With the emergence of many new application scenarios, secure data sharing in the system has become a critical issue. In traditional encryption, data can only be shared securely through one-to-one, but this is too slow for today's fast data-sharing environment. Therefore, an attribute-based encryption can hopefully solve this problem. In the attribute-based encryption environment, the data owner can set the access structure to share the data, which is close to the traditional access control. At the same time, the data can be shared with the users who match the access structure at one time; This effectively solves the problem of the traditional encryption where data can only be shared on a one-to-one. However, there are still some challenges in the domain of an attribute-based encryption; for example, the key generation center can generate all attribute keys, so it has ability to decrypt all ciphertexts, which leads to the risk of privacy of ciphertexts. Therefore, a key escrow protocol is proposed as a solution to the problem of an attribute-based encryption. In our protocol, the data owner can prevent the malicious behavior of the fully trusted server by the Shamir secret sharing scheme. In addition, we transfer part of the computation from the data owner to the cloud to reduce the computation cost on the data owner's device. At the same time, we provide the formal security proof to prove that our protocol is secure.

With the emergence of many new application scenarios, secure data sharing in the system has become a critical issue. In traditional encryption, data can only be shared securely through one-to-one, but this is too slow for today's fast data-sharing environment. Therefore, an attribute-based encryption can hopefully solve this problem. In the attribute-based encryption environment, the data owner can set the access structure to share the data, which is close to the traditional access control. At the same time, the data can be shared with the users who match the access structure at one time; This effectively solves the problem of the traditional encryption where data can only be shared on a one-to-one. However, there are still some challenges in the domain of an attribute-based encryption; for example, the key generation center can generate all attribute keys, so it has ability to decrypt all ciphertexts, which leads to the risk of privacy of ciphertexts. Therefore, a key escrow protocol is proposed as a solution to the problem of an attribute-based encryption. In our protocol, the data owner can prevent the malicious behavior of the fully trusted server by the Shamir secret sharing scheme. In addition, we transfer part of the computation from the data owner to the cloud to reduce the computation cost on the data owner's device. At the same time, we provide the formal security proof to prove that our protocol is secure.

[1] J. Nechvatal, Public-key cryptography, en, 1991. DOI: https://doi.org/10.
6028/NIST.SP.800-2.
[2] R. Chen et al., “Server-aided public key encryption with keyword search,” IEEE
Transactions on Information Forensics and Security, vol. 11, no. 12, pp. 2833–
2842, 2016. DOI: 10.1109/TIFS.2016.2599293.
[3] P. Xu et al., “Public-key encryption with fuzzy keyword search: A provably secure
scheme under keyword guessing attack,” IEEE Transactions on Computers, vol. 62,
no. 11, pp. 2266–2277, 2013. DOI: 10.1109/TC.2012.215.
[4] D. Boneh et al., “Public key encryption with keyword search,” in International
conference on the theory and applications of cryptographic techniques, Springer,
2004, pp. 506–522.
[5] S. Alshehri et al., “Secure access for healthcare data in the cloud using ciphertextpolicy
attribute-based encryption,” in 2012 IEEE 28th international conference on
data engineering workshops, IEEE, 2012, pp. 143–146.
[6] C. Guo et al., “Fine-grained database field search using attribute-based encryption
for e-healthcare clouds,” Journal of medical systems, vol. 40, no. 11, pp. 1–8, 2016.
[7] K Sowjanya et al., “A ciphertext-policy attribute based encryption scheme for
wireless body area networks based on ecc,” Journal of Information Security and
Applications, vol. 54, p. 102 559, 2020.
[8] Y. Tian et al., “An attribute-based encryption scheme with revocation for finegrained
access control in wireless body area networks,” International Journal of
Distributed Sensor Networks, vol. 10, no. 11, p. 259 798, 2014.
[9] X. Wang et al., “Performance evaluation of attribute-based encryption: Toward data
privacy in the iot,” in 2014 IEEE International Conference on Communications
(ICC), IEEE, 2014, pp. 725–730.
[10] M. Rasori et al., “A lightweight and scalable attribute-based encryption system for
smart cities,” Computer Communications, vol. 149, pp. 78–89, 2020.
[11] ——, “Abe-cities: An attribute-based encryption system for smart cities,” in 2018
IEEE International Conference on Smart Computing (SMARTCOMP), IEEE, 2018,
pp. 65–72.
[12] N. Chen et al., “Secure, selective group broadcast in vehicular networks using
dynamic attribute based encryption,” in 2010 The 9th IFIP Annual Mediterranean
Ad Hoc Networking Workshop (Med-Hoc-Net), IEEE, 2010, pp. 1–8.
[13] D. Huang et al., “Aspe: Attribute-based secure policy enforcement in vehicular ad
hoc networks,” Ad Hoc Networks, vol. 7, no. 8, pp. 1526–1535, 2009.
[14] A. Sahai et al., “Fuzzy identity-based encryption,” in Annual international
conference on the theory and applications of cryptographic techniques, Springer,
2005, pp. 457–473.
