Software

Looking for a cryptography library that supports attribute-based encryption?


Zeutro offers professional cryptographic software libraries that support a variety of attribute-based encryption (ABE) algorithms, industry standard cryptographic functions and tools, and an intuitive application programming interface (API). These libraries allow developers to seamlessly incorporate ABE technology into applications that would benefit from ABE to protect and control access to sensitive data.

Choose your solution below:

ABE Libraries at a Glance

The Zeutro Toolkit (ZTK) includes all the functionality of OpenABE and additional functionalities not included in OpenABE, some of which are patented by Zeutro.


OpenABE
Zeutro Toolkit (ZTK)
Content-based ABE Support
Role-based ABE Support
Zeutro's Patented Multi-authority ABE Support
-
Zeutro's Patented Key Storage Support
Collusion Resistant
Best Practices (CCA) Security
Unrestricted Attributes
any string, repeat unlimited times
any string, repeat unlimited times
Types of Policies
boolean trees
boolean trees and more
Software License
AGPL
Commercial

What cryptographic algorithms are implemented in these libraries?

OpenABE and the ZTK offer several attribute-based encryption (ABE) schemes together with other core cryptographic functionalities such as authenticated symmetric-key encryption, public key encryption, digital signatures, X.509 certificate handling, key derivation functions, pseudorandom generators and more.

To make ABE as secure and user-friendly as possible, the following features are provided by default in Zeutro libraries:

  1. Collusion-Resistant: Common pitfall in ABE scheme development; Alice and Bob should not be able to combine their private keys to decrypt a ciphertext that neither can decrypt on their own. Note: any attempt to "engineer" ABE from standard public key encryption usually falls to this attack.

  2. Chosen Ciphertext Attack (CCA) Secure: Prevents serious and practical tampering attacks; most existing schemes in the academic literature only satisfy a weaker security notion (CPA-security).

  3. Unrestricted Attributes: Attributes can be represented by any string (alternative: must enumerate every current and future attribute at system initialization) and can be used an unlimited number of times in a policy.

OpenABE and the ZTK come with support for efficient and optimized implementations of content-based and role-based ABE schemes. If your application requires multi-authority ABE (Zeutro's US Patent No. 8516244), that comes in Zeutro's Toolkit (ZTK) that is available for commercial license.

OpenABE and the ZTK come with support for efficiently managing an ABE keystore (e.g., a method for storing and selecting private ABE keys for decryption of ABE ciphertexts), which is an essential part of any practical ABE implementation. See Zeutro's US Patent No. 9209974.

For more cryptographic details of OpenABE, see the OpenABE Design Document.

What types of attributes and policies are supported?

While some ABE systems limit the types of attributes or the number of times they can appear in a policy, Zeutro’s ABE solutions were designed to avoid such restrictions. Any alphanumeric string can be an attribute and the attribute set is not restricted or fixed at system initialization time. The set of attributes you will use can be anything you want and will likely be specific to your application. OpenABE and the ZTK currently support access control policies that are boolean formulas over the attributes, because we believe this offers the best balance of efficiency and practicality for most applications. If your application requires something more, reach out to us.

What kind of performance can I expect?

Our ABE implementations have been optimized for superior performance. For the types of ABE algorithms supported, running times and ciphertext and key sizes scale linearly with the number of attributes used. For most applications, in our experience and even with hundreds of attributes, the overhead of the ABE/ZTK functions is dwarfed by other factors such as network latency.

What platforms are supported by the libraries?

They can be installed in the following environments:

  • Debian 7-9 and Ubuntu (12.04+)
  • CentOS 6/7 and Red Hat Linux 6/7
  • Mac OS X (10.8+)
  • Windows 7+ (via MINGW)
  • Android (NDK r10e)

Copyright and License

OpenABE and the Zeutro Toolkit are copyrighted by Zeutro, LLC with all rights reserved.

Our software licensing is offered according to a dual licensing scheme. OpenABE is licensed under the terms of the GNU Affero General Public License (AGPL) as published by the Free Software Foundation, version 3 (or later). You can be released from the requirements of AGPL and obtain additional features by purchasing a commercial license to the Zeutro Toolkit (ZTK). The ZTK includes all the functionality of OpenABE and additional functionalities not included in OpenABE, some of which are patented by Zeutro. Buying a commercial license is mandatory if you engage in activities involving OpenABE that do not comply with the open source requirements of AGPL. Contact us for more information.