Hierarchical policy delegation in multiple-authority ABE

We present HM-ABE, a hierarchical multi-authority attributebased encryption scheme with policy delegation, that generalizes current work significantly. Current methods require encryptors to build ciphertext access policies themselves, using attributes published by authority domains. This causes problems, both since authorities may not publish sensitive attributes, and since users may not understand their internal policies. We permit encryptors to delegate parts of their access policies to authorities, who can construct appropriate policies on their behalf, using sensitive attributes, if needed. Delegation can be recursive. Delegation helps encryptors build more accurate access policies, especially when they must include attributes from multiple authorities. HMABE greatly reduces the chances that ineligible users gain access to data, or that eligible users are denied. Delegation lets authorities hide sensitive attributes, while still allowing users indirect access to their semantics. We show that HM-ABE achieves recursive attribute delegation, selective attribute hiding, and prove that it is secure.