{"id":74097,"date":"2023-12-12T15:28:13","date_gmt":"2023-12-12T07:28:13","guid":{"rendered":"https:\/\/version-2.com\/?p=74097"},"modified":"2023-12-08T15:32:19","modified_gmt":"2023-12-08T07:32:19","slug":"a-quick-dive-into-identity-and-attribute-based-encryption","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2023\/12\/a-quick-dive-into-identity-and-attribute-based-encryption\/","title":{"rendered":"A quick dive into identity- and attribute-based encryption"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Securing data and communications with genuine encryption is not a simple process, as anyone who has ever dealt with S\/MIME or PGP can attest. The biggest problem is the trusted public key exchange. You can download a random public key from a server, but how can you trust that this key is also the right one for your intended recipient? That\u2019s where identity-based and attribute-based encryption comes into play.<\/p>

<\/p><\/div>

\u00a0<\/div>

Identity-based encryption<\/b><\/h2>

Wouldn\u2019t it be great if we could just encrypt emails directly with a key derived from the email of the recipient? This question was first formalized by Adi Shamir, the co-inventor of the Rivest-Shamir-Adleman algorithm, or RSA, in 1984. The resulting cryptographic concept was called \u201cidentity-based encryption.\u201d It took another 17 years until this concept was proven to be secure by Dan Boneh and Matt Franklin using the Weil Pairing.<\/p>

Identity-based encryption (IBE) solves the problem of trusted public key distribution by letting users calculate the public key of recipients based on their identifier. An identifier can be any kind of string \u2014 the email address of the recipient, for example. The concept introduces a central authority whose job it is to generate respective private keys for identifiers.<\/p>

\"\"<\/span>\"Simplified<\/span><\/p>

Simplified overview of Identity-Based Encryption<\/p><\/div>

Since the sender (let\u2019s call her Alice) can calculate the recipient’s (Bob\u2019s) public key offline based on his email address, Bob doesn\u2019t even have to exist in the system yet. When Bob registers in the system, he just requests his private key from the central identity authority and then decrypts the data.<\/p>

This design also solves the problem of key expiration \u2014 a complicated procedure in classic trusted web applications usually requiring expiring certificates. By making the identifier user+currentYear()@example.com, Alice forces Bob to request a new private key from the central authority every year.<\/p>

Bob could also act as his own central authority, allowing Alice to send emails that could only be decrypted by certain departments. Imagine a scenario in which Bob is a company administrator and he needs to be able to view all company emails. However, he also wants to make sure that no department can decrypt emails from any other departments. The solution? Bob can set up a central authority and Alice can send emails to security@company.com, press@company.com, and info@company.com (all hypothetical email addresses invented for this example), each encrypted under their own identity public key. Best of all, these emails could all go to the same inbox without compromising confidentiality.<\/p>

So why is identity-based encryption not used widely for email encryption? The biggest hurdle to this system is setting up the central identity authority to manage the generation of private keys. That might be practical in a company where it\u2019s not unusual for administrators to have a master key to access employee data, but what about other non-corporate contexts?<\/p>

Imagine that you have an image that you would like to show to your doctor \u2014 an X-ray from a previous appointment, for example. Maybe the doctor needs to consult another specialist, like a radiographer. You would like to encrypt your X-ray image in such a way that it could be shared among doctors and specialists.<\/p>

Identity-based encryption wouldn\u2019t allow the first recipient (your doctor) to safely share the data with someone else. For that, we would need something more flexible that would allow us to embed access policies within a message\u2019s ciphertext. We need attribute-based encryption.<\/p>

Attribute-based encryption<\/b><\/h2>

Attribute-based encryption (ABE) is the next generation of identity-based encryption. Instead of binding public keys to identity strings, they are instead bound to attributes.<\/p>

Relying on attributes allows the sender to craft a ciphertext over a chosen access policy, combining different attributes with \u201cand\u201d\/\u201cor\u201d gates to formalize access conditions. This approach is called ciphertext-policy attribute-based encryption (CP-ABE).<\/p>

