A paper that Dr. Amit Sahai and I wrote fifteen years ago recently received some attention. Every year, the International Association for Cryptologic Research (IACR) looks back 15 years and selects three papers presented at its events that have proved to have had an enduring impact. This year the IACR honored our paper “Fuzzy Attribute-Based Encryption” from Eurocrypt 2005, a conference organized by the IACR, with one of its “Test of Time” awards.
What we introduced in that paper was the concept of Attribute-Based Encryption (ABE). This award has been an occasion for me to think back over how this concept has impacted the field of cryptography. I was asked in this article to reflect on what were the research contributions of ABE and why the community cares about it 15 years later. Below I put forward three distinctive ways in which I believe the work has had impact.
First, there is ABE as its own application. Traditionally, encryption was through a limited lens, where my ciphertext is targeted toward one particular individual’s public keys. Using ABE, one can share data according to access control policies. For example, a ride sharing service might encrypt sensitive information and tag it with the attributes of the GPS location of the ride, time and driver’s name. And an employee working for the company could have a policy that allows them to read all data that exist within a certain GPS bounding box of the region and were created after the employee assumed their position. There has been growing interest in industry in deploying ABE. For instance, two years ago ETSI announced standards for ABE with an eye toward deployment in 5G settings. Companies, including NTT, are actively exploring producing ABE solutions.
The second type of contribution involves ABE as a component of building other cryptographic systems. This has had a significant impact in the cryptographic research community where several works have leveraged ABE to get new results. Examples include results on such problems as reusable garbled circuits, traitor tracing and non-interactive zero knowledge proofs, among others. The impact on the research community has been large, with the original paper reaching several thousand citations.
Finally, the spirit and concepts of ABE have inspired us to rethink encryption in even bigger and grander ways. Here is where the idea of functional encryption comes in. Even in ABE, the end goal is to allow or disallow a user to have access to a message. In functional encryption one can allow them to only learn a function of a message. For example, I can allow my mail-server to test whether an encrypted email of mine is spam or not – but learn nothing more. The concept of functional encryption was a product that came out of the rethinking of encryption that started with ABE some 15 years ago.