Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data
Goyal, Pandey, Sahai, Waters
attribute-based encryption functional encryption security cryptography
@inproceedings{goyal:ccs-2006,
title={Attribute-Based Encryption for Fine-Grained Access Control of
Encrypted Data},
author={Goyal, V. and Pandey, O. and Sahai, A. and Waters, B.},
booktitle={{ACM} Conference on Computer and Communications Security},
pages={89--98},
year={2006},
organization={{ACM}}
}
[ Download PDF ]
Abstract:
As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP- ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with ac- cess structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our con- struction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical Identity-Based Encryp- tion (HIBE).
Access structure is monotonic: If a set of attributes grants access, then a larger set of attributes containing those attributes also grants access
- Attributes cannot negate other attributes
Four functions
- Setup() produces public parameters PK, master key MK with implicit security parameter k, the size of the underlying groups
- Encrypt(M, \gamma, PK) -> E where M is plaintext, \gamma set of attributes, E ciphertext
- KeyGen(A, MK, PK) -> D where A is access structure, D decryption key
- Decrypt(E, D, PK) -> M
Access tree is AND/OR tree, with joints captured by threshold gates
- AND: 2/2 threshold
- OR: 1/2 threshold