You can also do it the other way around \u2014 associate the user\u2019s key with an access policy. Doing so is known as key-policy attribute-based encryption (KP-ABE). Similar to identity-based encryption, an attribute authority is responsible for managing attributes and their private and public key pairs. The owner of the attribute authority has global decryption power over all its attributes.<\/p>

It is simple to make and own an attribute-based encryption scheme. Let\u2019s introduce a central attribute authority, which stores a map of attribute identifiers to (normal, RSA) public keys. For example, imagine the following mappings:<\/p>

<\/p>

Map of attribute identifiers to RSA public keys<\/p><\/div>

If Alice would like to craft a ciphertext that can only be decrypted by general doctors who have her as a client, she would encrypt her secret text like this:<\/p>

Cipher_client-alice = enc(text, PB_client-alice)<\/b><\/span>
Cipher_client-alice&general-doctor = enc(Cipher_client-alice, PB_general-doctor)<\/b><\/span><\/p>

Note that Alice herself doesn\u2019t need to have access to the attributes. Only people who have access to both private keys of the attribute \u201chas Alice as a client\u201d and \u201cgeneral doctor\u201d can decrypt the ciphertext. First Bob removes the outer layer of encryption by providing the \u201chas Alice as a client\u201d private key and then additionally applying the \u201cgeneral doctor\u201d private key to retrieve the plain text.<\/p>

Additionally, Alice would like to give all radiographers (Charlie) access to her photo scan. She creates the following ciphertext:<\/p>

Cipher_x-ray-specialist = enc(text, PB_x-ray-specialist)<\/b><\/span><\/p>

She can now combine both ciphertexts into one message and send it to her doctor:<\/p>

Cipher_x-ray-specialist || (client-alice&general-doctor) =<\/b><\/span>
Cipher_x-ray-specialist || Cipher_client-alice&general-doctor<\/b><\/span><\/p>

As we can see, the ciphertext can be decrypted by radiographers (who will decrypt the first part of the ciphertext) or by any general doctor who has Alice as a client (decrypting the second part of the ciphertext).<\/p>

<\/p>

Overview of an insecure Attribute-Based Encryption system which is vulnerable to collusion<\/p><\/div>

As with most simple cryptography schemes, this system has some issues. In this case, our simple ABE schema is not collusion resistant. That means that if Eve is a general doctor and Dave is a psychologist who has Alice as a client, nothing stops Dave from just providing Eve with the private key for the attribute \u201chas Alice as a client,\u201d allowing Eve to escalate access.<\/p>

Attribute-based encryption schemas must be collusion resistant. In practice, collusion resistant means that even if users exchange private attribute keys, they cannot gain additional knowledge about plaintexts beyond their access level.<\/p>

This could be done, for example, by creating an individual user-bound attribute private key for each attribute, essentially combining the identity element from identity-based encryption with attributes. Additionally, ciphertext should not grow in size the more policies are added to them. Contradictorily, in our self-made schema, a ciphertext would grow larger and larger if we had multiple \u201cor\u201d conditions in our access policy.<\/p>

Nevertheless, one problem remains. The central attribute authority can globally decrypt ciphertexts, allowing it to impersonate any user and issue any attribute to itself. Having this trusted central authority in the medical context is a bad idea, since medical information is highly sensitive and should only be decryptable and accessible by authorized parties. For the corporate context, attribute-based encryption makes more sense because an administrator could issue attributes to users and is allowed to decrypt and access any file in the company. But what if we have multiple companies, each with its own attribute authority?<\/p>

Multi-authority attribute-based encryption<\/b><\/h2>

Multi-authority attribute-based encryption (MA-ABE) is an attribute-based encryption variation where multiple attribute authorities are responsible for managing distinct attributes. Why don’t we set up multiple individual attribute authorities? Well, we still want to be able to combine attributes from other companies with attributes from our own company to enable cross-company sharing.<\/p>

<\/p>

Overview of an Multi-Authority Attribute-Based Encryption system for different companies<\/p><\/div>

