中文摘要：

在密文策略的属性基加密（CP-ABE,ciphertext-policy attribute-based encryption）的基础上,使用分层的多个认证机构为用户分发私钥,一方面避免了单一认证机构形式带来的服务器负荷运行等问题,另一方面便于中央授权机构对其进行管理.另外,中央授权机构无法恢复用户的个人信息轮廓,保护了用户的隐私;用户的私钥由对应的认证机构根据随机数进行提取,中央授权机构无法获知,保护了用户私钥的安全性;在私钥提取的过程中,允许用户的属性集合之间存在重叠.该方案在判定双线性Diffie-Hellman（DBDH,decisional bilinear DiffieHellman）假设下满足IND-Set-CPA（against adaptive chosen attribute set and chosen plaintext attack）安全.

英文摘要：

Based on ciphertext-policy attribute-based encryption （CP-ABE）, more than one authorities were used to distribute private keys to users, and these authorities were organized in hierarchy. This scheme can not only avoid problems such as the central server＇s overload operation caused by single-authority ABE, and also make CA＇s management more efficient. Meanwhile, CA can not recover users＇ profiles, and their privacy is protected l authorities compute private keys for users according to their random numbers, which is unobtainable for CA, and users＇ security is protected. In addition, different users＇ attributes are allowed to overlap in terms of the extraction of private keys. This scheme is against Adaptive Chosen Attribute Set and Chosen Plaintext Attack （IND-Set-CPA）, assuming the difficulty of the decisional bilinear Diffie-Hellman （DBDH） problem.