Abstract: Aiming at the access structure of attribute-based encryption, this paper proposes an attribute-based encryption scheme that supports complex access policies. The scheme uses reduced ordered binary decision diagrams (ROBDDs) as the access structure, where a user's attribute set corresponds to a path in the ROBDD. The ROBDD can not only represent any Boolean function about attri- butes, but also reduce valid paths by simplifying nodes in the access structure, thereby preventing interference from irrelevant attributes and reducing the computational cost in the encryption phase. By integrating effective path feature values into Boolean functions, the ciphertext does not need to store multiple effective path feature values in complex access policies, reducing the storage cost of the ciphertext. The scheme outsources attribute authentication computation to the decryption server, reducing the local computation cost of users in the decryption phase, and uses group element exponentiation instead of bilinear pairing to reduce the computational cost of the scheme. The security model proves that the scheme is IND-CPA secure, and performance analysis and experimental simulation show that the proposed scheme has lower computational and storage costs.

Key words: attribute-based encryption, reduced ordered binary decision diagram (ROBDD), complex access policies, lightweight computing