Overview of an Multi-Authority Attribute-Based Encryption system for different companies<\/p>

In such a system, it becomes a problem to establish globally known parameters for each attribute authority. MA-ABE introduces a new central server that is responsible for setting up new attribute authorities and bootstrapping the system overall.<\/p>

Early MA-ABE schemes required this central server to have global decryption power over all attribute authorities. On the other hand, modern MA-ABE schemes such as DAC-MACS<\/a> (effective data access control for multi-authority cloud storage systems) are close to what we need to implement for MA-ABE in real-world scenarios because they don\u2019t require the central server to have global decryption power.<\/p>

MA-ABE offers some useful new approaches to data encryption:<\/p>

  3. Proxy-decryption is a technique where a server helps the user during decryption. It does so by using the user’s private attribute keys. As the ciphertext is additionally protected with the user’s identifier (IBE), confidentiality is not compromised. Proxy-decryption can be used to help mobile clients with the computationally intensive decryption process.<\/p><\/div><\/li><\/ol>

    Is MA-ABE ready to be deployed in modern secure cloud storage solutions such as NordLocker Business or NordPass Business? Personally, I would say no.<\/p>

    Even though the modern MA-ABE schemes fulfill most of the security requirements for end-to-end encrypted cloud storage systems, their system implementation is complex, and the underlying cryptographic principles like pairings are not yet widely adopted in cryptographic libraries. In addition, pairing operations are computationally intensive and not suitable for mobile devices, which require low power consumption for a good user experience.<\/p>

    With the world shifting increasingly further to the mobile side, proxy-decryption might help to decrease the computational overhead on the mobile device, but it requires the user to be always online to access their encrypted files. Finally, MA-ABE can only be cryptographically beneficial if users change their attitudes around encrypting files \u2014 away from sharing data with individuals, and towards attributing access policies over their data. It is yet to be seen if users and companies are willing to adopt this mindset change.<\/p>

    The existence and proven security of attribute-based and identity-based encryption schemes show that we are just scratching the surface of what is cryptographically possible with elliptic curves. However, the practical applicability of schemes in real-world scenarios is yet to be seen.<\/p><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t
    \t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    About Version 2 Digital<\/h3>

    Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

    \nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    About NordLayer
    <\/strong>NordLayer is an adaptive network access security solution for modern businesses \u2013 from the world\u2019s most trusted cybersecurity brand, Nord Security.<\/p>

