Welcome to the Partially Decryptable Ciphertext Policy Attribute-Based Encryption (CP-ABE) Scheme! This repo implements a CP-ABE scheme that allows for partial decryption, providing fine-grained access control securely and efficiently.π
- About the Project
- Features and Contributions
- Getting Started
- Examples
- Construction Details
- Modified Data Structure
- Formal Verification
- Performance Comparison and Evaluation
- Limitations and Future Work
- How to Contribute
- License
- Disclaimer
β¨ This scheme is a research-based implementation aimed at enhancing data security through attribute-based encryption with partial decryption capabilities. This project leverages advanced cryptographic techniques to ensure that only authorized users can decrypt specific parts of the encrypted data.
- π Fine-Grained Access Control: Specify detailed 8000 access policies using attributes.
- ποΈ Multi-Message Encryption: Tailored for scenarios requiring the encryption of multiple messages simultaneously, this scheme allows encryptors to apply a single set of attributes and an access policy across various messages, streamlining the encryption process and improving efficiency.
- π² Redesigned Access Tree Structure: We've re-engineered the access tree architecture in CP-ABE to better accommodate the encryption of multiple messages. Nodes within the access tree are optimized to share with different message policies, significantly reducing the overall structural complexity.
- π Efficient Encryption and Decryption: Since the nodes can be shared with different sub-tree, our scheme reduces the number of costly bilinear pairing computations, leading to faster and more resource-efficient operations.
- β‘ Partial Decryption: Allow users to decrypt only the parts of the ciphertext they have access to. Input multiple data items, and only a single encrypted output.
- π₯ User Collusion Resistance: Building on the solutions proposed in this paper, our scheme is supporting user collusion resistance.
π You can use any of the following methods to set up the required runtime environment for the scheme. We have also built a Docker image for this environment, and we highly recommend using Docker for quick configuration:
# Assume that you have already installed Docker on your local device.
# More info: https://docs.docker.com/engine/install/
# Pull the image from Docker Hub
docker pull xinzhang9091/partially-decryptable-cpabe
# Start the Docker container
docker run -it --name pd-cpabe-container xinzhang9091/partially-decryptable-cpabe
# If you want to test whether the installed version works correctly, you can run the preconfigured pytest suite.
# Note: This might take some time depending on the performance of your device.
cd Tests/pytest/
pytest
# You should see 53 tests passed if all the components are working as expected on your container.
# To test with your own input, follow the commands below and modify the code in the file, then run the test commands accordingly.
cd ../../Examples/
# Use nano or you can install or use any editor that you like to modify the example.py
# Run the example file
python example.py# Testing OS: Ubuntu-22.04.4-desktop-amd64
# Assume your desktop path is <DESKTOP_PATH>, please substitute it to the corresponding value
# Clone the repo
git clone https://github.com/LimeFavoredOrange/PD-CP-ABE.git
# Get into the directory
cd CPABE/Setup/
# Run the setup script
bash install.sh
# Test whether the installation is successful
# Some tests will be skipped, but it should pass almost all the tests
make test
# Go back to the repo and play around with it
cd <DESKTOP_PATH>/PD-CP-ABEThe above script sets up the dependencies and environment required to run charm-crypto. It primarily includes:
- Python 3.7.17 [https://www.python.org/downloads/release/python-3717/]
- Pyparsing [http://pyparsing.wikispaces.com/]
- GMP 5.x [http://gmplib.org/]
- PBC (latest) [http://crypto.stanford.edu/pbc/news.html]
- OPENSSL [http://www.openssl.org/]
β¬ Download the files needed for interaction? -> Click to download the file bundle (.zip)
To give users a hands-on experience with our scheme, we have deployed a simple server that allows you to quickly explore the functionality of our solution. You can fork the API collection using the Postman button below. The server currently supports the following features:
- Hello Check: This endpoint checks if the server is running properly. If everything is operational, the server will return "Hello, World!!!" as the response.
