Paper 2006/309

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data

Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters


As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical Identity-Based Encryption (HIBE).

Note: Typos corrected

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Extended abstract to appear in ACM CCS 2006. This is the full version.
Contact author(s)
vipul @ cs ucla edu
2006-10-07: last of 2 revisions
2006-09-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Vipul Goyal and Omkant Pandey and Amit Sahai and Brent Waters},
      title = {Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data},
      howpublished = {Cryptology ePrint Archive, Paper 2006/309},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.