In single-cloud storage, ciphertext-policy attribute-based encryption (CP-ABE) allows one to encrypt any data under an access structure to a cloud server, specifying what attributes are required to decrypt. In multi-cloud storage, a secret sharing scheme (SSS) allows one to split any data into multiple shares, one to a single server, and specify which subset of the servers are able to recover the data. It is an interesting problem to remove some attributes/servers but still enable the remaining attributes/servers in every authorized set to recover the data. The problem is related to the contraction problem of access structures for SSSs. In this paper, we propose a method that can efficiently transform a given SSS for an access structure to SSSs for contractions of the access structure. We show its applications in solving the attribute removal problem in the CP-ABE based single-cloud storage and the data relocating problem in multi-cloud storage. Our method results in solutions that require either less server storage or even no additional server storage.

翻译：在单云存储中，密文策略属性基加密(CP-ABE)允许用户在访问结构下加密任意数据并上传至云服务器，同时指定解密所需属性。在多云存储中，秘密共享方案(SSS)允许用户将任意数据分割为多个份额分别存储于不同服务器，并指定能够恢复数据的服务器子集。现有研究关注如何移除某些属性/服务器，同时仍使每个授权集中的剩余属性/服务器能够恢复数据，该问题与SSS中访问结构的收缩问题相关。本文提出一种高效方法，可将给定访问结构的SSS转化为该访问结构收缩后的SSS。我们展示了该方法在基于CP-ABE的单云存储属性移除问题与多云存储数据重定位问题中的应用。实验结果表明，该方法能够减少服务器存储开销，甚至无需额外存储空间。