As more sensitive data is shared and stored by third-party sites on the internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data is that it can be selectively shared only at a coarse-grained level. Attribute based encryption is a public-key-based one-to-many encryption that allows users to encrypt and decrypt data based on user attributes. A promising application of ABE is flexible access control of encrypted data stored in the cloud using access

more »

... cies and ascribed attributes associated with private keys and cipher texts. This functionality comes at a cost. In typical implementation, the size of the cipher text is proportional to the number of attributes associated with it and the decryption time is proportional to the number of attributes used during decryption. Specially, many practical ABE implementations require one pairing operation per attribute used during decryption. One of the main efficiency drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grows with the complexity of the access policy. Recently green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users. tn such a system a user provides an untrusted server, say a cloud to translate any ABE cipher text satisfied by that users attributes or access policy into a simple ciphertext and it only incurs a small computational overhead for the users to recover the plaintext from the transformed ciphertext. Security of an ABE system with outsourced decryption ensures that an adversary will not be able to learn anything about the encrypted message; however it does not guarantee the correctness of the transformation done by the cloud. In this Project we consider a new requirement of ABE with outsourced decryption: verifiability. Informally, verifiability guarantees that a user can effectively check if the transformation is done correctly.