[15] V. Goyal et al., “Attribute-based encryption for fine-grained access control of
encrypted data,” in Proceedings of the 13th ACM conference on Computer and
communications security, 2006, pp. 89–98.
[16] N. Attrapadung et al., “Expressive key-policy attribute-based encryption with
constant-size ciphertexts,” in International workshop on public key cryptography,
Springer, 2011, pp. 90–108.
[17] J. Bethencourt et al., “Ciphertext-policy attribute-based encryption,” in 2007 IEEE
symposium on security and privacy (SP’07), IEEE, 2007, pp. 321–334.
[18] B. Waters, “Ciphertext-policy attribute-based encryption: An expressive, efficient,
and provably secure realization,” in International workshop on public key
cryptography, Springer, 2011, pp. 53–70.
[19] J. Baek et al., “A secure cloud computing based framework for big data information
management of smart grid,” IEEE transactions on cloud computing, vol. 3, no. 2,
pp. 233–244, 2014.
[20] C.-K. Chu et al., “Security concerns in popular cloud storage services,” IEEE
Pervasive Computing, vol. 12, no. 4, pp. 50–57, 2013.
[21] K. Liang et al., “A dfa-based functional proxy re-encryption scheme for secure
public cloud data sharing,” IEEE Transactions on Information Forensics and
Security, vol. 9, no. 10, pp. 1667–1680, 2014.
[22] K. Liang et al., “A secure and efficient ciphertext-policy attribute-based proxy reencryption
for cloud data sharing,” Future Generation Computer Systems, vol. 52,
pp. 95–108, 2015.
[23] K. Liang et al., “An efficient cloud-based revocable identity-based proxy reencryption
scheme for public clouds data sharing,” in European symposium on
research in computer security, Springer, 2014, pp. 257–272.
[24] M. Chase et al., “Improving privacy and security in multi-authority attributebased
encryption,” in Proceedings of the 16th ACM conference on Computer and
communications security, 2009, pp. 121–130.
[25] S. S. Chow, “Removing escrow from identity-based encryption,” in International
workshop on public key cryptography, Springer, 2009, pp. 256–276.
[26] M. Belenkiy et al., “Randomizable proofs and delegatable anonymous credentials,”
in Annual International Cryptology Conference, Springer, 2009, pp. 108–125.
[27] S. Wang et al., “Attribute-based data sharing scheme revisited in cloud computing,”
IEEE Transactions on Information Forensics and Security, vol. 11, no. 8, pp. 1661–
1673, 2016.
[28] U. S. Varri et al., “Key-escrow free attribute-based multi-keyword search with
dynamic policy update in cloud computing,” in 2020 20th IEEE/ACM International
Symposium on Cluster, Cloud and Internet Computing (CCGRID), IEEE, 2020,
pp. 450–458.
[29] J. Hur, “Improving security and efficiency in attribute-based data sharing,” IEEE
transactions on knowledge and data engineering, vol. 25, no. 10, pp. 2271–2282,
2011.
[30] J.-P. Berrut et al., “Barycentric lagrange interpolation,” SIAM review, vol. 46, no. 3,
pp. 501–517, 2004.
[31] A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11,
pp. 612–613, 1979.
[32] D. Boneh et al., “Identity-based encryption from the weil pairing,” in Annual
international cryptology conference, Springer, 2001, pp. 213–229.
[33] D. Boneh et al., “Identity-based encryption from the weil pairing,” SIAM journal
on computing, vol. 32, no. 3, pp. 586–615, 2003.
[34] B. Waters, “Efficient identity-based encryption without random oracles,” in
Annual International Conference on the Theory and Applications of Cryptographic
Techniques, Springer, 2005, pp. 114–127.
[35] R. Canetti et al., “Chosen-ciphertext security from identity-based encryption,”
in International conference on the theory and applications of cryptographic
techniques, Springer, 2004, pp. 207–222.
[36] A. Beimel et al., “Secure schemes for secret sharing and key distribution,” 1996.
[37] S. Goldwasser et al., “Probabilistic encryption,” Journal of computer and system
sciences, vol. 28, no. 2, pp. 270–299, 1984.
[38] Z. Li et al., “Performance of finite field arithmetic in an elliptic curve
cryptosystem,” in MASCOTS 2001, Proceedings Ninth International Symposium on
Modeling, Analysis and Simulation of Computer and Telecommunication Systems,
IEEE, 2001, pp. 249–256.
[39] K. Takashima, “Scaling security of elliptic curves with fast pairing using
efficient endomorphisms,” IEICE Transactions on Fundamentals of Electronics,
Communications and Computer Sciences, vol. 90, no. 1, pp. 152–159, 2007.
[40] K. Lauter, “The advantages of elliptic curve cryptography for wireless security,”
IEEE Wireless communications, vol. 11, no. 1, pp. 62–67, 2004.
[41] C.-I. Fan et al., “Cca-secure attribute-based encryption supporting dynamic
membership in the standard model,” in 2021 IEEE Conference on Dependable and
Secure Computing (DSC), IEEE, 2021, pp. 1–8.