Multiply, Divide, and Conquer - Making Fully Decentralised Access Control a Reality

Bernd Prünster*, Gerald Palfinger, Dominik Ziegler

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


This paper tackles the issue of access control in fully decentralised systems. Previously, access control always fell back to some degree of centralisation. Our work approaches this problem by outsourcing access policy evaluation to the millions of trusted computing bases already deployed in the form of current Android devices. This assures correct policy evaluation to both data owners and those seeking data access. In essence, our solution encrypts to-be-shared data, splits and wraps the encryption key, and cryptographically binds it to an access policy. Policies are evaluated by freely selectable evaluators, that do not need to be enrolled beforehand. Evaluators then interface with attribute providers during policy evaluation. Each evaluator independently reaches a conclusion about whether or not to grant access, leading to a decision by majority vote. We designed this system with practicality and real-world applicability in mind, meaning that it can be deployed and used today. We achieve this by relying on efficient primitives and foregoing expensive cryptographic constructions, making it possible to define even highly complex access policies. Overall, this presents a clear advantage over previous concepts.

Original languageEnglish
Title of host publicationNetwork and System Security - 14th International Conference, NSS 2020, Proceedings
Subtitle of host publication14th International Conference, NSS 2020, Melbourne, VIC, Australia, November 25–27, 2020, Proceedings
EditorsMirosław Kutyłowski, Jun Zhang, Chao Chen
Number of pages16
ISBN (Print)978-3-030-65744-4
Publication statusPublished - 1 Jan 2020
Event14th International Conference on Network and System Security - Virtual, Melbourne, Australia
Duration: 25 Nov 202027 Nov 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12570 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference14th International Conference on Network and System Security
Abbreviated titleNSS 2020
CityVirtual, Melbourne


  • Decentralised Access Control
  • Trusted Computing
  • Peer-to-Peer
  • Trusted computing
  • Peer-to-peer
  • Decentralised access control

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fields of Expertise

  • Information, Communication & Computing

Cite this