Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Ciphertext-policy attribute-based encryption

Ciphertext-policy attribute-based encryption

(also CP-ABE)

Ciphertext-policy attribute-based encryption definition

Ciphertext-policy attribute-based encryption (commonly shortened as “CP-ABE”) is a type of ABE cryptographic scheme that incorporates the access policy into the ciphertext. This access policy specifies the conditions under which the encrypted data could be decrypted.

In the CP-ABE scheme, each user and data element is associated with a set of attributes, such as user roles or organizational affiliations. The access policy is formulated using a combination of attributes, and decryption is possible only if the user’s attributes match the policy in the ciphertext.

See also: ciphertext, cryptographic key, encryption key, key exchange, secret key, attribute value pair, decryption, cryptographic algorithm, multi-authority attribute-based encryption, key-policy attribute-based encryption

Ciphertext-policy attribute-based encryption algorithms

  • Setup: The setup algorithm generally only accepts the security parameter as input, returning the public parameters and a master key.
  • Encrypt: The encrypt algorithm accepts the public parameters from the setup algorithm, the message, and the access structure. With this information, it encrypts the message and produces a ciphertext, setting it up so that only users with specific attributes can decrypt it.
  • Key generation: The key generation algorithm uses the master key produced by the setup algorithm together with special descriptor attributes to produce a private key.
  • Decrypt: The decrypt algorithm ties everything together. It checks if the attributes of the private key from the key generation algorithm meet the public parameters of the setup algorithm — if the attributes are satisfactory, the algorithm decrypts the ciphertext to produce the message.
  • Delegate: The delegate algorithm plays an optional part in CP-ABE schemes — only the setup, encrypt, key generation, and decrypt algorithms are actually mandatory for CP-ABE to work. The delegate algorithm lets a user with a private key (from the key generation algorithm) to create new secret keys with specific subsets of attributes.

Further reading

Ultimate digital security