Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts

•We model access control of sensitive data between multiple organizations.•We propose Ciphertext-Policy Hierarchical Attribute-Based Encryption (CP-HABE).•CP-HABE is equipped with key delegation for users of different organizations.•The first CP-HABE scheme is presented with short ciphertexts.•Our scheme is proven secure in standard model under static assumptions.

Attribute-based encryption (ABE) systems allow encrypting to uncertain receivers by means of an access policy specifying the attributes that the intended receivers should possess. ABE promises to deliver fine-grained access control of encrypted data. However, when data are encrypted using an ABE scheme, key management is difficult if there is a large number of users from various backgrounds. In this paper, we elaborate on ABE and propose a new versatile cryptosystem referred to as ciphertext-policy hierarchical ABE (CP-HABE). In a CP-HABE scheme, the attributes are organized in a matrix and the users having higher-level attributes can delegate their access rights to the users at a lower level. These features enable a CP-HABE system to host a large number of users from different organizations by delegating keys, e.g., enabling efficient data sharing among hierarchically organized large groups. We construct a CP-HABE scheme with short ciphertexts. The scheme is proven secure in the standard model under non-interactive assumptions.