|
'''Attribute-based encryption''' is a typegeneralisation of [[public-key encryption]] in which theenables fine grained access control of encrypted data using [[Authorization | authorisation policies]]. The [[secret key]] of a user and the ciphertext are dependent upon attributes (e.g. their email address, the country in which they live, or the kind of subscription they have). In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.<ref>{{cite web |title=What is Attribute-Based Encryption |work=Cryptography Stack Exchange |url=https://crypto.stackexchange.com/a/17894 |date=2014 }}</ref>
A crucial security aspect of attribute-based encryption is collusion-resistance: An adversary that holds multiple keys should only be able to access data if at least one individual key grants access.
==Description==
Attribute-based encryption is provably<ref name="Herranz2017">{{cite journal | last1 = Herranz | first1 = Javier | title = Attribute-based encryption implies identity-based encryption | journal = IET Information Security | date = November 2017 | volume = 11 | issue = 6 | pages = 332–337 | issn = 1751-8709 | eissn = 1751-8717 | doi = 10.1049/iet-ifs.2016.0490 | pmid = | hdl = 2117/111526 | s2cid = 20290716 | url = | hdl-access = free }}</ref> a generalisation of [[identity-based encryption]].
==History==
AttributeIdentity-based encryption iswas afirst generalisationproposed ofin [[Identity-based encryption]], first proposed1984 by [[Adi Shamir]],<ref name="Shamir pp. 47–53">{{cite book | last=Shamir | first=Adi | title=Advances in Cryptology | chapter=Identity-Based Cryptosystems and Signature Schemes | series=Lecture Notes in Computer Science | publisher=Springer Berlin Heidelberg | publication-place=Berlin, Heidelberg | isbn=978-3-540-15658-1 | doi=10.1007/3-540-39568-7_5 | pages=47–53 | date=1984| volume=196 }}</ref> in 1984, without a specific solution or proof. In 2004 [[Amit Sahai]] and [[Brent Waters]]<ref>Amit Sahai and Brent Waters, Fuzzy Identity-Based Encryption ''[httphttps://eprint.iacr.org/2004/086 Cryptology ePrint Archive, Report 2004/086]'' (2004)</ref> published a solution, improved in 2006 by Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters.<ref name=":0">Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data ''[https://eprint.iacr.org/2006/309.pdf ACM CCS (2006)]''</ref> [[Melissa Chase]] and other researchers have further proposed attribute-based encryption with multiple authorities who jointly generate users' private keys.<ref>[[Melissa Chase]], Multi-authority Attribute-Based Encryption ''[https://link.springer.com/chapter/10.1007%2F978-3-540-70936-7_28 TCC (2007)]''</ref><ref>[[Melissa Chase]] and Sherman S.M. Chow, Improving privacy and security in multi-authority attribute-based encryption ''[http://dl.acm.org/citation.cfm?id=1653678 ACM CCS (2009)]''</ref><ref>Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan, Privacy preserving cloud data access with multi-authorities ''[httphttps://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6567070&tag=1 IEEE INFOCOM (2013)]''</ref><ref>Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan, Control Cloud Dhttps://gnunet.org/sites/default/files/CCS%2706%20-%20Attributed-based%20encryption%20for%20fine-grained%20access%20control%20of%20encrypted%20data.pdfata Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption ''[httphttps://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6951492 Transactions on Information Forensics and Security (2015)]''</ref><ref>Allisso Lewko and Brent Waters, Decentralizing Attribute-Based Encryption ''[https://link.springer.com/chapter/10.1007%2F978-3-642-20465-4_31 EUROCRYPT (2011)]''</ref><ref>Sascha Muller, Stefan Katzenbeisser, and [[Claudia Eckert (computer scientist)|Claudia Eckert]], On multi-authority ciphertext-policy attribute-based encryption ''[http://143.248.27.21/mathnet/thesis_file/14_B08-591.pdf Bull. Korean Math. Soc. 46 (2009)]''</ref>
== Types of attribute-based encryption schemes ==
There are mainly two types of attribute-based encryption schemes: Key-policy attribute-based encryption (KP-ABE)<ref name=":0" /> and ciphertext-policy attribute-based encryption (CP-ABE).<ref>{{Cite book|last1=Bethencourt|first1=J.|last2=Sahai|first2=A.|last3=Waters|first3=B.|date=2007-05-01|title=Ciphertext-Policy Attribute-Based Encryption|journal=2007 IEEE Symposium on Security and Privacy (SP '07) |chapter=Ciphertext-Policy Attribute-Based Encryption |date=2007-05-01|pages=321–334|doi=10.1109/SP.2007.11|isbn=978-0-7695-2848-9|citeseerx=10.1.1.69.3744|s2cid=6282684 }}</ref>
In KP-ABE, users' secret keys are generated based on an access tree that defines the privileges scope of the concerned user, and data are encrypted over a set of attributes. However, CP-ABE uses access trees to encrypt data and users' secret keys are generated over a set of attributes.
