CP-ABE and KP-ABE

A very basic overview of CP-ABE vs KP-ABE

• Policy vs Attribute

  • attribute describes a person/entity (something they are or they have)
  • policy is a set of conditions a person/entity needs to satisfy with their attributes
  • attributes can be compared to a key an entity has
  • policy can be compared to a lock an encryptor decides

• Ciphertext-Policy Attributed Based Encryption (CP-ABE)

  • policy is embedded inside the ciphertext, attributes are defined on the key
  • Example: a student with their student id card (key with attributes: “cs department”, “grad student”) can only access a certain set of labs or classrooms (locks/ciphertexts with policy) within a school
  • useful if the encryptor is a user/client who want to limit access to data

• Key-Policy Attributed Based Encryption (KP-ABE)

  • policy is embedded within the key, attributes describe the ciphertext
  • Example: a customer with a credit card (key with policy: can only be used on grocery stores for contactless payment) making a payment at a supermarket checkout kiosk (a lock/ciphertext with attributes: accepts cash, accepts contactless cards, a grocery store kiosk)
  • useful if the encryptor is a central authority who needs to delegate access to the data to multiple users

Links

• cp-abe.pdf