Secure and Customized Data Sharing with Identical Sub-Policy and Bilateral Access Control

Customized data sharing enables data owners to define access policies tailored to users’ specific preferences, while users can selectively acquire data of interest from designated owners. In cloud storage scenarios, outsourced data are encrypted and often governed by identical sub-policies that are frequently accessed by users. However, most existing schemes commonly suffer from limitations such as one-sided access control, inefficient decryption, or privacy leakage, rendering them inadequate for effectively addressing these issues. In this paper, we propose a secure and customized data sharing scheme with identical sub-policy and bilateral access control (CSAC) for cloud storage. We leverage the technique of Secure Set Membership Test (SSMT) to enable bilateral access control, supporting privacy-preserving preference matching and customized data sharing. To improve the efficiency of data sharing and decryption, we design an attribute-based access control mechanism that enables users to locally store identical sub-policy parameters. By reusing these parameters in subsequent decryptions, CSAC eliminates redundant decryption operations and significantly reduces computational overhead. Security analysis demonstrates that CSAC is semantically secure under the chosen-plaintext attack model, preserving the confidentiality of shared data, user preferences, and preference matching information. Experimental results show that CSAC achieves nearly a 4× improvement in decryption performance compared with the state-of-the-art scheme, particularly when accessing a large proportion of data.