Attribute-based encryption (ABE) implements fine-grained access control on data where the ability to decrypt a ciphertext is determined by the attributes owned by a user of the system. Hence, data can be stored by an entity that is not necessarily trusted to enforce access control. Moreover, multi-authority variants of ABE extend these capabilities to multiple-domain settings and remove the requirement of having a trusted third party. ABE is typically exemplified in the healthcare setting, where all "nurses" of the hospital "A" can only decrypt certain records whereas "doctors" of the same hospital have access to additional information about the patients. Further, ABE has been proposed to secure the Internet of Things and enforce authorization in cloud systems.
At the CT-RSA 2021 conference, Venema and Alpár presented attacks against 11 ABE and MA-ABE schemes, including the highly cited DAC-MACS scheme with applications to the cloud. In this work, we demonstrate the practicality of the attacks. We have implemented three different types of attacks: a decryption attack against DAC-MACS, where a single user is able to decrypt ciphertexts with policies she cannot satisfy. This user does not even need to collude with other users or corrupt an authority. Second, a decryption attack with corruption of one of the authorities against the YJ14-MA-ABE scheme. And third, a decryption attack against the YCT14 scheme where two users collude in order to obtain a decryption key based on the work of Tan et al. and Herranz (2019).
We implement the attacks in the CHARM cryptographic library and show that the implementations of DAC-MACS, YJ14-MA-ABE and YCT14 schemes provided by this particular library are vulnerable to decryption attacks. Finally, we provide a library implementing the cryptanalytic attacks of Venema and Alpár against the aforementioned ABE schemes and Juypter notebooks, where ABE and the practical attacks against the ABE schemes are illustrated. This library can be used to learn more about the attacks in practice.