- Generate Access Key: This feature generates an access key based on the provided attribute set and user information. After receiving the response, save the access key locally by using the save option in the upper right corner of the Postman response window. The access key is returned as a JSON file.
- Encryption: Encrypt the provided information using this feature. Once the response is received, save the encrypted data locally through the Postman response window. The encrypted data is returned as a ZIP file.
- Decryption: This feature decrypts the encrypted information. After receiving the response, save the decrypted data locally through the Postman response window. The decrypted data is returned as a JSON file.
Please note that this server is a simple deployment hosted on an old desktop, so its performance might be limited. However, within the Server directory of this repository, we have provided a basic server script that you can run on your local machine to simulate the server interactions. (And you need to install flask on your local environment)
Dive into the practical application of our CP-ABE scheme with the example.py script located in the Examples folder. This script is your gateway to experimenting with the full capabilities of our encryption system. Follow these steps to see the scheme in action:
Initialize the encryption scheme's parameters with setup. This prepares the system by setting up the initial environment parameters.
# Setup the scheme
mpk, msk = target.setup()Generate private access keys based on a set of attributes with Key Generation. This function crafts keys that are pivotal for decrypting messages encrypted under corresponding policies.
# The variable is used to represent the user's attributes
user_attributes = ["A", "B"]
# The variable is used to represent the user's ID, which can be uniquely identified by the system
# I use the user's name as the user's ID in this example, to make it easier to understand
user_name = "Alice"
# Generate the key for the user
key = target.keygen(mpk, msk, user_attributes, user_name)Save the generated private keys locally using export_key_to_file. The keys are stored in the same directory as key.pkl, ensuring they are readily available for future decryption processes.
abe_utils.export_key_to_file(target.group, "key", key)Encrypt a list of messages with corresponding access policies using encrypt. This function secures your data under the defined conditions, making sure only those with matching attributes can decrypt it.
ct, data = target.encrypt(mpk, messages, access_policies)After encryption, export the ciphertexts to local storage with export_ciphers_to_file. It creates a folder named after the provided name and saves ciphers.pkl and data.pkl inside it, encapsulating all necessary encrypted data.
# Save the ciphertext to a file
abe_utils.export_ciphers_to_file(target.group, ct, data, "ciphers")Load a previously saved access key from a local file with read_key_from_file. Retrieve the encrypted messages from local storage using read_ciphers.
# Read the key from the file
key = abe_utils.read_key_from_file(target.group, "key")
# Read the ciphertext from the file
ct, data = abe_utils.read_ciphers(target.group, "ciphers")Attempt to decrypt the loaded ciphertexts using the decrypt function.
result = target.decrypt(data, key, ct)At the beginning of example.py, several variables are initialized to provide encryption data. Feel free to modify these to fit your testing needs.
Dive into the architecture of our Partially Decryptable Ciphertext Policy Attribute-Based Encryption (CP-ABE) Scheme. This section breaks down the main functions of the scheme, providing insights into its implementation and operational mechanics.
The Setup(Ξ») β (MPK, MSK) function is run by the service provider (SP) for system initialization. The SP inputs a security parameter
$H_1:\ \{0,1\}^* \rightarrow G_0$ $H_2:\ G_T \rightarrow \mathbb{Z}_p$ $H_3:\ \{0,1\}^* \rightarrow \mathbb{Z}_p$
The CA randomly selects MPK) as:
Then, the CA sets the following:
$h_1 = g^{\beta_1^{-1}}$ $h_2 = g^{\beta_2^{-1}}$ $h_3 = g^{\beta_3^{-1}}$
Finally, the CA randomly chooses MSK) is defined as:
The keygen(MPK, MSK, S_i) β (SK_i) function is executed by the data owner (DO) to generate private keys for users. For the
For all
The Encrypt(MPK, cki, T) β (CT) function is executed by the data owner (DO) for encryption. The DO randomly selects
Next, the DO chooses a
The Decrypt(MPK, CT, SK_i) β (ck_i) function is executed by the data user (DU) to decrypt the ciphertext. DU computes
For non-leaf node $x$ , DU calculates $F_x$ with the Lagrange coefficient $\Delta_{i,S'_x}(0)$ and $F_z$ :
If DU's attribute set meets the part or whole hierarchical tree
Finally, DU recovers
In the PD-CP-ABE scheme, we have redesigned the data structure used to represent access structures, which plays a crucial role in generating encryption parameters and implementing access control during the encryption and decryption processes. The access structure is typically represented as a tree in traditional CP-ABE. The root node corresponds to the symmetric encryption key, leaf nodes represent attribute nodes, and intermediate nodes are threshold nodes that connect other nodes. For example, if the access policy is (Family and Trusted) or (Manager and Legal) and (Family and Trusted) or (Manager or Legal), the corresponding access tree would look like this:
Now, consider a scenario where there are N messages to be encrypted, each with a corresponding access policy. This would result in N separate access policies, each generating its access tree, leading to N encrypted files.
