Attempts to make attribute based encryption work, particularly trying out bn256 pairing curve

EC Pairings over bn256

This is an attempt to solve the core problem of attribute based encryption, where the goal is to be able to use CA-issued attributes to AND together properties to pass a threshold and generate an AES key.

For example, imagine that we have a complete language for and and or combinations....

# encrypt the file TO a boolean threshold
cat resume.pdf | go run cpabe.go -encryptTo '(and age:adult (or citizen:US citizen:NL))' > resume.pdf.encrypted

# decrypt the file WITH a set of attested attributes
cat resume.pdf.encrypted | go run cpabe.go -decryptFrom 'age:adult citizen:US'

This is a form of user-controlled DRM to have a key derivation function that doesn't require that a file is encrypted to any individual. Instead of storing the key literally in some encrypted form; a key-derivation data structure is stored. Users have a set of attested attributes that function like a certificate. The certificate need not have any Personlly Identifying Information in them as well. We can easily transform this into two cases that can possibly match

  • (and age:adult citizen:US)
  • (and age:adult citizen:NL)

If we have a target AES key k that we want to encrypt, then we can store the key xored with a case for attributes AND together.

It is a central problem in AttributeBasedCryptography to ensure that the attributes all come from the SAME user. That way, an adult from UK cannot colude with a non-adult citizen of US to produce a key. This means that we have to defend against legitimate users abusing intermediate steps of computation to elevate their access.

cpabe

Note! I have not yet solved the problem with this. The product rule over un-watermarked attributes creates a problem. f limits collusion to individual files, but I have not yet found a way to decisively force all combined attributes to come from the same user. I have read that it is possible to do this, and that it requires curves like this; so I am using this repo to get to know pairings well enough to eventually figure it out.

Combinations of attributes would create a user profile with O(2^n) items if AND had to be pre-computed for every case; in which case paring would be unnecessary. You could do all of this with simple SHA hashing.

A solution to this problem that is kind of impractical, but would solve it would be that the user has to have the CA explicitly bind together (f,u) to keep the user from figuring out the value of u or 1/u, or f, or 1/f. It is trivial to calculate the inverse of an integer in this group.

Owner
Robert Fielding
Robert Fielding
https://github.com/rfielding/cpabe
Similar Resources

Encryption Abstraction Layer and Utilities for ratnet

What is Bencrypt? Bencrypt is an abstraction layer for cryptosystems in Go, that lets applications use hybrid cryptosystems without being coupled to t

Nov 9, 2022

Go implementation of the Data At Rest Encryption (DARE) format.

Secure IO Go implementation of the Data At Rest Encryption (DARE) format. Introduction It is a common problem to store data securely - especially on u

Dec 18, 2022

A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption

A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption

Jan 4, 2023

Encryption & Decryption package for golang

encdec Encryption & Decryption package for golang func main() { startingTime := time.Now() privKey, pubKey := GenerateRsaKeyPair() fmt.Println("Priva

Feb 11, 2022

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Jan 7, 2023

Easy to use encryption library for Go

encryptedbox EncryptedBox is an easy to use module for Go that can encrypt or sign any type of data. It is especially useful when you must serialize y

Jul 20, 2022

A tool for secrets management, encryption as a service, and privileged access management

A tool for secrets management, encryption as a service, and privileged access management

Deploy HCP Vault & AWS Transit Gateways via Terraform https://medium.com/hashicorp-engineering/deploying-hcp-vault-using-the-hcp-terraform-provider-5e

Nov 23, 2021

TTAK.KO-12.0223 Lightweight Encryption Algorithm with Galois/Counter Mode (LEA-GCM)

LEACrypt The Lightweight Encryption Algorithm (also known as LEA) is a 128-bit block cipher developed by South Korea in 2013 to provide confidentialit

Dec 16, 2022

Functional encryption for images

ImageFE Functional encryption for images. Introduction In the traditional cryptography framework, a decryptor either recovers the entire plaintext fro

Mar 8, 2022
Related tags
Cryptography cpabe
Bitcoin futures curve from Deribit as a JSON webservice

Curve Bitcoin futures curve from Deribit as a JSON webservice Building go build . Running ./curve Expiration date and annualised yield of each contr

Dec 13, 2021
Ekliptic - Primitives for cryptographic operations on the secp256k1 curve, with zero dependencies and excellent performance

Ekliptic This package provides primitives for cryptographic operations on the se

Sep 7, 2022
Lattigo: lattice-based multiparty homomorphic encryption library in Go

Lattigo: lattice-based multiparty homomorphic encryption library in Go Lattigo i

Dec 7, 2022
A work-in-progress Bitcoin wallet based on Output Descriptors

go-wallet A work-in-progress Bitcoin wallet Descriptors go-wallet is designed around Bitcoin Descriptors. It implements a Output Script Descriptors la

May 4, 2022
The minilock file encryption system, ported to pure Golang. Includes CLI utilities.
 The minilock file encryption system, ported to pure Golang. Includes CLI utilities.

Go-miniLock A pure-Go reimplementation of the miniLock asymmetric encryption system. by Cathal Garvey, Copyright Oct. 2015, proudly licensed under the

Nov 28, 2022
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ] || ssh-keygen -t ed25519 scp ~/.ssh/id_ed25519.pub

Dec 30, 2022
DERO Homomorphic Encryption Blockchain Protocol
 DERO Homomorphic Encryption Blockchain Protocol

Homomorphic encryption is a form of encryption allowing one to perform calculations on encrypted data without decrypting it first. The result of the computation is in an encrypted form, when decrypted the output is the same as if the operations had been performed on the unencrypted data.

Dec 27, 2022
Sekura is an Encryption tool that's heavily inspired by the Rubberhose file system.

It allows for multiple, independent file systems on a single disk whose existence can only be verified if you posses the correct password.

Oct 16, 2022
A document encryption solution for the reMarkable 2 ePaper tablet.

Remarkable 2 Encryption This repository contains multiple tools to encrypt the home folder of the reMarkable 2 epaper tablet using gocryptfs. Detailed

Nov 7, 2022
A super easy file encryption utility written in go and under 800kb
 A super easy file encryption utility written in go and under 800kb

filecrypt A super easy to use file encryption utility written in golang ⚠ Help Wanted on porting filecrypt to other programing languages NOTE: if you

Nov 10, 2022