Decentralizing Attribute-Based Encryption

We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our sys-tem, any party can become an authority and there is no requirement for any global coor-dination other than the creation of an initial set of common reference parameters. A partycan simply act as an ABE authority by creating a public key and issuing private keys todifferent users that reflect their attributes. A user can encrypt data in terms of any booleanformula over attributes issued from any chosen set of authorities. Finally, our system doesnot require any central authority.In constructing our system, our largest technical hurdle is to make it collusion resistant.Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE sys-tem authority “tied” together different components (representing different attributes) of auser’s private key by randomizing the key. However, in our system each component willcome from a potentially different authority, where we assume no coordination between suchauthorities. We create new techniques to tie key components together and prevent collusionattacks between users with different global identifiers.We prove our system secure using the recent dual system encryption methodology wherethe security proof works by first converting the challenge ciphertext and private keys toa semi-functional form and then arguing security. We follow a recent variant of the dualsystem proof technique due to Lewko and Waters and build our system using bilinear groupsof composite order. We prove security under similar static assumptions to the LW paper inthe random oracle model.