Traditional schemes do not account for the scenario of encrypting multiple messages simultaneously. In our scheme, we address this by redesigning the data structure and integrating features of both linked lists and tree structures. This new design allows for the use of a single integrated tree to encapsulate all different access policies. As a result, even if there are N messages to be encrypted, only one access tree is needed, resulting in a single encrypted file.
Our modified data structure enables the integration of multiple access policies and leverages the shared structure properties to s B428 peed up the encryption and decryption processes. This is achieved by reusing computation results from shared nodes.
For the same access policy, (Family and Trusted) or (Manager and Legal) and (Family and Trusted) or (Manager or Legal), our data structure is as follows:
In our data structure, there is no longer a single root node. Instead, each key pair is associated with the corresponding atom node. The process begins by generating an atom node for each key. Next, we extract the attribute set
For the security and reliability of PD-CP-ABE, we have rigorously modeled and tested the scheme using formal verification techniques.
We utilized the Tamarin Prover, a security protocol verification tool that supports both falsification (attack finding) and unbounded verification (proving) in the symbolic model. We have used it to verify the secrecy, integrity, and collusion-resistance properties of our scheme. Our formal verification scripts and specifications can be found in the /Formal_Verification directory.
Formal verification ensures that the cryptographic system adheres to its specified security properties by mathematically proving that all possible protocol executions conform to the expected outcomes.
The PD_CP_ABE.spthy file located in /Formal_Verification defines the behavior and properties of our scheme, including encryption, key generation, and decryption. It is written in the multiset rewriting rules and captures the following security goals:
-
Secrecy of the Encrypted Data
- Purpose: Ensures that encrypted messages, keys, and user IDs remain confidential unless explicitly revealed (e.g., via
RevealMSK). - Key Lemmas:
secret_message_and: Proves that messages encrypted under AND-based policies remain confidential unless the master secret key (MSK) is explicitly revealed.secret_message_or: Demonstrates that messages encrypted with OR-based policies are confidential under the same premise.secret_master_secret_key: Ensures that the MSK itself remains secret unless an explicit reveal action occurs.secret_user_key_and,secret_user_key_or: Verifies that user access keys generated under both AND and OR policies remain secret.secret_message_multi: In multi-message encryption, all messages remain confidential unless the MSK is leaked.
- Purpose: Ensures that encrypted messages, keys, and user IDs remain confidential unless explicitly revealed (e.g., via
-
Collusion Resistance
- Purpose: Prevents users with different sets of attributes from combining their private keys to gain unauthorized access to messages.
- Key Lemma:
collusion_resistance: Demonstrates that colluding users with partial access cannot combine keys to decrypt an AND-policy encrypted message.
-
Key Consistency and Uniqueness
- Purpose: Ensures that the same user consistently receives the same key for the same attribute set and prevents duplication.
- Key Lemmas:
consistent_key_generation_for_same_user: Verifies that the same user always receives the same key for the same attribute set.consistent_key_generation_for_same_user_or: The OR-based equivalent, ensuring consistent key generation for OR policies.unique_key_for_and: Ensures that no duplicate AND-policy keys are generated for the same user and attributes.unique_user_registration: Confirms that user IDs are registered uniquely, avoiding duplicate identities.
