he's not specifying which system he is encrypting with. in RSA, an encrypt with private key is a signature. the stuff he is doing with id/salt looks different. i am going to not judge it yet. attribute-based-encryption (cp-abe) is what led me here.

9:00 is very similar to where I ended up as well. There is a way to do things like ((a and c) or d) to allow for key calculation. My problem was that no matter how I attacked it, I could take my attributes (a,b,d) for myself, and collude with another certificate holder that had (e,c) to forge access to ((a and c) or d). The trick is to somehow watermark all attributes as being from the same certificate; so that users cannot combine them. This is actually hard; and probably involves Elliptic Curve Pairings to make it work. The easy part is representing it as an OR of AND circuit. The hard part is making sure that there are no intermediate steps that let a malicious pair of certificate owners to get access to an intermediate step to combine attributes from different certs. What is this useful for? It's for things like issuing badges that can decrypt any file (encrypted in the future or the past) where the boolean circuit holds. Things like encrypting files to security clearances, etc. The other hard part is to encode UNBOUNDED attributes. A small set, such as numbers from 0..1000 to encode access is easier. But there are a large number of email addresses, so you can't enumerate them.

Shah Quadri ... specifically what crypto primitives did you use? I can't figure out curve pairings. I can do simple demos of the concept using hashes, and RSA .... but both of them fall to attacks on the intermedicate steps. Usually due to something akin to multiplication distributing over addition.

Did you get java implementation of cpabe?

Did you get it?

No