Monday, November 18, 2019


ABE (Attribute Based Encryption) 是在大約 2000 年左右冒起的新寵。
基本運作原理,是利用 IBE 的方法,以一堆不同的 attributes 去加密文件。
而近年有兩大分類,主要是 KP-ABE 和 CP-ABE:


"In a key-policy attribute-based encryption (KP-ABE) system, ciphertexts are labeled by the sender with a set of descriptive attributes, while user's private key is issued by the trusted attribute authority captures an policy (also called the access structure) that specifies which type of ciphertexts the key can decrypt. KP-ABE schemes are suitable for structured organizations with rules about who may read particular documents. Typical applications of KP-ABE include secure forensic analysis and target broadcast [5]. For example, in a secure forensic analysis system, audit log entries could be annotated with attributes such as the name of the user, the date and time of the user action, and the type of data modified or accessed by the user action. While a forensic analyst charged with some investigation would be issued a private key that associated with a particular access structure. The private key would only open audit log records whose attributes satisfied the access policy associated with the private key.

In a ciphertext-policy attribute-based encryption (CP-ABE) system, when a sender encrypts a message, they specify a specific access policy in terms of access structure over attributes in the ciphertext, stating what kind of receivers will be able to decrypt the ciphertext. Users possess sets of attributes and obtain corresponding secret attribute keys from the attribute authority. Such a user can decrypt a ciphertext if his/her attributes satisfy the access policy associated with the ciphertext. Thus, CP-ABE mechanism is conceptually closer to traditional role-based access control method." [1]


換句話說,KP-ABE (Key Policy) 的加密者,用一堆 attributes 去加密文件,
然後有個中間人會訂立 policy,再分發具 policy 的 private keys 給不同人。
例如加密者用 "pay_user" 這個 attribute 去加密,然後 policy 可以是 {pay_user, free_user, tom...} 等等,任由中間人決定。
加密者只知道符合 attributes 的人可以解密,但不能預知解密者的全個 policy + attributes 是什麼。

KP-ABE 密文中會有 attributes [2],
所以如果解密者見到密文,而手中沒有符合該 attributes 的 private key 的話,就解都廢事了。



而 CP-ABE 則不同。加密者定義了整個 access structure (policy + attributes),
中間人的作用只是 based on the policy,分發不同 private keys 給不同人。
情況有點像建立一棵 private key tree,不同 matching 會有不同 private keys。

CP-ABE 密文 (Cipher Text) 中會有整個 access structure [3],
所以如果解密者見到密文,而手中沒有符合該 structure + attributes 的 private key 的話,就解都廢事了。



[1] Changji Wang and Jianfa Luo, “An Efficient Key-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length,” Mathematical Problems in Engineering, vol. 2013, Article ID 810969, 7 pages, 2013.