-
Non-Malleability of Ciphertext
- Purpose: Ensures that attackers cannot alter the ciphertext to produce a valid ciphertext that decrypts to a different message.
- Key Lemmas:
non_malleability: Confirms that AND-policy ciphertexts cannot be modified to decrypt as different messages.non_malleability_or: Ensures the same for OR-policy ciphertexts.
-
Correctness of Decryption
- Purpose: Ensures that only users with the correct attributes and keys can decrypt messages.
- Key Lemmas:
only_decrypt_with_right_attributes_and: Verifies that decryption of AND-policy ciphertexts requires the correct AND-policy keys.only_decrypt_with_right_attributes_or: Confirms that OR-policy decryption is valid only when the user possesses at least one required attribute.decrypt_with_encrypted_message_and,decrypt_with_encrypted_message_or: Ensures the ciphertext being decrypted corresponds to a legitimate encryption event.only_correct_user_can_decrypt: Prevents decryption if the userβs ID does not match the encrypteduid.
-
Multi-Message Encryption Consistency
- Purpose: Ensures that multiple encrypted messages are handled correctly and cannot be partially decrypted outside of the userβs access rights.
- Key Lemmas:
consistency_multi_message_output: Confirms that decrypted messages match the original encrypted content in multi-message scenarios.multi_message_decryption_*: Ensures users can only decrypt the parts of the multi-message encryption for which they have matching attributes.
-
Attribute Collision Prevention and Ciphertext Distinction
- Purpose: Prevents key reuse attacks and attribute collision issues.
- Key Lemmas:
different_users_generate_different_keys: Ensures that different users receive distinct keys for the same attribute set.encryption_different_for_different_users: Confirms that different users receive distinct AND-encrypted ciphertexts for the same policy.encryption_different_for_different_users_or: Confirms the same for OR-encrypted ciphertexts.no_attribute_collision: Ensures that the same attribute set cannot be reused across different encryption events.unique_ciphertext_multi_users: Ensures that ciphertexts generated for different users in multi-message encryption remain distinct.
PD_CP_ABE.spthy: The formal specification file written in the Tamarin Prover's input language (spthy). This file defines the systemβs rules, events, and lemmas.proofs/: This folder contains proof outputs and logs for reference.
| Lemma Name | Description | Purpose |
|---|---|---|
secret_message_and |
Proves that messages encrypted under AND-based policies remain confidential unless the MSK is revealed. | Ensures secrecy of AND-encrypted messages. |
secret_message_or |
Demonstrates that messages encrypted with OR-based policies remain secret unless the MSK is revealed. | Ensures secrecy of OR-encrypted messages. |
secret_user_key_or |
Verifies that OR-policy keys remain confidential and cannot be inferred by unauthorized users. | Confirms key secrecy for OR-policy keys. |
secret_user_key_and |
Ensures that keys generated under AND policies remain confidential. | Confirms key secrecy for AND-policy keys. |
collusion_resistance |
Prevents colluding users from combining keys to gain unauthorized access. | Prevents unauthorized key combination for AND policies. |
non_malleability |
Prevents valid ciphertexts from being modified to decrypt to a different message. | Ensures the integrity of AND-policy ciphertexts. |
non_malleability_or |
Same as non_malleability but for OR-based ciphertexts. |
Ensures integrity for OR-policy ciphertexts. |
unique_user_registration |
Ensures that each uid is registered only once by a unique entity. |
Maintains unique user registration consistency. |
consistent_key_generation_* |
Confirms that keys for the same attributes and user remain consistent across protocol runs. | Prevents inconsistencies or duplications in key generation. |
only_decrypt_with_right_attributes_and |
Verifies that only users with matching AND-policy keys can decrypt the message. | Prevents unauthorized decryption of AND-policy ciphertexts. |
consistency_multi_message_output |
Ensures that the decrypted multi-message content matches the original encrypted messages. | Confirms the integrity of multi-message encryption. |
PD_CP_ABE.spthy file for more details.
