Attribute-based encryption: Difference between revisions

'''Attribute-based encryption''' is a generalisation of [[public-key encryption]] which enables fine grained access control of encrypted data using [[Authorization | authorisation policies]]. The [[secret key]] of a user and the ciphertext are dependent upon attributes (e.g. their email address, the country in which they live, or the kind of subscription they have). In such ta system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.<ref>{{cite web |title=What is Attribute-Based Encryption |work=Cryptography Stack Exchange |url=https://crypto.stackexchange.com/a/17894 |date=2014 }}</ref>

Attribute-based encryption is provably<ref name="Herranz2017">{{cite journal | last1 = Herranz | first1 = Javier | title = Attribute‐basedAttribute-based encryption implies identity‐basedidentity-based encryption | journal = IET Information Security | date = November 2017 | volume = 11 | issue = 6 | pages = 332–337 | issn = 1751-8709 | eissn = 1751-8717 | doi = 10.1049/iet-ifs.2016.0490 | pmid = | hdl = 2117/111526 | s2cid = 20290716 | url = | hdl-access = free }}</ref> a generalisation of [[identity-based encryption]].

Identity-based encryption was first proposed in 1984 by [[Adi Shamir]],<ref name="Shamir pp. 47–53">{{cite book | last=Shamir | first=Adi | title=Advances in Cryptology | chapter=Identity-Based Cryptosystems and Signature Schemes | series=Lecture Notes in Computer Science | publisher=Springer Berlin Heidelberg | publication-place=Berlin, Heidelberg | isbn=978-3-540-15658-1 | doi=10.1007/3-540-39568-7_5 | pages=47–53 | date=1984| volume=196 }}</ref> without a specific solution or proof. In 2004 [[Amit Sahai]] and [[Brent Waters]]<ref>Amit Sahai and Brent Waters, Fuzzy Identity-Based Encryption ''[httphttps://eprint.iacr.org/2004/086 Cryptology ePrint Archive, Report 2004/086]'' (2004)</ref> published a solution, improved in 2006 by Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters.<ref name=":0">Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data ''[https://eprint.iacr.org/2006/309.pdf ACM CCS (2006)]''</ref> [[Melissa Chase]] and other researchers have further proposed attribute-based encryption with multiple authorities who jointly generate users' private keys.<ref>[[Melissa Chase]], Multi-authority Attribute-Based Encryption ''[https://link.springer.com/chapter/10.1007%2F978-3-540-70936-7_28 TCC (2007)]''</ref><ref>[[Melissa Chase]] and Sherman S.M. Chow, Improving privacy and security in multi-authority attribute-based encryption ''[http://dl.acm.org/citation.cfm?id=1653678 ACM CCS (2009)]''</ref><ref>Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan, Privacy preserving cloud data access with multi-authorities ''[httphttps://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6567070&tag=1 IEEE INFOCOM (2013)]''</ref><ref>Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan, Control Cloud Dhttps://gnunet.org/sites/default/files/CCS%2706%20-%20Attributed-based%20encryption%20for%20fine-grained%20access%20control%20of%20encrypted%20data.pdfata Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption ''[httphttps://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6951492 Transactions on Information Forensics and Security (2015)]''</ref><ref>Allisso Lewko and Brent Waters, Decentralizing Attribute-Based Encryption ''[https://link.springer.com/chapter/10.1007%2F978-3-642-20465-4_31 EUROCRYPT (2011)]''</ref><ref>Sascha Muller, Stefan Katzenbeisser, and [[Claudia Eckert (computer scientist)|Claudia Eckert]], On multi-authority ciphertext-policy attribute-based encryption ''[http://143.248.27.21/mathnet/thesis_file/14_B08-591.pdf Bull. Korean Math. Soc. 46 (2009)]''</ref>

There are mainly two types of attribute-based encryption schemes: Key-policy attribute-based encryption (KP-ABE)<ref name=":0" /> and ciphertext-policy attribute-based encryption (CP-ABE).<ref>{{Cite book|last1=Bethencourt|first1=J.|last2=Sahai|first2=A.|last3=Waters|first3=B.|date=2007-05-01|title=Ciphertext-Policy Attribute-Based Encryption|journal=2007 IEEE Symposium on Security and Privacy (SP '07) |chapter=Ciphertext-Policy Attribute-Based Encryption |date=2007-05-01|pages=321–334|doi=10.1109/SP.2007.11|isbn=978-0-7695-2848-9|citeseerx=10.1.1.69.3744|s2cid=6282684 }}</ref>

== Relationship to Rolerole-based Encryptionencryption ==

The related concept of [[role-based encryption]]<ref name="SuryakantBhise R.N pp. 15–20">{{cite journal | last1=SuryakantBhise | first1=Avdhut | last2=R.N | first2=Phursule | title=A Review of Role based Encryption System for Secure Cloud Storage | journal=International Journal of Computer Applications | publisher=Foundation of Computer Science | volume=109 | issue=14 | date=2015-01-16 | issn=0975-8887 | doi=10.5120/19255-0986 | pages=15–20| bibcode=2015IJCA..109n..15S | doi-access=free }}</ref> refers exclusively to access keys having roles that can be validated against an authoritative store of roles. In this sense, Role-based encryption can be expressed by Attribute-based encryption and within that limited context the two terms can be used interchangeably. Role-based Encryption cannot express Attribute-based encryption.

Attribute-based encryption (ABE) can be used for log encryption.<ref>Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data ''[httphttps://eprint.iacr.org/2006/309.pdf Cryptology ePrint Archive, Report 2006/309]'' (2006)</ref> Instead of encrypting each part of a log with the keys of all recipients, it is possible to encrypt the log only with attributes which match recipients' attributes. This primitive can also be used for [[broadcast encryption]] in order to decrease the number of keys used.<ref>David Lubicz and Thomas Sirvent, Attribute-Based Broadcast Encryption Scheme Made Efficient ''[httphttps://perso.univ-rennes1.fr/david.lubicz/articles/attribute.pdf First International Conference on Cryptology in Africa]'' (2008)</ref> Attribute-based encryption methods are also widely employed in vector-driven search engine interfaces.<ref>{{cite journal |last1=Bouabana-Tebibel |first1=T |title=Parallel search over encrypted data under attribute based encryption on the Cloud Computing |journal=Computers & Security |date=2015 |volume=54|pages=77–91 |doi=10.1016/j.cose.2015.04.007 }}</ref>

*{{Cite journal|last1=Attrapadung|first1=Nuttapong|last2=Herranz|first2=Javier|last3=Laguillaumie|first3=Fabien|last4=Libert|first4=Benoît|last5=de Panafieu|first5=Elie|last6=Ràfols|first6=Carla|date=March 2012|title=Attribute-based encryption schemes with constant-size ciphertexts|journal=Theoretical Computer Science|language=en|volume=422|pages=15–38|doi=10.1016/j.tcs.2011.12.004|doi-access=free|hdl=10230/42258|hdl-access=free}}