Sherman Chow

Improving Privacy and Security in Multi-Authority Attribute-Based Encryption

Sherman Chow and Mellisa Chase

Attribute based encryption (ABE) determines decryption ability based on a user's
attributes. In a multi-authority ABE scheme, multiple attribute-authorities 
monitor different sets of attributes and issue corresponding decryption keys to
users, and encryptors can require that a user obtain keys for appropriate 
attributes from each authority before decrypting a message. Chase [TCC07] gave a
multi-authority ABE scheme using the concepts of a trusted central authority (CA) 
and global identifiers (GID). However, the CA in that construction has the power 
to decrypt every ciphertext, which seems somehow contradictory to the original 
goal of distributing control over many potentially untrusted authorities.
Moreover, in that construction, the use of a consistent GID allowed the
authorities to combine their information to build a full profile with all of a 
user's attributes, which unnecessarily compromises the privacy of the user. In 
this paper, we propose a solution which removes the trusted central authority, 
and protects the users' privacy by preventing the authorities from pooling their 
information on particular users, thus making ABE more usable in practice.