To run the formal verification locally:
-
Install the Tamarin Prover
Follow the official installation instructions from Tamarin's website. -
Navigate to the Formal Verification Directory
cd /Formal_Verification -
Execute the Tamarin Prover Run the verification process:
tamarin-prover PD_CP_ABE.spthy --derivcheck-timeout=20 --prove
Or if you want to use a GUI to show the proof step by step, you can run the following command instead. Which will run a local server on http://127.0.0.1:3001
tamarin-prover interactive PD_CP_ABE.spthy --derivcheck-timeout=20
-
Interpret the Results The output will display verification success or failure for each lemma, indicating whether the properties hold. This is the summary output for the provided model.
============================================================================== summary of summaries: analyzed: PD_CP_ABE.spthy processing time: 1747.08s executable_system_setup (exists-trace): verified (2 steps) unique_system_setup (all-traces): verified (2 steps) executable_reveal_MSKey (exists-trace): verified (3 steps) executable_user_registration (exists-trace): verified (2 steps) executable_generate_attributes (exists-trace): verified (3 steps) executable_generate_key_or (exists-trace): verified (6 steps) executable_generate_key_and (exists-trace): verified (7 steps) executable_create_access_policy (exists-trace): verified (4 steps) executable_encrypt_message_and (exists-trace): verified (5 steps) executable_encrypt_message_or (exists-trace): verified (5 steps) executable_decrypt_message_or (exists-trace): verified (6 steps) executable_decrypt_message_and (exists-trace): verified (6 steps) executable_encrypt_message_multi_orand (exists-trace): verified (4 steps) executable_encrypt_message_multi_andor (exists-trace): verified (4 steps) executable_decrypt_message_multi_orand_first_only (exists-trace): verified (6 steps) executable_decrypt_message_multi_orand_both (exists-trace): verified (7 steps) executable_decrypt_message_multi_andor_second_only (exists-trace): verified (6 steps) executable_decrypt_message_multi_andor_both (exists-trace): verified (7 steps) executable_attacker_equality (exists-trace): verified (4 steps) executable_broker (exists-trace): verified (30 steps) executable_encrypt_message_multi (exists-trace): verified (4 steps) executable_decrypt_message_multi (exists-trace): verified (15 steps) secret_message_and (all-traces): verified (7 steps) secret_message_or (all-traces): verified (8 steps) secret_user_key_or (all-traces): verified (7 steps) secret_user_key_and (all-traces): verified (8 steps) secret_master_secret_key (all-traces): verified (5 steps) secret_user_id (all-traces): verified (54 steps) secret_message_multi (all-traces): verified (18 steps) collusion_resistance (all-traces): verified (28 steps) only_decrypt_with_right_attributes_and (all-traces): verified (11 steps) only_decrypt_with_right_attributes_or (all-traces): verified (16 steps) decrypt_with_encrypted_message_and (all-traces): verified (234 steps) decrypt_with_encrypted_message_or (all-traces): verified (234 steps) consistency_check (all-traces): verified (10 steps) no_decryption_without_key (all-traces): verified (3 steps) only_correct_user_can_decrypt (all-traces): verified (9 steps) only_correct_user_can_decrypt_or (all-traces): verified (9 steps) consistency_multi_message_output (all-traces): verified (2 steps) multi_message_decryption_partial_orand (all-traces): verified (1 steps) multi_message_decryption_full_orand (all-traces): verified (9 steps) multi_message_decryption_full_andor (all-traces): verified (9 steps) multi_message_decryption_partial_andor (all-traces): verified (1 steps) unique_key_for_and (all-traces): verified (10 steps) unique_user_registration (all-traces): verified (2 steps) consistent_key_generation_for_same_user (all-traces): verified (9 steps) consistent_key_generation_for_same_user_or (all-traces): verified (8 steps) different_users_generate_different_keys (all-traces): verified (10 steps) encryption_different_for_different_users (all-traces): verified (2 steps) encryption_different_for_different_users_or (all-traces): verified (2 steps) non_malleability (all-traces): verified (8 steps) non_malleability_or (all-traces): verified (8 steps) no_attribute_collision_diff_key (all-traces): verified (2 steps) no_attribute_collision (all-traces): verified (11 steps) unique_ciphertext_multi_users (all-traces): verified (2 steps) ==============================================================================
All security properties specified in the PD_CP_ABE.spthy file passed verification with no counterexamples found. This validates the robustness of our encryption scheme and confirms its security properties.
