Ciphertext-Policy Attribute-Based Encryption
|Developers:||John Bethencourt, Amit Sahai (advisory role), Brent Waters (advisory role)|
|Added to ACSC:||December 1, 2006|
|Last updated:||March 24, 2011|
The cpabe toolkit provides a set of programs implementing a ciphertext-policy attribute-based encryption scheme. It uses the PBC library for the algebraic operations. Note that the cpabe toolkit might not compile against versions of PBC older than 0.5.4.
In a ciphertext policy attribute-based encryption scheme, each user’s private key is associated with a set of attributes representing their capabilities, and a ciphertext is encrypted such that only users whose attributes satisfy a certain policy can decrypt. For example, we can encrypt a ciphertext such that in a company it can only be decrypted by a someone with attributes “Senior” and “Human Resources” or has the attribute “Executive ”. One interesting application of this tool is that we can do Role-Based Access Control (RBAC) without requiring trusted data storage.
The toolkit provides four command line tools used to perform the various operations of the scheme. They are designed for straightforward invocation by larger systems in addition to manual usage.
To try out the tools, take a look at the quickstart tutorial. Also, man pages for each of the four programs in the toolkit are available online.
Bugs and Limitations
None known, but like many other things on the ACSC this is research quality software and should not be used in any application actually requiring security. If you find any bugs, an email (or even a patch!) directed to John Bethencourt would be appreciated.
The scheme is implemented as described in the following paper.