computing data centres. J. Grid Comput., 21(4):61, 2023. DOI: https://doi.org/10.1007/s10723-023-09696-5
  • Zhen Zhao, Baocang Wang, and Wen Gao. Identity-based encryption with equality test supporting accountable authorization in cloud computing. J. Comput. Sci. Technol., 40(1): 215–228, 2025. DOI: https://doi.org/10.1007/s11390-024-2933-y
  • Nabeil Eltayieb, Rashad Elhabob, Abdeldime M. S. Abdelgader, Yongjian Liao, Fagen Li, and Shijie Zhou. Certificateless Proxy ReEncryption with Cryptographic Reverse Firewalls for Secure Cloud Data Sharing. Future Gener. Comput. Syst., 162:107478, 2025. DOI: https://doi.org/10.1016/j.future.2024.08.002.
  • Rouzbeh Behnia, Attila A. Yavuz, Muslum Ozgur Ozmen, and Tsz Hon Yuen. Compatible Certificateless and Identity-Based Cryptosystems for Heterogeneous IoT, 2021. DOI: https://arxiv.org/abs/2103.09345
  • Tarun Kumar, Prabhat Kumar, and Suyel Namasudra. User revocation-enabled access control model utilising identity-based signatures in a cloud computing environment. Int. J. Interact. Multim. Artif. Intell., 9(1): 127, 2024. DOI: https://doi.org/10.9781/ijimai.2024.05.001.
  • Mikael Carmona, Doryan Lesaignoux, and Antoine Loiseau. On the Implementation of a Lattice-Based Revocable Hierarchical IBE. In Sabrina De Capitani di Vimercati and Pierangela Samarati, editors, Proceedings of the 20th International Conference on Security and Cryptography, SECRYPT 2023, Rome, Italy, July 10-12, 2023, pages 617–623. SCITEPRESS, 2023. DOI: https://doi.org/10.5220/0012047800003555
  • Yuri Lucas Direbieski, Hiroki Tanioka, Kenji Matsuura, Hironori Takeuchi, Masahiko Sano, and Tetsushi Ueta. Security Impact Analysis of Degree of Field Extension in Lattice Attacks on Ring-LWE Problem. In Hossain Shahriar, Yuuichi Teranishi, Alfredo Cuzzocrea, Moushumi Sharmin, Dave Towey, A. K. M. Jahangir Alam Majumder, Hiroki Kashiwazaki, Ji-Jiang Yang, Michiharu Takemoto, Nazmus Sakib, Ryohei Banno, and Sheikh Iqbal Ahamed, editors, 47th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2023, Torino, Italy, June 26-30, 2023, pages 1441–1446. IEEE, 2023. DOI: https://doi.org/10.1109/COMPSAC57700.2023.00221
  • Cecilia Boschini, Darya Kaviani, Russell W. F. Lai, Giulio Malavolta, Akira Takahashi, and Mehdi Tibouchi. Ringtail: Practical two-round threshold signatures from learning with errors. IACR Cryptol. ePrint Arch., page 1113, 2024. URL https://eprint.iacr.org/2024/1113
  • Dana Dachman-Soled, Huijing Gong, Mukul Kulkarni, and Aria Shahverdi. (in)Security of Ring-LWE under Partial Key Exposure. J. Math. Cryptol., 15(1): 72–86, 2021. DOI: https://doi.org/10.1515/jmc-2020-0075.
  • Qi Yuan, Hao Yuan, Jing Zhao, Meitong Zhou, Yue Shao, Yanchun Wang, and Shuo Zhao. Distributed identity authentication with Lenstra-Lenstra-Lovász algorithm, ciphertext policy attribute-based encryption from lattices: An efficient approach based on the ring learning with errors problem. Entropy, 26(9), 729, 2024. DOI: https://doi.org/10.3390/e26090729.
  • Yixin Jiang, Chuang Lin, Minghui Shi, and Xuemin (Sherman) Shen. Hash-BinaryTree Based Group Key Distribution with Time-Limited Node Revocation, pages 339–366. 2007. https://uwaterloo.ca/broadband-communications-researchlab/publications/hash-binary-tree-based-group-key-distribution-timelimited
  • Ximing Li, Hao Wang, and Sha Ma. An efficient ciphertext-policy weighted attribute-based encryption with collaborative access for cloud storage. Comput. Stand. Interfaces, 91:103872, 2025. DOI: https://doi.org/10.1016/j.csi.2024 .103872.
  • Hua Deng, Hui Yin, Zheng Qin, Lu Ou, Fangmin Li, and Ningchao Ge. Toward Fine-Grained and Forward-Secure Access Control in CloudAssisted IoT. IEEE Internet Things J., 11(22):36569–36580, 2024. DOI: https://doi.org/10.1109/JIOT .2024.3423367.
  • Dan Brownstein, Shlomi Dolev, and Niv Gilboa. Broadcast encryption with both temporary and permanent revocation. In Stabilization, Safety, and Security of Distributed Systems, pages 469–483. Springer, 2017. https://dblp.org/pid/d/ShlomiDolev