For further analysis and transparency, detailed proof logs and verification summaries are provided in the proofs/ folder. These artifacts can be used to reproduce the results and inspect the internal proof steps.
Proof_PD_CP_ABE.spthy is available, which can be loaded directly into the GUI.
To assess the performance of our encryption scheme, we deployed it on a machine with the following configuration:
- CPU: Intel(R) Xeon(R) CPU E5-2420 v2 @ 2.20GHz
- Memory: 64 GB DDR3
- Operating System: Debian GNU/Linux 12 (bookworm)
We compared our scheme against the foundational CP-ABE scheme proposed by John Bethencourt, Amit Sahai, and Brent Waters (link). For this comparison, we refer to their scheme as bsw07. The following functionalities were tested through practical runs:
- Setup: A basic test to measure the initialization performance of the schemes.
- Keygen: Performance was tested using 5, 10, 20, and 30 attributes as parameters for key generation.
- Encryption/Decryption: Performance was tested using varying numbers of messages (5, 10, 30, 50, 100, 160, 320, 640, 1280, and 1500) as input. To simulate real-world scenarios, approximately and randomly 50 messages shared the same access policy.
Each test was run 10 times, and the average result for each was calculated. The data obtained from these tests is presented in the following charts:
| Setup Performance | Keygen Performance |
|---|---|
| Encryption Performance | Decryption Performance |
|---|---|
| Scheme | Average Execution Time (s) | Standard Deviation (s) | Median Execution Time (s) |
|---|---|---|---|
| bsw07 | 0.041434 | 0.000498 | 0.041600 |
| PD-CP-ABE | 0.010532 | 0.000093 | 0.010526 |
| Attributes/Atoms | Scheme | Average Execution Time (s) | Standard Deviation (s) | Median Execution Time (s) |
|---|---|---|---|---|
| 5 | bsw07 | 0.025796 | 0.000137 | 0.025766 |
| 5 | PD-CP-ABE | 0.029930 | 0.000063 | 0.029921 |
| 10 | bsw07 | 0.077731 | 0.028465 | 0.070258 |
| 10 | PD-CP-ABE | 0.078379 | 0.028437 | 0.071980 |
| 20 | bsw07 | 0.103540 | 0.005346 | 0.101476 |
| 20 | PD-CP-ABE | 0.128467 | 0.047085 | 0.100659 |
| 30 | bsw07 | 0.151705 | 0.007741 | 0.146871 |
| 30 | PD-CP-ABE | 0.178180 | 0.055502 | 0.150279 |
| Attributes/Atoms | Scheme | Average Execution Time (s) | Standard Deviation (s) | Median Execution Time (s) |
|---|---|---|---|---|
| 5 | bsw07 | 0.151322 | 0.004748 | 0.148440 |
| 5 | PD-CP-ABE | 0.165196 | 0.053204 | 0.137183 |
| 10 | bsw07 | 0.249540 | 0.002493 | 0.248810 |
| 10 | PD-CP-ABE | 0.316717 | 0.056390 | 0.288832 |
| 30 | bsw07 | 0.689024 | 0.003680 | 0.687811 |
| 30 | PD-CP-ABE | 0.542301 | 0.001850 | 0.541834 |
| 50 | bsw07 | 1.306776 | 0.114855 | 1.249850 |
| 50 | PD-CP-ABE | 0.729781 | 0.005455 | 0.727972 |
| 100 | bsw07 | 2.458105 | 0.092807 | 2.427438 |
| 100 | PD-CP-ABE | 0.858643 | 0.084340 | 0.830338 |
| 160 | bsw07 | 3.672614 | 0.023932 | 3.662233 |