    The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Is the modern cybercriminal a solitary figure acting as […]<\/p>\n","protected":false},"author":149011790,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[973,1075,1130,61],"tags":[974,1076,1132],"class_list":["post-74097","post","type-post","status-publish","format-standard","hentry","category-nord-security","category-year2023","category-nordlayer","category-press-release","tag-nord-security","tag-1076","tag-nordlayer"],"acf":[],"yoast_head":"\nA quick dive into identity- and attribute-based encryption - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A quick dive into identity- and attribute-based encryption - Version 2\" \/>\n<meta property=\"og:description\" content=\"Is the modern cybercriminal a solitary figure acting as […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-12T07:28:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/images.ctfassets.net\/5natoedl294r\/dLg3wb8dZPSIuuFdioQJz\/3e0e766ce8506b4b2dc364515d6fe0ba\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/12\\\/a-quick-dive-into-identity-and-attribute-based-encryption\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"A quick dive into identity- and attribute-based encryption\",\"datePublished\":\"2023-12-12T07:28:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/12\\\/a-quick-dive-into-identity-and-attribute-based-encryption\\\/\"},\"wordCount\":2364,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/images.ctfassets.net\\\/5natoedl294r\\\/dLg3wb8dZPSIuuFdioQJz\\\/3e0e766ce8506b4b2dc364515d6fe0ba\\\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp\",\"keywords\":[\"Nord Security\",\"2023\",\"NordLayer\"],\"articleSection\":[\"Nord Security\",\"2023\",\"NordLayer\",\"Press Release\"],\"inLanguage\":\"zh-HK\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/12\\\/a-quick-dive-into-identity-and-attribute-based-encryption\\\/\",\"url\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption\",\"name\":\"A quick dive into identity- and attribute-based encryption - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/images.ctfassets.net\\\/5natoedl294r\\\/dLg3wb8dZPSIuuFdioQJz\\\/3e0e766ce8506b4b2dc364515d6fe0ba\\\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp\",\"datePublished\":\"2023-12-12T07:28:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption#primaryimage\",\"url\":\"https:\\\/\\\/images.ctfassets.net\\\/5natoedl294r\\\/dLg3wb8dZPSIuuFdioQJz\\\/3e0e766ce8506b4b2dc364515d6fe0ba\\\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp\",\"contentUrl\":\"https:\\\/\\\/images.ctfassets.net\\\/5natoedl294r\\\/dLg3wb8dZPSIuuFdioQJz\\\/3e0e766ce8506b4b2dc364515d6fe0ba\\\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nordsecurity.com\\\/blog\\\/identity-and-attribute-based-encryption#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A quick dive into identity- and attribute-based encryption\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A quick dive into identity- and attribute-based encryption - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption","og_locale":"zh_HK","og_type":"article","og_title":"A quick dive into identity- and attribute-based encryption - Version 2","og_description":"Is the modern cybercriminal a solitary figure acting as […]","og_url":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption","og_site_name":"Version 2","article_published_time":"2023-12-12T07:28:13+00:00","og_image":[{"url":"https:\/\/images.ctfassets.net\/5natoedl294r\/dLg3wb8dZPSIuuFdioQJz\/3e0e766ce8506b4b2dc364515d6fe0ba\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp","type":"","width":"","height":""}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"tracylamv2","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"11 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption#article","isPartOf":{"@id":"https:\/\/version-2.com\/2023\/12\/a-quick-dive-into-identity-and-attribute-based-encryption\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"A quick dive into identity- and attribute-based encryption","datePublished":"2023-12-12T07:28:13+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2023\/12\/a-quick-dive-into-identity-and-attribute-based-encryption\/"},"wordCount":2364,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption#primaryimage"},"thumbnailUrl":"https:\/\/images.ctfassets.net\/5natoedl294r\/dLg3wb8dZPSIuuFdioQJz\/3e0e766ce8506b4b2dc364515d6fe0ba\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp","keywords":["Nord Security","2023","NordLayer"],"articleSection":["Nord Security","2023","NordLayer","Press Release"],"inLanguage":"zh-HK"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2023\/12\/a-quick-dive-into-identity-and-attribute-based-encryption\/","url":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption","name":"A quick dive into identity- and attribute-based encryption - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption#primaryimage"},"image":{"@id":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption#primaryimage"},"thumbnailUrl":"https:\/\/images.ctfassets.net\/5natoedl294r\/dLg3wb8dZPSIuuFdioQJz\/3e0e766ce8506b4b2dc364515d6fe0ba\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp","datePublished":"2023-12-12T07:28:13+00:00","breadcrumb":{"@id":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption#primaryimage","url":"https:\/\/images.ctfassets.net\/5natoedl294r\/dLg3wb8dZPSIuuFdioQJz\/3e0e766ce8506b4b2dc364515d6fe0ba\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp","contentUrl":"https:\/\/images.ctfassets.net\/5natoedl294r\/dLg3wb8dZPSIuuFdioQJz\/3e0e766ce8506b4b2dc364515d6fe0ba\/An_talk_with_Mark_T._Hofman_web_cover_1400x800.png?w=1080&q=75&fit=fill&fm=webp"},{"@type":"BreadcrumbList","@id":"https:\/\/nordsecurity.com\/blog\/identity-and-attribute-based-encryption#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"A quick dive into identity- and attribute-based encryption"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/zh\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-jh7","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/74097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=74097"}],"version-history":[{"count":4,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/74097\/revisions"}],"predecessor-version":[{"id":74102,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/74097\/revisions\/74102"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=74097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=74097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=74097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}