SUMMARYDesigning secure revocable storage systems for a large number of users in a cloud-based environment is important. Cloud storage systems should allow its users to dynamically join and leave the storage service. Further, the rights of the users to access the data should be changed accordingly. Recently, Liang et al. proposed a cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation and delegation of decryption rights. Moreover, to reduce the size of the key update token, they employed a public key broadcast encryption system as a building block. In this paper, we show that the CR-IB-PRE scheme with the reduced key update token size is not secure against collusion attacks. key words: revocable identity-based encryption, key revocation, cloudbased identity-based proxy re-encryption, ciphertext update