Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Our Results and Techniques
New Results and Future Impact
References
All Topics
Computer Science

A Simple and Generic Approach to Dynamic Collusion Model

Profile image of rishab goyalrishab goyal

2022, IACR Cryptol. ePrint Arch.

visibility

description

28 pages

link

1 file

Abstract

Functional Encryption (FE) is a powerful notion of encryption which enables computations and partial message recovery of encrypted data. In FE, each decryption key is associated with a function f such that decryption recovers the function evaluation f(m) from an encryption of m. Informally, security states that a user with access to function keys skf1 , skf2 , . . . (and so on) can only learn f1(m), f2(m), . . . (and so on) but nothing more about the message. The system is said to be q-bounded collusion resistant if the security holds as long as an adversary gets access to at most q = q(λ) decryption keys. In the last decade, numerous works have proposed many FE constructions from a wide array of algebraic and general cryptographic assumptions, and proved their security in the bounded collusion model. However, until very recently, all these works studied bounded collusion resistance in a static model, where the collusion bound q was a global system parameter. While the static collus...

Related papers

Verifiable Functional Encryption
Amit Sahai

Advances in Cryptology – ASIACRYPT 2016, 2016

In light of security challenges that have emerged in a world with complex networks and cloud computing, the notion of functional encryption has recently emerged. In this work, we show that in several applications of functional encryption (even those cited in the earliest works on functional encryption), the formal notion of functional encryption is actually not sufficient to guarantee security. This is essentially because the case of a malicious authority and/or encryptor is not considered. To address this concern, we put forth the concept of verifiable functional encryption, which captures the basic requirement of output correctness: even if the ciphertext is maliciously generated (and even if the setup and key generation is malicious), the decryptor is still guaranteed a meaningful notion of correctness which we show is crucial in several applications. We formalize the notion of verifiable function encryption and, following prior work in the area, put forth a simulation-based and an indistinguishability-based notion of security. We show that simulationbased verifiable functional encryption is unconditionally impossible even in the most basic setting where there may only be a single key and a single ciphertext. We then give general positive results for the indistinguishability setting: a general compiler from any functional encryption scheme into a verifiable functional encryption scheme with the only additional assumption being the Decision Linear Assumption over Bilinear Groups (DLIN). We also give a generic compiler in the secret-key setting for functional encryption which maintains both message privacy and function privacy. Our positive results are general and also apply to other simpler settings such as Identity-Based Encryption, Attribute-Based Encryption and Predicate Encryption. We also give an application of verifiable functional encryption to the recently introduced primitive A.

View PDFchevron_right
Multi-input Functional Encryption
Amit Sahai

Advances in Cryptology – EUROCRYPT 2014, 2014

We introduce the problem of Multi-Input Functional Encryption, where a secret key sk f can correspond to an n-ary function f that takes multiple ciphertexts as input. We formulate both indistinguishability-based and simulation-based definitions of security for this notion, and show close connections with indistinguishability and virtual black-box definitions of obfuscation. Assuming indistinguishability obfuscation for circuits, we present constructions achieving indistinguishability security for a large class of settings. We show how to modify this construction to achieve simulationbased security as well, in those settings where simulation security is possible.

View PDFchevron_right
Controlled Functional Encryption
Shashank Agrawal

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

Motivated by privacy and usability requirements in various scenarios where existing cryptographic tools (like secure multi-party computation and functional encryption) are not adequate, we introduce a new cryptographic tool called Controlled Functional Encryption (C-FE). As in functional encryption, C-FE allows a user (client) to learn only certain functions of encrypted data, using keys obtained from an authority. However, we allow (and require) the client to send a fresh key request to the authority every time it wants to evaluate a function on a ciphertext. We obtain efficient solutions by carefully combining CCA2 secure public-key encryption (or rerandomizable RCCA secure public-key encryption, depending on the nature of security desired) with Yao's garbled circuit. Our main contributions in this work include developing and formally defining the notion of C-FE; designing theoretical and practical constructions of C-FE schemes achieving these definitions for specific and general classes of functions; and evaluating the performance of our constructions on various application scenarios.

