Cloud computing has been widely accepted as a computing paradigm to offer high-quality data services on demand. However, it suffers from various attacks as the cloud service provider and data owners are not in the same trusted domain. To support data confidentiality, existing cloud-based systems apply cryptographic tools to issue the decryption key to data users to share data in a controlled way. However, fine-grained cloud data sharing still faces many challenges, especially when dealing with dynamic user groups. In this paper, we introduce a secure and efficient cloud-based data-sharing system with fine-grained access control and dynamic user groups. Our system enjoys 1) adaptive security in prime-order groups, 2) forward secrecy against revoked user fetches data generated before being revoked, and 3) decryption key exposure resistance against the compromise of the frequently used decryption key, where the previous solutions only concentrate on one or two above-mentioned properties. More specifically, we introduce two timestamp management mechanisms that manage the timestamp in each ciphertext to support dynamic user groups with forward secrecy. By applying the proposed timestamp management mechanisms, we introduce two novel designs of attribute-based encryption schemes with formal definition and security analyses. The proposed schemes are adaptively secure in prime-order groups under a standard assumption and support decryption key exposure resistance. We conduct theoretical analysis and experimental simulation to demonstrate the outperformance of our solutions.