abenc_ca_cpabe_ar17¶
User Collusion Avoidance CP-ABE (AR17)
Authors: Jiguo Li, Wei Yao, Jinguang Han, Yichen Zhang, Jian Shen
Scheme Properties
Type: ciphertext-policy attribute-based encryption (public key)
Setting: Pairing groups
Assumption: Decisional Bilinear Diffie-Hellman
Implementation
- Authors:
Ahmed Bakr
- Date:
07/2023
- class abenc_ca_cpabe_ar17.AM(group_obj)[source]¶
Bases:
objectAttribute Manager (AM)
- get_minimum_nodes_list_that_represent_users_list(user_names_list: List[str]) List[TreeNode][source]¶
This is represented in the paper as calculating node(Gi)
- class abenc_ca_cpabe_ar17.CaCpabeAr(group_obj)[source]¶
Bases:
ABEnc- add_attribute(user_name, attribute_name, attributes_manager: AM, PP, UMK, users_kek_i, MMK, MPK)[source]¶
This function is executed by AM when an attribute is added to a user. Inputs:
user_name: The name of the user who has an attribute to be added.
attribute_name: To be added attribute name.
attributes_manager: AM.
PP: Public Parameters from the system setup algorithm.
UMK: User Master Key. A value stored privately by TA for each user. Represented as a dictionary, where the user_name is the key and a group element is the value.
users_kek_i: A list privately acquired by AM from TA as part of key_generation function.
- Inputs/Outputs:
MMK: Manager master key represented as a dictionary.
MPK: Manager public key represented as a dictionary.
- Outputs:
- updated_KEK_dict: The key is the user-name of the user whose KEK key is updated and the value is the
updated KEK key value.
- decrypt(PP, CT_tilde, Hdr, DSK, KEK, user_name: str, attributes_manager: AM)[source]¶
This function is used by any user who has sufficient, non revoked attributes to decrypted a message under a specific access policy. Inputs:
PP: Public Parameters from the system setup algorithm.
CT_tilde: Ciphertext after re-encryption by the AM.
Hdr: Header message.
DSK: Attributes decryption keys as in the original CP-ABE paper (abenc_bsw07.py). (shared with the user).
KEK: Key Encryption Keys generated for each attribute hold by the user using the users binary tree
user_name: Username who is decrypting the ciphertext.
attributes_manager: AM.
- Outputs:
M: Recovered message, if the user has the decryption keys of the attributes that satisfy the policy.
- encrypt(PP, MMK, M, A: str, attributes_manager: AM)[source]¶
This function is executed by anyone who wants to encrypt a message with an access policy, then by AM to perform the re-encryption. Inputs:
PP: Public Parameters from the system setup algorithm.
MMK: Manager master key represented as a dictionary.
M: Message to by encrypted.
A: Access policy represented as a boolean expression string.
- Outputs:
CT_dash: Ciphertext.
Hdr: Header message.
- generate_kek_for_user_with_attr(TA_KEK, attr, attributes_manager, user_name)[source]¶
This function is executed by AM and considered as part of key generation procedure. Inputs:
TA_KEK: Preliminary KEK list generated by TA.
attributes_manager: AM.
user_attribute_names_list: Attribute names hold by the user.
user_name: User name.
- Outputs:
KEK: Key Encryption Key generated for a specific attribute hold by the user using the users binary tree generated by AM.
- key_generation(PP, MK, MPK, user_attribute_names_list: List[str], user_name: str, attributes_manager: AM, UMK, users_TA_KEK)[source]¶
This function is responsible for generating the decryption keys used by the user according to his list of attributes. Inputs:
PP: Public Parameters from the system setup algorithm.
MK: TA’s master secret key.
MPK: Manager public key represented as a dictionary.
user_attribute_names_list: Attribute names hold by the user.
user_name: User name.
attributes_manager: AM.
- Inputs/outputs:
UMK: User Master Key. A value stored privately by TA for each user. Represented as a dictionary, where the user_name is the key and a group element is the value.
- Outputs:
DSK: Attributes decryption keys as in the original CP-ABE paper (abenc_bsw07.py). (shared with the user)
KEK: Key Encryption Keys generated for each attribute hold by the user using the users binary tree generated by AM. (shared with the user)
users_TA_KEK: A dictionary that holds the TA KEK for each user. (stored privately by AM)
- local_encryption(A, M, PP)[source]¶
This function is executed by anyone who wants to encrypt a message with an access policy. Inputs:
A: Access policy represented as a boolean expression string.
M: Message to by encrypted.
PP: Public Parameters from the system setup algorithm.
- Outputs:
CT: Ciphertext.
- manager_setup(attribute_names: List[str], PP: {'g': charm.core.math.pairing.G1, 'g_beta': charm.core.math.pairing.G1, 'g_1_over_beta': charm.core.math.pairing.G1, 'e_gg_alpha': charm.core.math.pairing.GT})[source]¶
Manager Setup algorithm performed by AM. Inputs:
attribute_names: The name of attributes that AM is responsible for.
PP: Public Parameters from the system setup algorithm.
- Outputs:
MMK: Manager master key represented as a dictionary.
MPK: Manager public key represented as a dictionary.
- reencryption(CT, MMK, PP, attributes_manager)[source]¶
This function is performed by AM and it is the second part of the encryption procedure.
- revoke_attribute(revoked_user_name, attribute_name, attributes_manager: AM, PP, users_kek_i, MMK, MPK)[source]¶
This function is executed by AM when an attribute is revoked from a user. Inputs:
revoked_user_name: The name of the revoked user.
attribute_name: revoked attribute name.
attributes_manager: AM.
PP: Public Parameters from the system setup algorithm.
users_kek_i: A list privately acquired by AM from TA as part of key_generation function.
- Inputs/Outputs:
MMK: Manager master key represented as a dictionary.
MPK: Manager public key represented as a dictionary.
- Outputs:
- updated_KEK_dict: The key is the user-name of the user whose KEK key is updated and the value is the
updated KEK key value.
- system_setup()[source]¶
System Setup algorithm. This algorithm is performed by TA Inputs:
None
- Outputs:
MK: TA’s master secret key.
PP: Public Parameters.
- user_attributes_kek_generation(TA_KEK, attributes_manager, user_attribute_names_list, user_name)[source]¶
This function is executed by AM and considered as part of key generation procedure. Inputs:
TA_KEK: Preliminary KEK list generated by TA.
attributes_manager: AM.
user_attribute_names_list: Attribute names hold by the user.
user_name: User name.
- Outputs:
KEK: Key Encryption Keys generated for each attribute hold by the user using the users binary tree generated by AM.
- user_attributes_key_gen(MK, MPK, PP, user_attribute_names_list, user_name, UMK)[source]¶
This function is executed by TA and considered as part of key generation procedure. Inputs:
MK: TA’s master secret key.
MPK: Manager public key represented as a dictionary.
PP: Public Parameters from the system setup algorithm.
user_attribute_names_list: Attribute names hold by the user.
user_name: User name.
- Inputs/outputs:
UMK: User Master Key. A value stored privately by TA for each user. Represented as a dictionary, where the user_name is the key and a group element is the value.
- Outputs:
DSK: Attributes decryption keys as in the original CP-ABE paper (abenc_bsw07.py). (shared with the user)
KEK: Key Encryption Keys generated for each attribute hold by the user using the users binary tree generated by AM. It is a preliminary one that will be changed by AM in the next algorithm.
- class abenc_ca_cpabe_ar17.UsersBinaryTree(group_obj)[source]¶
Bases:
objectA binary tree that is used to assign users to leafs in a deterministic way. The tree is created and maintained by the AM.