Module abe

chie_crypto

Module abe 

Source
Expand description

Attribute-Based Encryption (ABE) for fine-grained access control.

This module provides Ciphertext-Policy ABE (CP-ABE), where access policies are embedded in ciphertexts and user keys are associated with attributes.

§Overview

ABE enables encryption to a set of attributes rather than to specific public keys. Only users whose attributes satisfy the access policy can decrypt.

§Architecture

  • Authority: Generates master keys and issues user keys based on attributes
  • Encryptor: Encrypts data with an access policy (e.g., “admin AND (vip OR premium)”)
  • Decryptor: Can decrypt if their attributes satisfy the policy

§Use Cases in CHIE

  • Content access control based on subscription tiers
  • Geographic restrictions (region attributes)
  • Time-based access (time-period attributes)
  • Role-based access (role attributes)

§Example

use chie_crypto::abe::{AbeAuthority, AccessPolicy, PolicyNode};

// Authority generates master keys
let mut authority = AbeAuthority::new();

// Issue user key with attributes
let user_attrs = vec!["premium".to_string(), "us-region".to_string()];
let user_key = authority.generate_user_key(&user_attrs)?;

// Encrypt with policy: premium AND us-region
let policy = AccessPolicy::and(vec![
    PolicyNode::Attribute("premium".to_string()),
    PolicyNode::Attribute("us-region".to_string()),
]);
let plaintext = b"Premium US content";
let ciphertext = authority.encrypt(&policy, plaintext)?;

// User can decrypt because they have both attributes
let decrypted = authority.decrypt(&user_key, &ciphertext)?;
assert_eq!(decrypted, plaintext);

Structs§

AbeAuthority
ABE authority that manages keys and performs encryption/decryption.
AbeCiphertext
Attribute-based ciphertext.
AccessPolicy
Access policy for CP-ABE encryption.
MasterSecretKey
Master secret key for ABE authority.
UserSecretKey
User secret key containing keys for specific attributes.

Enums§

AbeError
Errors that can occur in ABE operations.
PolicyNode
A node in an access policy tree.

Type Aliases§

AbeResult
Result type for ABE operations.