Ciphertext-policy attribute-based encryption definition
Ciphertext-policy attribute-based encryption (commonly shortened as “CP-ABE”) is a type of ABE cryptographic scheme that incorporates the access policy into the ciphertext. This access policy specifies the conditions under which the encrypted data could be decrypted.
In the CP-ABE scheme, each user and data element is associated with a set of attributes, such as user roles or organizational affiliations. The access policy is formulated using a combination of attributes, and decryption is possible only if the user's attributes match the policy in the ciphertext.
See also: ciphertext, cryptographic key, encryption key, key exchange, secret key, attribute value pair, decryption, cryptographic algorithm, multi-authority attribute-based encryption, key-policy attribute-based encryption
Ciphertext-policy attribute-based encryption algorithms
- Setup: The setup algorithm generally only accepts the security parameter as input, returning the public parameters and a master key.
- Encrypt: The encrypt algorithm accepts the public parameters from the setup algorithm, the message, and the access structure. With this information, it encrypts the message and produces a ciphertext, setting it up so that only users with specific attributes can decrypt it.
- Key generation: The key generation algorithm uses the master key produced by the setup algorithm together with special descriptor attributes to produce a private key.
- Decrypt: The decrypt algorithm ties everything together. It checks if the attributes of the private key from the key generation algorithm meet the public parameters of the setup algorithm — if the attributes are satisfactory, the algorithm decrypts the ciphertext to produce the message.
- Delegate: The delegate algorithm plays an optional part in CP-ABE schemes — only the setup, encrypt, key generation, and decrypt algorithms are actually mandatory for CP-ABE to work. The delegate algorithm lets a user with a private key (from the key generation algorithm) to create new secret keys with specific subsets of attributes.