Access control and key update are crucial for secure data sharing. Currently, many access control strategies have been proposed to address unauthorized access and privacy breaches. However, these strategies typically focus only on the unilateral access control of data requesters, potentially failing to prevent unauthorized individuals from maliciously publishing data. Additionally, existing key update schemes rely on trusted key generation center (KGC) and have significant performance limitations, which are not practical.
To solve the problems, a research team led by Fuyuan Song published their new research on 15 June 2025 in Frontiers of Computer Science co-published by Higher Education Press and Springer Nature.
The team proposed a Secure and Fine-Grained Data Sharing (SFDS) scheme with bilateral access control and non-interactive key update. In SFDS, both data providers (DP) and data requesters (DR) are required to design encrypted attribute-based access policies for bilateral access control, ensuring that only authorized entities can upload or access data. In addition, we utilize puncturable encryption for non-interactive key update, without the involvement of the KGC. The experimental evaluation demonstrates that SFDS outperforms the state-of-the-art scheme in terms of key generation, key puncture, and data decryption.
In our scheme, KGC initiates the process by generating PK and MSK through a key generation algorithm. After generating PK and MSK, KGC securely transmits PK and MSK to DP. After that, DP utilizes PK, plaintext M, and label list t₁,t₂,…,t_d as inputs to encrypt the dataset. DP sends the encrypted dataset and access tree to CS. For bilateral access control, DP must transfer its attribute set, denoted as ω_DR, to CS. By doing this, CS utilizes the access policy T_DR designed by DR to verify whether DP is an authorized user. Similarly, CS must employ the access policy T_DP established by DP to authenticate the attribute set ω_DR of DR. After authentication, CS sends a tag to DP, where the tag being true if DR is an authorized user, and false otherwise. If the tag is confirmed as true, DP proceeds key puncturable algorithm and promptly transmits the puncture key to DR. Finally, DR uses the puncture key to decrypt the ciphertext and obtain the desired data.
In future work, we will focus on privacy-preserving data sharing with temporal access control in mobile computing environments.

DOI: 10.1007/s11704-024-40279-z