190 Int. J. Computational Science and Engineering, Vol. 20, No. 2, 2019 Copyright © 2019 Inderscience Enterprises Ltd. A privacy-preserving cloud-based data management system with efficient revocation scheme Shih-Chien Chang and Ja-Ling Wu* Department of Computer Science and Information Engineering, National Taiwan University, Taipei, Taiwan Email: patrickchang820815@gmail.com Email: wjl@cmlab.csie.ntu.edu.tw *Corresponding author Abstract: There are lots of data management systems, according to various reasons, designating their high computational work-loads to public cloud service providers. It is well-known that once we entrust our tasks to a cloud server, we may face several threats, such as privacy-infringement with regard to users’ attribute information; therefore, an appropriate privacy preserving mechanism is a must for constructing a secure cloud-based data management system (SCBDMS). To design a reliable SCBDMS with server-enforced revocation ability is a very challenging task even if the server is working under the honest-but-curious mode. In existing data management systems, privacy-preserving revocation service is seldom provided, especially when it is outsourced to a third party. In this work, with the aids of oblivious transfer and the newly proposed stateless lazy re-encryption (SLREN) mechanism, a SCBDMS, with secure, reliable and efficient server-enforced attribute revocation ability is built. Comparing with related works, our experimental results show that, in the newly constructed SCBDMS the storage-requirement of the cloud server and the communication overheads between cloud server and systems users are largely reduced, due to the nature of late involvement of SLREN. Keywords: privacy-preserving; lazy re-encryption; revocation. Reference to this paper should be made as follows: Chang, S-C. and Wu, J-L. (2019) ‘A privacy-preserving cloud-based data management system with efficient revocation scheme’, Int. J. Computational Science and Engineering, Vol. 20, No. 2, pp.190–199. Biographical notes: Shih-Chien Chang holds a Master degree in Computer Science and Engineering from National Taiwan University in 2017 and a Bachelor in Computer Science and Engineering from National Tsing Hua University in 2015. His research interests include cryptography, network protocol, and machine learning in encrypted domain. Ja-Ling Wu is a Lifetime Distinguished Professor in the Department of Computer Science and Information Engineering at the National Taiwan University, where he led the Graduate Institute of Networking and Multimedia from 2004–2007. His research interests include image/video compression, digital content analysis, digital watermarking, and data security and privacy. He holds a PhD in Electrical Engineering from the Tatung Institute of Technology. He was elected as an IEEE fellow in 2008 for his contributions to image and video analysis, coding, digital watermarking, and rights management. This paper is a revised and expanded version of a paper entitled ‘A privacy-preserving cloud-based data management system with efficient revocation scheme’ presented at the 18th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT’17): Special Issue on: ‘Parallel Computations and Applications’, Taipei Taiwan, 18–20 December 2017. 1 Introduction In recent years, the privacy issue is getting more and more attention in the access control of a data management system. When a data owner uploads his or her sensitive data to a public cloud, he or she wants to restrict users such that only those who are permissible to access those data can do the download work. One of the well-known access control mechanisms is the ciphertext-policy attribute-based encryption (CP-ABE) (Bethencourt et al., 2007), which allows a user to set up an access policy to describe what kinds of system users are able to access his or her sensitive data, and the policy is always saved on an authority site. This kind of system can be applied to many scenarios such as business management of a company and course enrolment system of a university. Under this scenario, one should consider the situation if an employee is retired from the company or a student drops a pre-selected course. In general, this employee should not