Ciphertext-Policy Attribute-Based Encryption
| Package: | cpabe-0.7.tar.gz, libbswabe-0.7.tar.gz |
| License: | GPL |
| Developers: | John Bethencourt, Amit Sahai (advisory role), Brent Waters (advisory role) |
| Contact: | bethenco@cs.berkeley.edu |
| Added to ACSC: | December 1, 2006 |
| Last updated: | October 22, 2007 |
Description
The cpabe toolkit provides a set of programs implementing a ciphertext-policy attribute-based encryption scheme. It uses the PBC library for the algebraic operations.
The code is split into two packages, libbswabe (a library implementing the core crypto operations) and cpabe (higher level functions and user interface). Be sure to install the library first.
In a ciphertext policy attribute-based encryption scheme, each user’s private key is associated with a set of attributes representing their capabilities, and a ciphertext is encrypted such that only users whose attributes satisfy a certain policy can decrypt. For example, we can encrypt a ciphertext such that in a company it can only be decrypted by a someone with attributes “Senior” and “Human Resources” or has the attribute “Executive ”. One interesting application of this tool is that we can do Role-Based Access Control (RBAC) without requiring trusted data storage.
The toolkit provides four command line tools used to perform the various operations of the scheme. They are designed for straightforward invocation by larger systems in addition to manual usage.
Thanks to Ryan Moriarty and Eric Lin for bug reports.
Documentation
To try out the tools, take a look at the quickstart tutorial. Also, man pages for each of the four programs in the toolkit are available online.
- Quickstart Tutorial
- cpabe-setup – generates a public key and a master secret key
- cpabe-keygen – generates a private key with a given set of attributes
- cpabe-enc – encrypts a file according to a policy, which is an expression in terms of attributes
- cpabe-dec – decrypts a file using a private key
Bugs and Limitations
None known, but like many other things on the ACSC this is research quality software and should not be used in any application actually requiring security. If you find any bugs, an email (or even a patch!) directed to John Bethencourt would be appreciated.
Papers
The scheme is implemented as described in the following paper.