Multi-authority attribute-based encryption
(also MA-ABE)
Multi-authority attribute-based encryption definition
Multi-authority attribute-based encryption (commonly shortened as “MA-ABE”) is an extension of ABE that uses multiple attribute authorities working in tandem for access control.
MA-ABE was developed to address the challenges associated with a single centralized authority in traditional ABE schemes. In ABE, encryption and decryption are based on attributes, but a single central authority in charge of managing all attributes may lead to scalability and trust issues.
See also: ciphertext, cryptographic key, encryption key, key exchange, secret key, attribute value pair, decryption, cryptographic algorithm, key-policy attribute-based encryption, ciphertext-policy attribute-based encryption
How multi-authority attribute-based encryption works
In MA-ABE, there are multiple attribute authorities, each responsible for managing a subset of attributes. These authorities collaborate to enable secure and flexible access control.
The encryption process remains similar to ABE, where data is encrypted with a policy based on attributes (such as the user’s job or organization). Decryption is a little bit different, however, using a composite key to return the ciphertext — the user presents a set of attributes to multiple authorities and combines their contributions to generate a key.
MA-ABE holds several advantages over traditional ABE schemes — for example, MA-ABE systems can handle larger numbers of attributes and are more fault tolerant than those dependent on a single authority. MA-ABE schemes may also improve privacy, as no single authority has complete knowledge of all attributes associated with the user.