| 160 | PD-CP-ABE | 0.857414 | 0.005710 | 0.855492 |
| 320 | bsw07 | 6.790536 | 0.123901 | 6.748860 |
| 320 | PD-CP-ABE | 0.861576 | 0.016801 | 0.855744 |
| 640 | bsw07 | 13.253056 | 0.108999 | 13.186858 |
| 640 | PD-CP-ABE | 0.887924 | 0.084230 | 0.859781 |
| 1280 | bsw07 | 26.905652 | 0.269045 | 26.797514 |
| 1280 | PD-CP-ABE | 0.892573 | 0.084457 | 0.864324 |
| 1500 | bsw07 | 31.552992 | 0.199178 | 31.470533 |
| 1500 | PD-CP-ABE | 0.871881 | 0.016854 | 0.866368 |
| Attributes/Atoms | Scheme | Average Execution Time (s) | Standard Deviation (s) | Median Execution Time (s) |
|---|---|---|---|---|
| 5 | bsw07 | 0.039626 | 0.002317 | 0.039823 |
| 5 | PD-CP-ABE | 0.035808 | 0.000097 | 0.035819 |
| 10 | bsw07 | 0.039665 | 0.001077 | 0.039295 |
| 10 | PD-CP-ABE | 0.070226 | 0.000217 | 0.070216 |
| 30 | bsw07 | 0.098162 | 0.002947 | 0.097221 |
| 30 | PD-CP-ABE | 0.129051 | 0.001769 | 0.128305 |
| 50 | bsw07 | 0.170649 | 0.004676 | 0.169118 |
| 50 | PD-CP-ABE | 0.150873 | 0.000244 | 0.150878 |
| 100 | bsw07 | 0.354277 | 0.010101 | 0.349085 |
| 100 | PD-CP-ABE | 0.181611 | 0.000216 | 0.181640 |
| 160 | bsw07 | 0.567469 | 0.011939 | 0.562536 |
| 160 | PD-CP-ABE | 0.187640 | 0.000217 | 0.187663 |
| 320 | bsw07 | 1.108902 | 0.024803 | 1.096368 |
| 320 | PD-CP-ABE | 0.189139 | 0.000384 | 0.189170 |
| 640 | bsw07 | 2.194026 | 0.043844 | 2.176572 |
| 640 | PD-CP-ABE | 0.189400 | 0.000239 | 0.189345 |
| 1280 | bsw07 | 4.378460 | 0.093277 | 4.344427 |
| 1280 | PD-CP-ABE | 0.190331 | 0.000626 | 0.190113 |
| 1500 | bsw07 | 5.111895 | 0.104495 | 5.064959 |
| 1500 | PD-CP-ABE | 0.190233 | 0.000253 | 0.190196 |
When comparing the two encryption schemes, bsw07 and PD-CP-ABE, we not only focus on the average execution time, but also consider multiple aspects, including variance analysis, execution time stability, and scalability with different attributes/atom numbers.
-
Setup Time Analysis:
- Average Execution Time: The
PD-CP-ABEscheme significantly outperformsbsw07in setup time, with an average execution time of 0.010532 seconds compared to 0.041434 seconds forbsw07. - Variance (Standard Deviation): The standard deviation for
PD-CP-ABE(0.000093 seconds) is considerably lower than that forbsw07(0.000498 seconds), suggesting thatPD-CP-ABEnot only executes faster but also does so with greater consistency and predictability.
- Average Execution Time: The
-
Key Generation (Keygen) Analysis:
- Performance at Lower Attribute Levels (5 and 10): At 5 attributes,
bsw07exhibits a marginally faster average execution time (0.025796 seconds) compared toPD-CP-ABE(0.029930 seconds). - Performance at Higher Attribute Levels (20 and 30): As the complexity increases (20 and 30 attributes), bsw07 maintains a performance advantage with lower average execution times (0.103540 seconds and 0.151705 seconds, respectively) compared to
PD-CP-ABE(0.128467 seconds and 0.178180 seconds).
