Attribute Based Encryption
Public Key Infrastructure:
Disadvantage:
- To communicate with Alice, Bob, at first, has to communicate with the PKI.
Identity Based Encryption (IDE):
In IDE, one’s publicly known identity (ex. email address) is being used as his/her public key where as corresponding private key is generated from the known identity.
IDE encryption scheme is a four algorithms/steps scheme where the algorithms are i. Setup Algorithm ii. Key (private key) Generation Algorithm iii. Encryption Algorithm iv. Decryption Algorithm.
Setup and Key Generation:
Encryption & Decryption:
Advantage:
- Bob does not need to contact KDC / CA for Alice’s Public Key. He knows Alice’s Identity which he uses to encrypt message for Alice.
Fuzzy Identity Based Encryption (Fuzzy-IDE):
Fuzzy Identity of a person is a set of descriptive attributes which a predefined error tolerance capability. In Fuzzy-IDE, these attributes are used as one’s known public key.
Setup & Key Generation
Advantage:
With her private key, Alice can decrypt messages encrypted with her own identity (w). She can also decrypt messages encrypted with other’s identity (w’) if |w ∩ w’| >= d.
Encryption & Decryption in Fuzzy IDE System
Example:
Person |
Fuzzy Identity |
d |
Comment |
Alice |
w={“exam-committee”, “chair”, “system”} |
2 |
Alice can decrypt everything that Bob & Charile can Decrypt. Because |w ∩ w’|>=2 and |w ∩ w’’|>=2 |
Bob |
w’={“exam-committee”, “faculty”, “system”, “usa”} |
3 |
Bob can only decrypt message encrypted with Charlie’s identity as |w’ ∩ w’’|>=3 |
Charlie |
w’’={“exam-committee”, “student”, “system”, “usa”} |
4 |
Charlie cannot decrypt any message that are encrypted with others identity. |
Attribute-based Encryption (or Key-policy ABE):
Access Tree / Key-policy(Ƭ):
Access Policy to be associated with private key where leaf nodes are attributes coming from fuzzy identity.
Account Setup & Key-generation:
Encryption & Decryption:
Example:
Assuming, Alice has the following key policy
Alice can decrypt a file encrypted with the attribute set {“Computer Science”, “Admission committee”}. But she cannot decrypt another ciphertext associated with attributes {“Computer Science”, “program-committee”}.
For more details, see my slideshare note[1].
Referece: