Cloud-assisted Internet of Things (IoT) provides resource-constrained IoT devices with powerful storage capabilities while also raising significant data privacy and security issues. Ciphertext-policy attribute-based encryption (CP-ABE) is widely used to protect the privacy and security of IoT data. However, the leakage of users’ long-term keys compromises the confidentiality of previously generated IoT data. In this paper, we propose a novel puncturable CP-ABE (Pt-CP-ABE) scheme based on the Learning with Errors (LWE) assumption. Pt-CP-ABE enables data owners to define access policies, thereby achieving fine-grained ciphertext access control. Furthermore, after decrypting the ciphertext, data users can update their private keys by themselves and revoke the decryption privileges of existing ciphertexts by puncturing the tags within the ciphertext. This ensures that even if the private key is compromised, the previously generated IoT data remains confidential, thereby achieving flexible forward security. We formalize the security definition for Pt-CP-ABE and prove the security of the Pt-CP-ABE scheme in the standard model. To the best of our knowledge, our Pt-CP-ABE scheme is the first CP-ABE scheme that supports flexible puncturing, forward security, and resistance to quantum computer attacks. Furthermore, by incorporating a revocation mechanism into our Pt-CP-ABE, we propose another Pt-CP-ABE scheme with user revocation functionality. Notably, this is the first ABE scheme to simultaneously achieve dual security guarantees of forward security and quantum resistance, along with user revocation.