View PDFchevron_right
On the Practical Security of Inner Product Functional Encryption
Shashank Agrawal

Lecture Notes in Computer Science, 2015

Functional Encryption (FE) is an exciting new paradigm that extends the notion of public key encryption. In this work we explore the security of Inner Product Functional Encryption schemes with the goal of achieving the highest security against practically feasible attacks. While there has been substantial research effort in defining meaningful security models for FE, known definitions run into one of the following difficulties-if general and strong, the definition can be shown impossible to achieve, whereas achievable definitions necessarily restrict the usage scenarios in which FE schemes can be deployed. We argue that it is extremely hard to control the nature of usage scenarios that may arise in practice. Any cryptographic scheme may be deployed in an arbitrarily complex environment and it is vital to have meaningful security guarantees for general scenarios. Hence, in this work, we examine whether it is possible to analyze the security of FE in a wider variety of usage scenarios, but with respect to a meaningful class of adversarial attacks known to be possible in practice. Note that known impossibilities necessitate that we must either restrict the usage scenarios (as done in previous works), or the class of attacks (this work). We study real world loss-of-secrecy attacks against Functional Encryption for Inner Product predicates constructed over elliptic curve groups. Our main contributions are as follows: • We capture a large variety of possible usage scenarios that may arise in practice by providing a stronger, more general, intuitive framework that supports function privacy in addition to data privacy, and a separate encryption key in addition to public key and master secret key. These generalizations allow our framework to capture program obfuscation as a special case of functional encryption, and allows for a separation between users that encrypt data, access data and produce secret keys. • We note that the landscape of attacks over pairing-friendly elliptic curves have been the subject of extensive research and there now exist constructions of pairing friendly elliptic curves where the complexity of all known non-generic attacks is (far) greater than the complexity of generic attacks. Thus, by appropriate choice of the underlying elliptic curve, we can capture all known practically feasible attacks on secrecy by restricting our attention to generic attacks. • We construct a new inner product FE scheme using prime order groups and show it secure under our new, hitherto strongest known framework in the generic group model, thus ruling out all generic attacks in arbitrarily complex real world environments. Since our construction is over prime order groups, we rule out factoring attacks that typically force higher security parameters. Our concrete-analysis proofs provide guidance on the size of elliptic curve groups that are needed for explicit complexity bounds on the attacker.

View PDFchevron_right
Multi-Party Functional Encryption
rishab goyal

IACR Cryptol. ePrint Arch., 2020

We initiate the study of multi-party functional encryption (MPFE) which unifies and abstracts out various notions of functional encryption which support distributed ciphertexts or secret keys, such as multi-input FE, multi-client FE, decentralized multi-client FE, multi-authority FE, dynamic decentralized FE, adhoc multi-input FE and such others. Using our framework, we identify several gaps in the literature and provide some constructions to fill these:

View PDFchevron_right
Adaptively Secure Functional Encryption for Finite Languages from DLIN Assumption
Rana Barua

2014

In this paper, we present Functional Encryption (FE) schemes for finite languages from standard static assumption, viz., Decisional Linear (DLIN) assumption. These finite languages are described by Deterministic Finite Automatas (DFAs). Our first scheme is ciphertext-policy functional encryption (CP-FE), where a key SKw is labeled with a string w over a fixed alphabet Σ and a ciphertext CM is associated with a DFA M over the same alphabet Σ. The key SKw can extract the message from the ciphertext CM if the DFA M accepts the string w. This CP-FE scheme is constructed based on attribute-based encryption (ABE) structure of Okamoto-Takashima in Asiacrypt, 2012. To achieve the adaptive security, we put bounds on number of occurrences of any symbol in a string and in the set of transition tuples of a DFA. Due to this restriction, the size of key space (where the keys are indexed with strings) is reduced to finite. Hence, the functional scope of any DFA in our system can capture only finit...

View PDFchevron_right
Revisiting Secure Computation Using Functional Encryption: Opportunities and Research Directions
James Joshi

2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 2020

Increasing incidents of security compromises and privacy leakage have raised serious privacy concerns related to cyberspace. Such privacy concerns have been instrumental in the creation of several regulations and acts to restrict the availability and use of privacy-sensitive data. The secure computation problem, initially and formally introduced as secure two-party computation by Andrew Yao in 1986, has been the focus of intense research in academia because of its fundamental role in building many of the existing privacy-preserving approaches. Most of the existing secure computation solutions rely on garbled-circuits and homomorphic encryption techniques to tackle secure computation issues, including efficiency and security guarantees. However, it is still challenging to adopt these secure computation approaches in emerging compute-intensive and data-intensive applications such as emerging machine learning solutions. Recently proposed functional encryption scheme has shown its promise as an underlying secure computation foundation in recent privacy-preserving machine learning approaches proposed. This paper revisits the secure computation problem using emerging and promising functional encryption techniques and presents a comprehensive study. We first briefly summarize existing conventional secure computation approaches built on garbled-circuits, oblivious transfer, and homomorphic encryption techniques. Then, we elaborate on the unique characteristics and challenges of emerging functional encryption based secure computation approaches and outline several research directions.

