Ring-LWE Identity-Based Encryption with Dynamic Revocation for Cloud Data Sharing
Gabriel Assamah1, Alimatu Latiff Y2, Benjamin Appiah3, Regina Esi T4, Emmanuel Derry5
1Gabriel Assamah, Department of Computer Science, University of Cape Coast, Cape Coast, Ghana.
2Alimatu Latiff Yussif, Department of Computer Science, University of Cape Coast, Cape Coast, Ghana.
3Benjamin Appiah, Department of Computer Science, Ho Technical University, Ho, Ghana.
4Regina Esi Turkson, Department of Computer Science, University of Cape Coast, Cape Coast, Ghana.
5Emmanuel Derry, Department of Computer Science, University of Cape Coast, Cape Coast, Ghana.
Manuscript received on 09 June 2025 | First Revised Manuscript received on 04 July 2025 | Second Revised Manuscript received on 16 October 2025 | Manuscript Accepted on 15 November 2025 | Manuscript published on 30 November 2025 | PP: 1-11 | Volume-5 Issue-2, November 2025 | Retrieval Number: 100.1/ijcns.B144105021125 | DOI: 10.54105/ijcns.B1441.05021125
Open Access | Ethics and Policies | Cite | Zenodo | OJS | Indexing and Abstracting
© The Authors. Published by Lattice Science Publication (LSP). This is an open-access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Cloud storage faces significant security and access control challenges due to reduced user oversight and the emerging threat of quantum computing to traditional cryptographic methods. Existing revocable Identity-Based Encryption (IBE) schemes are limited by their lack of postquantum security, inefficient revocation mechanisms that require re-encryption of data, and cumbersome key update procedures. We propose a post-quantum secure Ring-LWE IBE scheme with dynamic time-based revocation tailored for cloud environments. Our solution is built on the hardness of the Ring Learning with Errors (RLWE) problem to ensure quantum resistance and introduces a novel time-based revocation framework. In our approach, user access is bound to discrete periods and managed through a hierarchical binary tree structured over identities and time. This design eliminates the need to re-encrypt stored data upon user revocation. Instead, a trusted authority periodically distributes lightweight key updates exclusively to non-revoked users. Thanks to the binary tree structure, non-revoked users can compute updated decryption keys with only O (log Nₘₐₓ) overhead in both computation and communication, where Nₘₐₓ is the maximum number of users or periods. Revoked users, having no access to future updates, lose decryption capabilities. We provide formal security proofs showing the scheme’s resistance against adaptive identity and time-period-based attacks, grounded in the RLWE assumption. Overall, our scheme offers an effective combination of post-quantum security, efficient access control, and simplified key management, making it suitable for secure cloud data sharing in the quantum era.
Keywords: IBE, Post-Quantum Cryptography, Ring-LWE, Time-based Revocation, Secure Cloud Storage.
Scope of the Article: Cryptographic Algorithms