MAABE: Multi-Authority Attribute-Based Encryption scheme

Prof Bill Buchanan OBE FRSE
3 min readNov 17, 2024

Last week, I spoke with Brent Waters, who is the co-inventor of ABE [1]:

Brent continued to work on ABE, and, in 2011, he created a decentralised approach [2]:

This creates a multi-authority (MA) attribute-based encryption (ABE) scheme, where we can split the signing of the attributes across different authorities.

Let's say that a student needs to pass Exam 1 and Exam 2 in university or Exam 1 and Exam 2 in college. We can create the policy with:

policy:="((university:exam01 AND auth2:exam01) OR 
(university:exam02 AND auth2:exam02))"

attributes1 :="university:exam01 university:exam02"
attributes2 :="auth2:exam01 auth2:exam02"

Next, we can create the key required:

a := abe.NewMAABE()

// create three authorities, each with two attributes
attribs1 := strings.Split(attributes1, " ")
attribs2 := strings.Split(attributes2, " ")

university, err:= a.NewMAABEAuth("university", attribs1)
college, err:= a.NewMAABEAuth("college", attribs2)

And then encrypt using the public keys from the university and college:


// create a msp struct out of the boolean formula
msp, err := abe.BooleanToMSP(policy, false)

if err != nil {
fmt.Printf("Failed to generate the policy: %v\n", err)
}

// define the set of all public keys we use
pks := []*abe.MAABEPubKey{university.PubKeys(),college.PubKeys()}


// encrypt the message with the decryption policy in msp
ct, err := a.Encrypt(msg, msp, pks)

The decryption then becomes:

    // choose a single user's Global ID
gid := "gid1"

// authority 1 issues keys to user
keys1, err := university.GenerateAttribKeys(gid, attribs1)
key11:= keys1[0]
keys2, err := college.GenerateAttribKeys(gid, attribs2)
key21 := keys2[0]

ks1 := []*abe.MAABEKey{key11,key21} // ok


// try to decrypt all messages
msgRecovered, err := a.Decrypt(ct, ks1)

The full code is [here]:

package main

import (
"fmt"
"os"
"github.com/fentec-project/gofe/abe"
"strings"
)


func main() {

policy:="((university:exam01 AND auth2:exam01) OR (university:exam02 AND auth2:exam02))"


attributes1 :="university:exam01 university:exam02"
attributes2 :="auth2:exam01 auth2:exam02"
msg:="Hello"

argCount := len(os.Args[1:])


if (argCount>0) { msg= (os.Args[1]) }
if (argCount>1) { policy= (os.Args[2]) }
if (argCount>2) { attributes1= (os.Args[3]) }
if (argCount>3) { attributes2= (os.Args[4]) }


a := abe.NewMAABE()

// create three authorities, each with two attributes
attribs1 := strings.Split(attributes1, " ")
attribs2 := strings.Split(attributes2, " ")

fmt.Printf("Attributes1: %v\nAttributes2: %v\nPolicy %v\n\n",attributes1,attributes2,policy)


university, err:= a.NewMAABEAuth("university", attribs1)
college, err:= a.NewMAABEAuth("college", attribs2)

if err != nil {
fmt.Printf("Failed generation authority %s: %v\n", "university", err)
}

// create a msp struct out of the boolean formula
msp, err := abe.BooleanToMSP(policy, false)

if err != nil {
fmt.Printf("Failed to generate the policy: %v\n", err)
}

// define the set of all public keys we use
pks := []*abe.MAABEPubKey{university.PubKeys(),college.PubKeys()}


// encrypt the message with the decryption policy in msp
ct, err := a.Encrypt(msg, msp, pks)
if err != nil {
fmt.Printf("Failed to encrypt: %v\n", err)
}


// choose a single user's Global ID
gid := "Education"

// authority 1 issues keys to user
keys1, err := university.GenerateAttribKeys(gid, attribs1)
key11:= keys1[0]
keys2, err := college.GenerateAttribKeys(gid, attribs2)
key21 := keys2[0]

ks1 := []*abe.MAABEKey{key11,key21} // ok


// try to decrypt all messages
msgRecovered, err := a.Decrypt(ct, ks1)
if err != nil {
fmt.Printf("Error decrypting with keyset 1: %v\n", err)
}


fmt.Printf("Message: %v\nRecovered %v",msg, msgRecovered)






}

If the university provides the attributes for exam01 and exam02, and the college provides attributes for exam01 and exam02, we get:

Attributes1: university:exam01 university:exam02
Attributes2: college:exam01 college:exam02
Policy ((university:exam01 AND college:exam01) OR (university:exam02 AND college:exam02))

Message: Danger, danger!!
Recovered Danger, danger!!

If college only supplies exam01, we get:

Attributes1: university:exam01 university:exam02
Attributes2: college:exam01
Policy ((university:exam01 AND college:exam01) OR (university:exam02 AND college:exam02))

Failed to encrypt: attribute not found in any pubkey

References

[1] Goyal, V., Pandey, O., Sahai, A., & Waters, B. (2006, October). Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security (pp. 89–98).

[2] Lewko, A., & Waters, B. (2011, May). Decentralizing attribute-based encryption. In Annual international conference on the theory and applications of cryptographic techniques (pp. 568–588). Berlin, Heidelberg: Springer Berlin Heidelberg.

--

--

Prof Bill Buchanan OBE FRSE
Prof Bill Buchanan OBE FRSE

Written by Prof Bill Buchanan OBE FRSE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.