Key-policy attribute-based encryption
(also KP-ABE)
Key-policy attribute-based encryption definition
Key-policy attribute-based encryption (commonly shortened as “KP-ABE”) is a type of ABE that associates access policies with decryption keys rather than ciphertext. Users can only decrypt the ciphertext if their key attributes match the specified policy.
See also: ciphertext, cryptographic key, encryption key, key exchange, secret key, attribute value pair, decryption, cryptographic algorithm, multi-authority attribute-based encryption, ciphertext-policy attribute-based encryption
How key-policy attribute-based encryption works
Like traditional ABE, KP-ABE is built on the concept of attributes that serve as conditions for access to protected data. These attributes are generally tied to the user — for example, they may relate to the user’s position at work or the company they work at). Unlike traditional ABE, however, KP-ABE includes the access policy in the decryption key rather than the ciphertext.
Each user is issued a key based on their attributes, and the key encapsulates a policy that dictates which attributes are required for decryption. When a user wants to decrypt data, they present their decryption key to the system. The system checks if the user’s attributes satisfy the access policy associated with the key, granting access only if they meet the stated conditions.