search

ikalchev / kpabe-yct14-cpp

A lightweight Key-Policy Attribute-Based Encryption scheme in C++
Apache License 2.0
19 stars 4 forks source link

AND with more than 15 attributes causes decryption to fail #3

Open wellsaid opened 5 years ago

wellsaid commented 5 years ago

Hello, I was trying to decrypt the secret with a "worst case" policy of all attributes in the universe in AND. See the code below:

#include <vector>
#include <iostream>

#include <pbc/pbc.h>

#include "kpabe.hpp"

using namespace std;

int main() {
   // Setup the scheme
   PrivateParams priv;
   PublicParams pub;
   vector <int> attributeUniverse {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
   setup(attributeUniverse, pub, priv);

   // Create an access policy and derive a key for it.
   // (1 OR 2) AND (3 OR 4)
    Node node1(1);
    Node node2(2);
    Node node3(3);
    Node node4(4);
    Node node5(5);
    Node node6(6);
    Node node7(7);
    Node node8(8);
    Node node9(9);
    Node node10(10);
    Node node11(11);
    Node node12(12);
    Node node13(13);
    Node node14(14);
    Node node15(15);
    Node root(Node::Type::AND, {node1, node2, node3, node4, node5, node6, node7, node8, node9, node10, node11, node12, node13, node14, node15});

   auto key = keyGeneration(priv, root);

   // Create an attribute-based secret (attributes 1 and 3).
   element_s secret;
   //vector<int> encryptionAttributes {1, 3};
   auto Cw = createSecret(pub, attributeUniverse, secret);

   // Recover secret
   element_s recovered;
   recoverSecret(key, Cw, attributeUniverse, recovered);
   cout << element_cmp(&secret, &recovered) << endl; // should be ==0

   for(auto& attrCiPair: Cw) {
      element_clear(&attrCiPair.second);
   }
   Cw.clear();

   // Secret cannto be recovered if the encryption attributes do not satisfy the policy.
   //encryptionAttributes = {1};
   //Cw = createSecret(pub, encryptionAttributes, secret);
   //try {
   //   recoverSecret(key, Cw, encryptionAttributes, recovered);
   //} catch(const UnsatError& e) {
   //   cout << "Unsatisfied" << endl;
   //}

   return 0;
}

The fact is that for more than 15 attributes in AND the library fails to decrypt the secret. The line:

cout << element_cmp(&secret, &recovered) << endl; // should be ==0

gives 1.

Is this a library limitation or a bug?

ikalchev commented 5 years ago

This probably a bug. When you do an AND, the secret for the AND node is distributed by generating a n+1-degree polynomial, where n is the number of children. I suppose x^15 overflows somewhere and messes up stuff. I need to check this.