Ciphertext-Policy Attribute-Based Encryption

Package: cpabe-0.11.tar.gz, libbswabe-0.9.tar.gz
License: GPL
Developers: John Bethencourt, Amit Sahai (advisory role), Brent Waters (advisory role)
Added to ACSC: December 1, 2006
Last updated: March 24, 2011


The cpabe toolkit provides a set of programs implementing a ciphertext-policy attribute-based encryption scheme. It uses the PBC library for the algebraic operations. Note that the cpabe toolkit might not compile against versions of PBC older than 0.5.4.

The code is split into two packages, libbswabe (a library implementing the core crypto operations) and cpabe (higher level functions and user interface). Be sure to install the library first.

In a ciphertext policy attribute-based encryption scheme, each user’s private key is associated with a set of attributes representing their capabilities, and a ciphertext is encrypted such that only users whose attributes satisfy a certain policy can decrypt. For example, we can encrypt a ciphertext such that in a company it can only be decrypted by a someone with attributes “Senior” and “Human Resources” or has the attribute “Executive ”. One interesting application of this tool is that we can do Role-Based Access Control (RBAC) without requiring trusted data storage.

The toolkit provides four command line tools used to perform the various operations of the scheme. They are designed for straightforward invocation by larger systems in addition to manual usage.

Thanks to Michael Braun, Eric Lin, Jó Ágila Bitsch Link, Ryan Moriarty, and Zhang Ronggang for bug reports and patches.


To try out the tools, take a look at the quickstart tutorial. Also, man pages for each of the four programs in the toolkit are available online.

  • Quickstart Tutorial
  • cpabe-setup – generates a public key and a master secret key
  • cpabe-keygen – generates a private key with a given set of attributes
  • cpabe-enc – encrypts a file according to a policy, which is an expression in terms of attributes
  • cpabe-dec – decrypts a file using a private key

Bugs and Limitations

None known, but like many other things on the ACSC this is research quality software and should not be used in any application actually requiring security. If you find any bugs, an email (or even a patch!) directed to John Bethencourt would be appreciated.

Jó Ágila Bitsch Link has done some work on integrating the tools with MacPorts, so you may wish to get in touch with him if you have questions about that.


The scheme is implemented as described in the following paper.