Universität Paderborn » SFB 901 » Projects » Tools & Demonstration Systems » CrACo

CrACo - Cryptographic Access Control Tool for Large Scale Systems

The goal of the CrACo Tool is to implement novel cryptographic schemes for access control in a prototypical environment in order to demonstrate the main facets of these schemes. Hence, the main focus of our implementation, is not on efficiency, but on flexibility of our libraries. We implement our cryptographic libraries in Java from scratch and integrated them into Java Cryptography Architecture (JCA).

Cryptographic library

In the CrACo Tool we implement all the cryptographic primitives, algorithms and schemes from scratch. This approach was required because we also use our libraries as a basis for the implementation on smart cards and the analysis of side-channels attacks in pairing-based cryptography. Hence, we have own implementation of several pairing algorithms with different properties and further necessary cryptographic primitives and algorithms.

Based on the cryptographic primitives we realized our own CCA-secure attribute-based and predicate-based schemes as well as some known CPA-secure attribute-based schemes. Furthermore, we also consider some additional functionality such as distributed realization of central authorities and their realization.

Further functionality

Modeling of access policies is one of the most important steps on the way to realization of large scale systems from attribute-based techniques. Whereas theoretical schemes usually use mathematical constructions like Monotone Span Programs in order to describe the access rights, these are not intuitive and hence not suitable for those, who wants to define the access right. In CrACo Tool the access rights can be defined in form of threshold trees, which are then transformed into Monotone Span Programs.

Anonymous reputation systems

Additionally to the main functionality for access control, the CrACo Tool also realizes and demonstrates the functionality of our anonymous reputation system based on group signatures. This system uses the same cryptographic primitives as attribute-based schemes but also require some further primitives like commitment schemes and zero-knowledge proofs of knowledge, which are also realized in our cryptographic library.


The CrACo Tool has been developed by subproject C1. If you have any questions, please contact research staff from Subproject C1.