This is more of a good to know question, but looking online and in this forum I couldn't find an answer to this question. Was there some major reason why CP-ABE was created when KP-ABE already exist? I am new to this field so I apologise before hand if I offend anyone with this question.
Asked
Active
Viewed 3,337 times
2 Answers
3
I think you may find the founding paper of CP-ABE pretty informative on that regard: in "Ciphertext-Policy Attribute-Based Encryption" by Bethencourt et al. you can read the following:
In key-policy attribute based encryption, ciphertexts are associated with sets of descriptive attributes, and users’ keys are associated with policies (the reverse of our situation). We stress that in key policy ABE, the encryptor exerts no control over who has access to the data she encrypts, except by her choice of descriptive attributes for the data. Rather, she must trust that the key-issuer issues the appropriate keys to grant or deny access to the appropriate users. [... ] In our setting, the encryptor must be able to intelligently decide who should or should not have access to the data that she encrypts.
It's basically two different methods to achieve the same kind of goal, ie "Attribute Base Encrpytion".
You may further find this answer pretty useful and that question may also help you.
1
In KP-ABE, users' secret keys are generated based on an access tree that defines the privileges scope of the concerned user, and data are encrypted over a set of attribute. However, CP-ABE uses access trees to encrypt data and users' secret keys are generated over a set of attribute.
SUNEEL SAI EGA
- 19
- 1