U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NISTIR 8450 (Draft)

Overview and Considerations of Access Control Based on Attribute Encryption

Date Published: May 9, 2023
Comments Due: June 23, 2023
Email Comments to: ir8450-comments@nist.gov


Vincent Hu (NIST)


Access control based on attribute encryption addresses an issue with traditional public-key encryption (PKE) wherein keys need to dynamically change whenever access policies and/or attributes change, which could cause inefficient system performance.

Access control based on attribute encryption supports fine-grained access control for encrypted data and is a cryptographic scheme that goes beyond the all-or-nothing approach of public-key encryption. This document reviews the interplay between cryptography and the access control of attribute-based encryption, including the fundamental theories on which the scheme is based; the various main algorithms of IBE, CP-ABE, and KP-ABE; and considerations for deploying access control systems based on encryption.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.



access control; attribute-based access control; attribute-based encryption; authorization; encryptions; identity-based encryption; public-key encryption
Control Families

None selected


NISTIR 8450 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
05/09/23: NISTIR 8450 (Draft)


Security and Privacy
access authorization; access control; encryption