Abstract: In order to solve the problem of security and attribute revocation caused by which directly introduce the CP-ABE scheme into the cloud access control. This paper proposes a multi authority attribute revocation scheme（RMCP-ABE）, through the use of logic two binary trees and each attribute of proxy reencryption methods to ensure the security attributes revocation process, flexibility and fine granularity of attribute revocation, and reduce the computational overhead of the data. The scheme introduces a multi authorization center model to avoid the threat of the authorization center being broken or collusion, and improves the operation efficiency. The security analysis and experimental analysis show that the security of the scheme is consistent with the traditional CP-ABE algorithm, and the cost is lower than that of other attribute revocation schemes.

Key words: Ciphertext-Policy Attribute-Based Encryption（CP-ABE）, attribute revocation, logical binary tree, multiple authorization centers

摘要： 直接将密文属性基加密（CP-ABE）运用于云环境中，将造成云访问控制的安全和计算开销问题。为此，提出一种支持多授权中心的属性撤销方案（RMCP-ABE），通过采用逻辑二叉树和每属性代理重加密等方法，保证了属性撤销过程中的安全性，属性撤销的即时性、灵活性和细粒度，降低了数据属主的计算开销。方案引入了多授权中心模型，避免授权中心被攻破或者合谋的威胁，并提高了运行效率。安全性和实验分析表明，该算法安全性与传统CP-ABE算法一致，同时与其他属性撤销方案相比开销更低。

关键词: 密文属性基加密（CP-ABE）, 属性撤销键, 逻辑二叉树, 多授权中心