Attribute-based encryption: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 13:34, 22 March 2024 edit 130.180.219.188 (talk) No edit summary Tag: Reverted ← Previous edit		Latest revision as of 14:43, 5 July 2025 edit undo Frap (talk \| contribs) Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 35,593 edits →Relationship to Role-based Encryption: MOS:HEAD
(4 intermediate revisions by 4 users not shown)
Line 1: '''Attribute-based encryption''' is a generalisation of [[public-key encryption]] which enables fine grained access control of encrypted data using [[Authorization \| authorisation policies]]. The [[secret key]] of a user and the ciphertext are dependent upon attributes (e.g. their email address, the country in which they live, or the kind of subscription they have). In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.<ref>{{cite web \|title=What is Attribute-Based Encryption \|work=Cryptography Stack Exchange \|url=https://crypto.stackexchange.com/a/17894 \|date=2014 }}</ref> A crucial security aspect of attribute-based encryption is ~~collision~~collusion-resistance: An adversary that holds multiple keys should only be able to access data if at least one individual key grants access. ==Description== Attribute-based encryption is provably<ref name="Herranz2017">{{cite journal \| last1 = Herranz \| first1 = Javier \| title = ~~Attribute‐based~~Attribute-based encryption implies ~~identity‐based~~identity-based encryption \| journal = IET Information Security \| date = November 2017 \| volume = 11 \| issue = 6 \| pages = 332–337 \| issn = 1751-8709 \| eissn = 1751-8717 \| doi = 10.1049/iet-ifs.2016.0490 \| pmid = \| hdl = 2117/111526 \| s2cid = 20290716 \| url = \| hdl-access = free }}</ref> a generalisation of [[identity-based encryption]]. ==History== Identity-based encryption was first proposed in 1984 by [[Adi Shamir]],<ref name="Shamir pp. 47–53">{{cite book \| last=Shamir \| first=Adi \| title=Advances in Cryptology \| chapter=Identity-Based Cryptosystems and Signature Schemes \| series=Lecture Notes in Computer Science \| publisher=Springer Berlin Heidelberg \| publication-place=Berlin, Heidelberg \| isbn=978-3-540-15658-1 \| doi=10.1007/3-540-39568-7_5 \| pages=47–53 \| date=1984\| volume=196 }}</ref> without a specific solution or proof. In 2004 [[Amit Sahai]] and [[Brent Waters]]<ref>Amit Sahai and Brent Waters, Fuzzy Identity-Based Encryption ''[~~http~~https://eprint.iacr.org/2004/086 Cryptology ePrint Archive, Report 2004/086]'' (2004)</ref> published a solution, improved in 2006 by Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters.<ref name=":0">Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data ''[https://eprint.iacr.org/2006/309.pdf ACM CCS (2006)]''</ref> [[Melissa Chase]] and other researchers have further proposed attribute-based encryption with multiple authorities who jointly generate users' private keys.<ref>[[Melissa Chase]], Multi-authority Attribute-Based Encryption ''[https://link.springer.com/chapter/10.1007%2F978-3-540-70936-7_28 TCC (2007)]''</ref><ref>[[Melissa Chase]] and Sherman S.M. Chow, Improving privacy and security in multi-authority attribute-based encryption ''[http://dl.acm.org/citation.cfm?id=1653678 ACM CCS (2009)]''</ref><ref>Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan, Privacy preserving cloud data access with multi-authorities ''[~~http~~https://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6567070&tag=1 IEEE INFOCOM (2013)]''</ref><ref>Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan, Control Cloud Dhttps://gnunet.org/sites/default/files/CCS%2706%20-%20Attributed-based%20encryption%20for%20fine-grained%20access%20control%20of%20encrypted%20data.pdfata Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption ''[~~http~~https://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6951492 Transactions on Information Forensics and Security (2015)]''</ref><ref>Allisso Lewko and Brent Waters, Decentralizing Attribute-Based Encryption ''[https://link.springer.com/chapter/10.1007%2F978-3-642-20465-4_31 EUROCRYPT (2011)]''</ref><ref>Sascha Muller, Stefan Katzenbeisser, and [[Claudia Eckert (computer scientist)\|Claudia Eckert]], On multi-authority ciphertext-policy attribute-based encryption ''[http://143.248.27.21/mathnet/thesis_file/14_B08-591.pdf Bull. Korean Math. Soc. 46 (2009)]''</ref> == Types of attribute-based encryption schemes == Line 14: In KP-ABE, users' secret keys are generated based on an access tree that defines the privileges scope of the concerned user, and data are encrypted over a set of attributes. However, CP-ABE uses access trees to encrypt data and users' secret keys are generated over a set of attributes. == Relationship to ~~Role~~role-based ~~Encryption~~encryption == The related concept of [[role-based encryption]]<ref name="SuryakantBhise R.N pp. 15–20">{{cite journal \| last1=SuryakantBhise \| first1=Avdhut \| last2=R.N \| first2=Phursule \| title=A Review of Role based Encryption System for Secure Cloud Storage \| journal=International Journal of Computer Applications \| publisher=Foundation of Computer Science \| volume=109 \| issue=14 \| date=2015-01-16 \| issn=0975-8887 \| doi=10.5120/19255-0986 \| pages=15–20\| bibcode=2015IJCA..109n..15S \| doi-access=free }}</ref> refers exclusively to access keys having roles that can be validated against an authoritative store of roles. In this sense, Role-based encryption can be expressed by Attribute-based encryption and within that limited context the two terms can be used interchangeably. Role-based Encryption cannot express Attribute-based encryption. ==Usage== Attribute-based encryption (ABE) can be used for log encryption.<ref>Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data ''[~~http~~https://eprint.iacr.org/2006/309.pdf Cryptology ePrint Archive, Report 2006/309]'' (2006)</ref> Instead of encrypting each part of a log with the keys of all recipients, it is possible to encrypt the log only with attributes which match recipients' attributes. This primitive can also be used for [[broadcast encryption]] in order to decrease the number of keys used.<ref>David Lubicz and Thomas Sirvent, Attribute-Based Broadcast Encryption Scheme Made Efficient ''[~~http~~https://perso.univ-rennes1.fr/david.lubicz/articles/attribute.pdf First International Conference on Cryptology in Africa]'' (2008)</ref> Attribute-based encryption methods are also widely employed in vector-driven search engine interfaces.<ref>{{cite journal \|last1=Bouabana-Tebibel \|first1=T \|title=Parallel search over encrypted data under attribute based encryption on the Cloud Computing \|journal=Computers & Security \|date=2015 \|volume=54\|pages=77–91 \|doi=10.1016/j.cose.2015.04.007 }}</ref> ===Challenges===