Distributed Attribute-based Private Access Control

In attribute-based access control, users with specific verified attributes will gain access to some particular data. Concerning the privacy of the users' attributes, we study the problem of distributed attribute-based private access control (DAPAC) with multiple authorities. Each authority will learn and verify only one of the attributes.To investigate its fundamental limits, we introduce an information-theoretic DAPAC framework, with N ∈ N,N ≥ 2, replicated non-colluding servers (authorities), and some users. Each user has an attribute vector vast = (v1∗,⋯,vN∗) of dimension N and is eligible to retrieve a message Wtextv∗, available on all servers. Each server n ∈ [N] can only observe and verify the n'th attribute of a user. In response, it sends a function of its authorized messages to the user. The system must satisfy the following conditions: (1) Correctness: the user with attribute vector v∗can retrieve his intended message Wv∗ from the servers' responses, (2) Data Secrecy: the user will not learn anything about the other messages, (3) Attribute Privacy: each Server n learns nothing beyond attribute n of the user. The capacity of the DAPAC is defined as the ratio of the file size and the aggregated size of the responses, maximized over all feasible schemes. We obtain a lower bound on the capacity of this problem by proposing an achievable algorithm with rate 1/2K, where K is the size of the alphabet of each attribute.