- Performance at Lower Attribute Levels (5 and 10): At 5 attributes,
-
Encryption Performance
- Scalability and Efficiency: For a smaller number of atoms (5 and 10),
bsw07is slightly more efficient, with lower average encryption times. However, as the number of atoms increases (from 30 atoms onwards),PD-CP-ABEbecomes more efficient, offering significantly lower encryption times. - Consistency: The standard deviation for
PD-CP-ABEis generally higher than forbsw07at a smaller number of atoms, indicating more variability in performance. However, as the number of atoms increases, the standard deviation ofPD-CP-ABEremains relatively stable, indicating consistent performance despite the increased complexity.
- Scalability and Efficiency: For a smaller number of atoms (5 and 10),
-
Decryption Performance
- Performance Across atom Levels: Across all the atom levels,
PD-CP-ABEconsistently outperformsbsw07in decryption time. The difference is particularly notable at higher atom levels (640, 1280, 1500), wherePD-CP-ABEdecrypts in approximately 0.19 seconds, whilebsw07takes significantly longer (up to 5.111895 seconds at 1500 atoms). - Variance: The standard deviation for
PD-CP-ABEremains extremely low across all atom levels, demonstrating that its decryption performance is not only faster but also highly consistent.
- Performance Across atom Levels: Across all the atom levels,
- In the initial setup phase of the encryption scheme,
PD-CP-ABEnot only outperforms bsw07 in performance, but its execution time is also more stable, indicating that our scheme is very efficient in the deployment phase and does not require high computing power in the deployment environment. - In the key generation phase,
bsw07performs better thanPD-CP-ABE, especially when the key has more attributes. However, the difference between the two is not large, the difference is less than 1 second. Compared with the performance difference between the two in encryption and decryption, we believe that the performance difference in key generation has minimal impact. - Encryption/Decryption: The choice between
bsw07andPD-CP-ABEfor encryption depends on the complexity of the task. For low-complexity tasks,bsw07may offer slightly better performance, but as the complexity increases,PD-CP-ABEprovides substantial efficiency gains.
In conclusion, the PD-CP-ABE scheme demonstrates clear advantages for applications that require CP-ABE encryption of multiple messages, such as digital wills. Not only does it offer efficient system setup, but it also provides superior performance in both encryption and decryption, particularly as the number of messages or the number of shared access policies increases. Although PD-CP-ABE exhibits relatively weaker performance in key generation compared to bsw07, the impact on overall scheme efficiency is minimal when weighed against its other performance benefits.
Currently, the PD-CP-ABE scheme supports access control based solely on the presence or absence of attributes about the access policy. While this is effective for many scenarios, it limits the expressiveness of the access control. A significant area for future work is the extension of the scheme to support attribute-based conditions that involve specific attribute values. For example, instead of simply verifying the existence of an "age" attribute, the scheme could be enhanced to evaluate conditions such as age > 20. This would allow for more granular and dynamic access control policies.
π Contributions are welcome! If you would like to contribute to the development of this project, please follow these steps:
- Fork the repository.
- Create a new branch (
git checkout -b feature/YourFeature). - Commit your changes (
git commit -m 'Add some feature'). - Push to the branch (
git push origin feature/YourFeature). - Open a pull request.
Please make sure to update tests as appropriate.
Distributed under the MIT License. See LICENSE for more information.
This project is intended solely for research and academic purposes. The implementations provided here are proof-of-concept and have not been optimized or thoroughly tested for use in production environments. The authors have performed corresponding unit tests on the scheme and obtained 100% test coverage. For details, please click the codecov link at the top.
Users should be aware that applying this code in a production setting carries inherent risks, including but not limited to potential security vulnerabilities and performance inefficiencies. By using this code, you acknowledge that any use of this project in a production environment is at your own risk, and the authors of this project are not responsible for any damages or losses that may occur. We recommend conducting thorough testing and reviews if you intend to adapt this work for any production-level applications.