Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Attribute-Based Encryption

1 min read
Pronunciation
[at-ruh-byoot beyst en-krip-shuhn]
Analogy
Imagine a magical document that can only be read by people wearing specific badges. For example, a document might be enchanted to be readable only by someone with both a 'Doctor' badge AND a 'Cardiology Department' badge. Attribute-Based Encryption works like this: data is encrypted for a set of attributes, and only users whose private keys are associated with a matching set of attributes can decrypt it.
Definition
A type of public-key encryption where the secret key of a user and the ciphertext are dependent upon attributes (e.g., role, department, location). A user can decrypt a ciphertext if and only if their set of attributes matches the attributes specified in the ciphertext.
Key Points Intro
ABE allows for fine-grained access control to encrypted data based on user attributes rather than specific identities.
Key Points

Enables encryption based on descriptive attributes instead of individual recipient identities.

A user's private key is associated with a set of attributes.

Ciphertexts are encrypted with an access policy (a logical expression over attributes).

A user can decrypt if their attributes satisfy the ciphertext's access policy.

Two main types: Key-Policy ABE (KP-ABE) and Ciphertext-Policy ABE (CP-ABE).

Example
In a hospital system using CP-ABE, a patient's medical record could be encrypted with the policy "(Doctor AND Cardiology) OR (Nurse AND Patient's_Assigned_Ward)". A cardiologist doctor could decrypt it, as could a nurse assigned to that patient's ward, but a doctor from orthopedics could not.
Technical Deep Dive
In Ciphertext-Policy ABE (CP-ABE), ciphertexts are associated with an access policy, and user secret keys are associated with a set of attributes. Decryption is possible if the user's attributes satisfy the policy. In Key-Policy ABE (KP-ABE), the roles are reversed: ciphertexts are labeled with attributes, and user secret keys are associated with an access policy. ABE schemes are often built using pairing-based cryptography. The master secret key is held by a trusted attribute authority, which issues attribute-based secret keys to users.
Security Warning
The security of ABE relies on the trustworthiness of the attribute authority that issues keys. Collusion resistance (preventing users from combining their attributes to decrypt data they shouldn't access individually) is an important security consideration. ABE schemes can be complex to implement correctly.
Related Terms
ABE
Cryptography
Pairing-based Cryptography

Attribute-Based Encryption - Related Articles

No related articles for this term.