This paper introduces Key-Policy Attribute-Based Encryption (KP-ABE), a new cryptosystem for fine-grained access control of encrypted data. KP-ABE allows users to decrypt data based on specific attributes associated with the ciphertext, rather than requiring a shared private key. In this system, ciphertexts are labeled with sets of attributes, and private keys are associated with access structures that determine which ciphertexts a user can decrypt. The system supports delegation of private keys, subsuming Hierarchical Identity-Based Encryption (HIBE). The paper discusses the application of KP-ABE to audit logs and broadcast encryption. In audit logs, KP-ABE enables secure forensic analysis by allowing analysts to access only the data that matches specific attributes, such as user names, dates, and data types. In broadcast encryption, KP-ABE allows targeted broadcasting of encrypted data, where each item is labeled with attributes that determine which users can decrypt it. The paper also presents a construction for KP-ABE based on bilinear maps and proves its security under the Decisional Bilinear Diffie-Hellman (BDH) assumption. The system supports large universes of attributes and allows for the delegation of private keys to more restrictive access structures. The paper concludes with a discussion of the security of the system and its potential applications in various scenarios.This paper introduces Key-Policy Attribute-Based Encryption (KP-ABE), a new cryptosystem for fine-grained access control of encrypted data. KP-ABE allows users to decrypt data based on specific attributes associated with the ciphertext, rather than requiring a shared private key. In this system, ciphertexts are labeled with sets of attributes, and private keys are associated with access structures that determine which ciphertexts a user can decrypt. The system supports delegation of private keys, subsuming Hierarchical Identity-Based Encryption (HIBE). The paper discusses the application of KP-ABE to audit logs and broadcast encryption. In audit logs, KP-ABE enables secure forensic analysis by allowing analysts to access only the data that matches specific attributes, such as user names, dates, and data types. In broadcast encryption, KP-ABE allows targeted broadcasting of encrypted data, where each item is labeled with attributes that determine which users can decrypt it. The paper also presents a construction for KP-ABE based on bilinear maps and proves its security under the Decisional Bilinear Diffie-Hellman (BDH) assumption. The system supports large universes of attributes and allows for the delegation of private keys to more restrictive access structures. The paper concludes with a discussion of the security of the system and its potential applications in various scenarios.