10

What is Attribute Based Encryption? has a nice explanation what both forms (Ciphertext-policy Attribute-based Encryption and Key-policy Attribute-based Encryption) are.

My question is: what is the motivation/analogy behind Key-policy Attribute-based Encryption?

CPABE can be regarded as a variant of Attribute-based Access Control (ABAC) which is a well understood technique. What would be the KPABE equivalent, if there is one?

My take for an example key policy

$$(\text{Student}\wedge\text{Course}_A)\vee\text{Staff}$$

would be that $\text{Student}\wedge\text{Course}_A$ and $\text{Staff}$ can be seen as roles (RBAC) which will be activated through the attributes in the ciphertext. Is this an accurate analogy? Can you come up with a better one?

Community
  • 1
Artjom B.
  • 2,085
  • 1
  • 23
  • 53

3 Answers3

5

I believe the answer cygnusv gave is not fully correct. If an object is tagged with "NUCLEAR, TOPSECRET" it can potentially be decrypted by someone not having the TOPSECRET attribute (or NUCLEAR attribute). Why? Because it all depends on the structure of the private keys in the system.

A private key could for example be: "NUCLEAR or SCIENCE LAB A". Thus it would suffice for the object to be tagged with NUCLEAR for this person to gain access.

This is also one of the reasons to why KP-ABE is "less intuitive" because the encryptor does not specify the relation between the attributes that are tagged. Instead it is the key authority (or just authority) which will decide how these attributes needs to be combined for access.

J. Borgh
  • 51
  • 1
  • 1
4

CP-ABE fits naturally with RBAC, whereas KP-ABE not so much. Better analogies can be made if you think of attributes as "tags" of the encrypted object/document, instead of the users. For instance, imagine a confidential document about nuclear weapons which is encrypted under the attributes NUCLEAR and TOPSECRET. Then, only a user with a key for attributes NUCLEAR and TOPSECRET can decrypt the document, while users with TOPSECRET keys and NUCLEAR keys cannot.

cygnusv
  • 5,072
  • 1
  • 23
  • 48
0

KP-ABE suits the situation of passive users vs. active ciphertext, i.e., the ciphertext is pushed to users. An example is television program broadcasting where you want a fast encryption (tagging, instead of generating access policy is much more faster), and you can't control the number/identity of recipient.

CP-ABE on the other hand suits the active users vs. passive ciphertext, i.e., users actively looking for ciphertext. An example is cloud data, where you can tolerate with slower encryption, and you can decide who are the expected recipients.

Tan
  • 91
  • 1
  • 5