Fully Decentralized Multi-Authority ABE Scheme in Data Sharing System

Abstract

In this paper, we propose an attribute-based encryption (ABE) scheme that can be used in data sharing systems with multiple distrusted authorizes. Unlike prior multi-authority ABEs, this scheme can achieve secret key generation in a fully decentralized manner, which eliminates the security risk on central authority (CA) compromise. By separating the key generation process among authorities and data owners (DOs), our scheme is resilient to collusion between malicious authorities and users. This new fully Decentralized Multi-Authority ABE (f-DMA) scheme is derived from CP-ABE that is resilient to collusion between authorities and users. Our system distinguishes between DO principal and attribute authorities (AAs): DOs own the data but allows AAs to arbitrate access by providing attribute labels to users. The data is protected by access policy encryption over these attributes. Unlike prior systems, attributes generated by AAs are not user-specific, and neither is the system susceptible to collusion between users who try to escalate their access by sharing keys. We prove our scheme correct under the Decisional Bilinear Diffie-Hellman (DBDH) assumption; we also include a complete end-to-end implementation that demonstrates the practical efficacy of our technique.