Verifying user attributes to provide fine-grained access control to databases is fundamental to an attribute-based authentication system. In such systems, either a single (central) authority verifies all attributes, or multiple independent authorities verify individual attributes distributedly to allow a user to access records stored on the servers. While a \emph{central} setup is more communication cost efficient, it causes privacy breach of \emph{all} user attributes to a central authority. Recently, Jafarpisheh et al. studied an information theoretic formulation of the \emph{distributed} multi-authority setup with $N$ non-colluding authorities, $N$ attributes and $K$ possible values for each attribute, called an $(N,K)$ distributed attribute-based private access control (DAPAC) system, where each server learns only one attribute value that it verifies, and remains oblivious to the remaining $N-1$ attributes. We show that off-loading a subset of attributes to a central server for verification improves the achievable rate from $\frac{1}{2K}$ in Jafarpisheh et al. to $\frac{1}{K+1}$ in this paper, thus \emph{almost doubling the rate} for relatively large $K$, while sacrificing the privacy of a few possibly non-sensitive attributes.

翻译：验证用户属性以实现对数据库的细粒度访问控制是基于属性认证系统的基础。在此类系统中，要么由单个（中心）权威机构验证所有属性，要么由多个独立权威机构分布式验证各个属性，以允许用户访问存储在服务器上的记录。虽然“中心化”设置在通信成本上更高效，但它会导致用户“所有”属性向中心权威机构泄露隐私。近期，Jafarpisheh等人研究了具有N个非共谋权威机构、N个属性且每个属性有K个可能取值的信息论表述的“分布式”多权威机构设置，称为(N,K)分布式基于属性的私有访问控制（DAPAC）系统。在该系统中，每个服务器仅学习其验证的一个属性值，而对其余N-1个属性保持无感知。本文证明，将部分属性卸载至中心服务器进行验证，可将可达速率从Jafarpisheh等人方案中的1/(2K)提升至本文的1/(K+1)，从而在K相对较大时实现“近两倍的速率提升”，但代价是牺牲少量可能非敏感属性的隐私。