The invention discloses an SM9-based key policy attribute-based encryption method. The method comprises the following steps that: S1, a key generation center generates system parameters according to an SM9 algorithm, and discloses the generated system parameters to users in a system; S2, the key generation center generates a main public key and a private key of the system according to the attribute space of the users, the main public key is published to the users in the system, and the main private key is stored; S3, an encryptor generates a ciphertext about a to-be-encrypted message under an attribute set according to the attribute set and the to-be-encrypted message; S4, the key generation center generates a decryption key corresponding to an access control tree according to the access tree and the main private key of the system; and S5, after a receiver obtains the ciphertext, when the attribute set corresponding to the ciphertext meets the access control tree corresponding to the key, the message is decrypted to be recovered, otherwise, the decryption fails. According to the method, the attribute is used as the public key, the ciphertext is associated with the attribute, and the secret key is associated with the access control tree, so that the purpose of flexibly representing an access control strategy is achieved, and the processing overhead of the network bandwidth and the sending node caused by data sharing and fine-grained access control is greatly reduced.