Multi-authority Attribute Based Encryption
In an identity based encryption scheme, each user is identified by a unique identity string. An attribute based encryption scheme (ABE), in contrast, is a scheme in which each user is identified by a set of attributes, and some function of those attributes is used to determine decryption ability for each ciphertext. Sahai and Waters introduced a single authority attribute encryption scheme and left open the question of whether a scheme could be constructed in which multiple authorities were allowed to distribute attributes [SW05]. We answer this question in the affirmative.
Our scheme allows any polynomial number of independent authorities to monitor attributes and distribute secret keys. An encryptor can choose, for each authority, a number d k and a set of attributes; he can then encrypt a message such that a user can only decrypt if he has at least d k of the given attributes from each authority k. Our scheme can tolerate an arbitrary number of corrupt authoritites.
We also show how to apply our techniques to achieve a multiauthority version of the large universe fine grained access control ABE presented by Gopal et al. [GPSW06].
KeywordsAccess Structure Central Authority Challenge Ciphertext Attribute Authority Master Secret
- [BB04]Boneh, D., Boyen, X.: Efficient selective-id secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 54–73. Springer, Heidelberg (2004)Google Scholar
- [Fel87]Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Proc. of FOCS, pp. 427–437 (1987)Google Scholar
- [SW05]Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)Google Scholar
- [Wat05]Waters, B.: Efficent identity based encryption without random oracles. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)Google Scholar