Attribute-Based Encryption
What is Attribute-Based Encryption?
Attribute-Based EncryptionPublic-key encryption (Sahai/Waters 2005) where ciphertexts and keys are linked to attributes and policies, so decryption succeeds only if the policy is satisfied.
Attribute-Based Encryption (ABE), introduced by Amit Sahai and Brent Waters in 2005, generalises identity-based encryption by binding ciphertexts and decryption keys to sets of attributes. In Key-Policy ABE (KP-ABE) the user's secret key encodes an access policy and the ciphertext carries attributes; in Ciphertext-Policy ABE (CP-ABE) it is the reverse - ciphertexts carry a Boolean policy over attributes and keys carry attributes. Decryption succeeds only when the attributes satisfy the policy. ABE typically uses bilinear pairings on curves such as BN254 or BLS12-381 and provides built-in collusion resistance. Use cases include fine-grained access control for shared cloud storage, electronic health records, encrypted data lakes, and DRM where a single ciphertext serves many recipients.
● Examples
- 01
A hospital encrypts records once with policy ('doctor' AND 'cardiology') OR 'researcher'.
- 02
OpenABE and Charm-Crypto libraries implement KP-ABE and CP-ABE schemes.
● Frequently asked questions
What is Attribute-Based Encryption?
Public-key encryption (Sahai/Waters 2005) where ciphertexts and keys are linked to attributes and policies, so decryption succeeds only if the policy is satisfied. It belongs to the Cryptography category of cybersecurity.
What does Attribute-Based Encryption mean?
Public-key encryption (Sahai/Waters 2005) where ciphertexts and keys are linked to attributes and policies, so decryption succeeds only if the policy is satisfied.
How does Attribute-Based Encryption work?
Attribute-Based Encryption (ABE), introduced by Amit Sahai and Brent Waters in 2005, generalises identity-based encryption by binding ciphertexts and decryption keys to sets of attributes. In Key-Policy ABE (KP-ABE) the user's secret key encodes an access policy and the ciphertext carries attributes; in Ciphertext-Policy ABE (CP-ABE) it is the reverse - ciphertexts carry a Boolean policy over attributes and keys carry attributes. Decryption succeeds only when the attributes satisfy the policy. ABE typically uses bilinear pairings on curves such as BN254 or BLS12-381 and provides built-in collusion resistance. Use cases include fine-grained access control for shared cloud storage, electronic health records, encrypted data lakes, and DRM where a single ciphertext serves many recipients.
How do you defend against Attribute-Based Encryption?
Defences for Attribute-Based Encryption typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Attribute-Based Encryption?
Common alternative names include: ABE, KP-ABE, CP-ABE.
● Related terms
- cryptography№ 512
Identity-Based Encryption
Public-key encryption where an arbitrary identifier (email, phone) serves as the public key, with private keys issued by a trusted Private Key Generator (Boneh/Franklin 2001).
- cryptography№ 871
Proxy Re-Encryption
A cryptographic technique that lets a semi-trusted proxy transform a ciphertext encrypted under Alice's key into one decryptable by Bob without learning the plaintext.
- cryptography№ 879
Public-Key Cryptography
A branch of cryptography that uses paired public and private keys to enable encryption, key exchange, digital signatures, and authentication without a pre-shared secret.
- cryptography№ 481
Homomorphic Encryption
An encryption scheme that allows computations to be performed directly on ciphertexts, producing encrypted results that match the operations on the underlying plaintexts.
- cryptography№ 109
BLS Signature
A short pairing-based digital signature by Boneh, Lynn, and Shacham (2001) supporting deterministic single signatures and efficient aggregation across many signers.