CIPHERTEXT-POLICY ATTRIBUTE-BASED ENCRYPTION

Developers: John Bethencourt, Amit Sahai (advisory role), Brent Waters (advisory role) License: GPL Added to ACSC: December 1, 2006 Last updated: March 24, 2011 This project provides an implementation of a Ciphertext Policy Attribute-Based Encryption (CP-ABE) system due to Bethencourt, Sahai and Waters. In such a system each users private key is associated with a set of attributes representing their capabilities, and a ciphertext is encrypted such that only users whose attributes satisfy a certain policy can decrypt. For example, we can encrypt a ciphertext such that in a company it can only be decrypted by a someone with attributes Senior and Human Resources or has the attribute Executive . One interesting application of this tool is that we can do Role-Based Access Control (RBAC) without requiring trusted data storage.

Description The cpabe toolkit provides a set of programs implementing a ciphertext-policy attributebased encryption scheme. It uses the PBC library for the algebraic operations. Note that the cpabe toolkit might not compile against versions of PBC older than 0.5.4. The code is split into two packages, libbswabe (a library implementing the core crypto operations) andcpabe (higher level functions and user interface). Be sure to install the library first. In a ciphertext policy attribute-based encryption scheme, each users private key is associated with a set of attributes representing their capabilities, and a ciphertext is encrypted such that only users whose attributes satisfy a certain policy can decrypt. For example, we can encrypt a ciphertext such that in a company it can only be decrypted by a someone with attributes Senior and Human Resources or has the attribute Executive . One interesting application of this tool is that we can do Role-Based Access Control (RBAC) without requiring trusted data storage.

The toolkit provides four command line tools used to perform the various operations of the scheme. They are designed for straightforward invocation by larger systems in addition to manual usage. cpabe-setup generates a public key and a master secret key cpabe-keygen generates a private key with a given set of attributes cpabe-enc encrypts a file according to a policy, which is an expression in terms of attributes cpabe-dec decrypts a file using a private key

cpabe-setup
Generate system parameters, a public key, and a master secret key for use with cpabekeygen, cpabeenc, and cpabedec.Output will be written to the files "pub_key" and "master_key" .

cpabe-keygen
Generate a key with the listed attributes using public key PUB_KEY and master secret key MASTER_KEY. Output will be written to the file "priv_key". Attributes come in two forms: nonnumerical and numerical. Nonnumerical attributes are simply any string of letters, digits, and underscores beginning with a letter. Numerical attributes are specified as attr = N, where N is a nonnegative integer less than 2^64 and attr is another string. The whitespace around the = is optional. One may specify an explicit length of k bits for the integer by giving attr = N#k. Note that any comparisons in a policy given to cpabeenc(1) must then specify the same number of bits, e.g., attr > 5#12. The keywords and, or, and of, are reserved for the policy language of cpabeenc (1) and may not be used for either type of attribute.

cpabe-enc
Encrypt FILE under the decryption policy POLICY using public key PUB_KEY. The encrypted file will be written to FILE.cpabe. The original file will be removed. If POLICY is not specified, the policy will be read from stdin.

cpabe-dec
Decrypt FILE using private key PRIV_KEY and assuming public key PUB_KEY. If the name of FILE is X.cpabe, the decrypted file will be written as X and FILE will be removed. Otherwise the file will be decrypted in place.

POLICY LANGUAGE
Policies are specified using simple expressions of the attributes given to cpabekeygen (1). The most basic policy consists of a single such attribute. It will only match keys produced by giving that attribute (possibly among others) to cpabe-keygen (1). Another type of policy consists of a comparison between an attribute name and a non-negative integer. The following comparisons are allowed: <, >, <=, >=, and =. In this case, the attribute used must be a numerical attribute and specifie d appropriately to cpabe-keygen (1) (see its man page for details). Note that a comparison with an explicit length integer (e.g., "exec_level >= 5#4") can only match an attribute with the same length (so "exec_level = 8#4" will match but "exec_level = 8#5" will not). Policies of these two basic types may be combined using the the keywords and and or (which may not be used as attributes), as shown in the first example above. The and operator has higher precedence than or, and parenthesis may be used to specify other groupings. Policies may also be combined using a threshold gate operator, written as K of (P1, P2, ... PN), where K is a positive integer less than or equal to N, and P1, ... PN are policies. Such a policy will only be satisfied by a key that satisfies at least K of the policies P1, ... PN. An example of the threshold gate operator is included as part of the policy in the second example above. Note that attribute names are case sensitive and must begin with a letter, and the keywords and, or, and of may not be used. Also, & and | are synonyms for and and or.