== Relationship to Rolerole-based Encryptionencryption ==
The related concept of [[Role-based encryption|role-based encryption]]<ref name="SuryakantBhise R.N pp. 15–20">{{cite journal | last1=SuryakantBhise | first1=Avdhut | last2=R.N | first2=Phursule | title=A Review of Role based Encryption System for Secure Cloud Storage | journal=International Journal of Computer Applications | publisher=Foundation of Computer Science | volume=109 | issue=14 | date=2015-01-16 | issn=0975-8887 | doi=10.5120/19255-0986 | pages=15–20| bibcode=2015IJCA..109n..15S | doi-access=free }}</ref> refers exclusively to access keys having roles that can be validated against an authoritative store of roles. In this sense, Role-based encryption can be expressed by Attribute-based encryption and within that limited context the two terms can be used interchangeably. Role-based Encryption cannot express Attribute-based encryption.
==Usage==
Attribute-based encryption (ABE) can be used for log encryption.<ref>Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data ''[httphttps://eprint.iacr.org/2006/309.pdf Cryptology ePrint Archive, Report 2006/309]'' (2006)</ref> Instead of encrypting each part of a log with the keys of all recipients, it is possible to encrypt the log only with attributes which match recipients' attributes. This primitive can also be used for [[broadcast encryption]] in order to decrease the number of keys used.<ref>David Lubicz and Thomas Sirvent, Attribute-Based Broadcast Encryption Scheme Made Efficient ''[httphttps://perso.univ-rennes1.fr/david.lubicz/articles/attribute.pdf First International Conference on Cryptology in Africa]'' (2008)</ref> Attribute-based encryption methods are also widely employed in vector-driven search engine interfaces.<ref>{{cite journal |last1=Bouabana-Tebibel |first1=T |title=Parallel search over encrypted data under attribute based encryption on the Cloud Computing |journal=Computers & Security |date=2015 |volume=54|pages=77–91 |doi=10.1016/j.cose.2015.04.007 }}</ref>
===Challenges===
==Further reading==
*{{Cite journal|last1=Attrapadung|first1=Nuttapong|last2=Herranz|first2=Javier|last3=Laguillaumie|first3=Fabien|last4=Libert|first4=Benoît|last5=de Panafieu|first5=Elie|last6=Ràfols|first6=Carla|date=March 2012|title=Attribute-based encryption schemes with constant-size ciphertexts|journal=Theoretical Computer Science|language=en|volume=422|pages=15–38|doi=10.1016/j.tcs.2011.12.004|doi-access=free|hdl=10230/42258|hdl-access=free}}
*Herranz, Javier; Laguillaumie, Fabien; Ràfols, Carla (2010), Nguyen, Phong Q.; Pointcheval, David (eds.), "[https://link.springer.com/chapter/10.1007/978-3-642-13013-7_2 Constant Size Ciphertexts in Threshold Attribute-Based Encryption]", ''Public Key Cryptography – PKC 2010'', Springer Berlin Heidelberg, 6056, pp. 19–34, [[Doi (identifier)|doi]]:[https://link.springer.com/chapter/10.1007/978-3-642-13013-7_2 10.1007/978-3-642-13013-7_2], {{ISBN|978-3-642-13012-0}}, retrieved 2020-05-13
|