View PDFchevron_right
Blind Functional Encryption
Sébastien Canard

2020

Functional encryption (FE) gives the power to retain control of sensitive information and is particularly suitable in several practical real-world use cases. Using this primitive, anyone having a specific functional decryption key (derived from some master secret key) could only obtain the evaluation of an authorized function f over a message m, given its encryption. For many scenarios, the data owner is always different from the functionality owner, such that a classical implementation of functional encryption naturally implies an interactive key generation protocol between an entity owning the function f and another one managing the master secret key. We focus on this particular phase and consider the case where the function needs to be secret. In this paper, we introduce the new notion of blind functional encryption in which, during an interactive key generation protocol, the master secret key owner does not learn anything about the function f. Our new notion can be seen as a gen...

View PDFchevron_right
Chosen Ciphertext Secure Functional Encryption from Constrained Witness PRF
Tapas Pal

Information Security and Privacy, 2021

Functional encryption generates sophisticated keys for users so that they can learn specific functions of the encrypted message. We provide a generic construction of chosen ciphertext attacks (CCA) secure public-key functional encryption (PKFE) for all polynomial-size circuits. Our PKFE produces succinct ciphertexts that are independent of the size and depth of the circuit class under consideration. We accomplish our goal in two steps. First, we define a new cryptographic tool called constrained witness pseudorandom function (CW-PRF) which is motivated by combining WPRF of Zhandry (TCC 2016) and constrained PRF of Boneh and Waters (ASIACRYPT 2013). More specifically, CWPRF computes pseudorandom values associated with NP statements and generates constrained keys for boolean functions. We can recompute the pseudorandom value corresponding to a particular statement either using a public evaluation key with a valid witness for the statement or applying a constrained key for a function that satisfies the statement. We construct CWPRF by coupling indistinguishability obfuscation (iO) and CPRF supporting all polynomial-size functions. In the second and main technical step, we show a generic construction of a CCA secure PKFE for all circuits utilizing our CWPRF. It has been observed that obtaining PKFE supporting all circuits is already a complex task and iO-based constructions of PKFEs are only proven to be chosen plaintext attacks (CPA) secure. On the other hand, existing CCA secure functional encryption schemes are designed for specific functions such as equality testing, membership testing, linear function etc. We emphasize that our construction presents the first CCA secure PKFE for all circuits along with succinct ciphertexts.

View PDFchevron_right
Functional Encryption for Inner Product Predicates from Learning with Errors
David Freeman

Lecture Notes in Computer Science, 2011

We propose a lattice-based functional encryption scheme for inner product predicates whose security follows from the difficulty of the learning with errors (LWE) problem. This construction allows us to achieve applications such as range and subset queries, polynomial evaluation, and CNF/DNF formulas on encrypted data. Our scheme supports inner products over small fields, in contrast to earlier works based on bilinear maps.

View PDFchevron_right

References (65)

  1. Sim.LeafGen(pp, v, st, f, µ) Inputs: OTSE public parameters pp; Leaf Index v ∈ {0, 1} z ; Simulator State st ∈ {0, 1} * ; Function f ∈ F n ; Function Values µ Output: OTSE verification key vk v ; OTSE signature σ v ; Public Key of v th instance BFE.mpk v ; Secret Key BFE.sk f
  2. If (v, vk v , sk v ) does not exist in st, then (vk v , sk v ) ← SGen(pp). Add (v, vk v , sk v ) to st.
  3. Let (BFE.mpk v , BFE v .st
  4. ← BFE.S 0 (1 λ , 1 n , q).
  5. If µ = ⊥, run BFE.sk f ← BFE.S 1 (BFE v .st 0 , f ) and update state BFE v .st 1 in st. Else, get BFE.st v 2 from st and run BFE.sk f ← BFE.S µ 3 (BFE v .st 2 , f ) where µ contains the list of all previous function evaluations.
  6. σ v = SSign(pp, sk v , BFE.mpk v ).
  7. Output (vk v , σ v , BFE.mpk v , BFE.sk f ).
  8. For j ∈ [0, z -1], compute (vk v j , σ v j , x v j ) ← NodeGen(pp, v j , s).
  9. Let (vk tag , σ tag , BFE.mpk tag , BFE.sk tag,f ) ← LeafGen(pp, tag, s).
  10. • Ciphertext Queries: Let A query Enc on tag tag * ∈ I z and message m tag * ∈ M n .
  11. T, e T ) ← GC.Garble(1 λ , T[m]) (Figure 3).
  12. Let ( Q(z) , e
  13. ← GC.Garble(1 λ , Q[pp, 0, , e T ]) (Figure 4).
  14. Let y ι denote the ι th bit of vk . Let ỹ(0) ← {Y ι,yι } ι∈[ ] .
  15. Output ỹ(0) , Q(0) , . . . , Q(z) , T . • A outputs a bit b.
  16. We've included additional notational indexing to help with our hybrids. Experiment 1. In this experiment, we replace the PRF function with a truly random function. We additionally describe a routine that partially simulates LeafGen. PartSim.LeafGen(pp, v, st, f )
  17. Inputs: OTSE public parameters pp; Leaf Index v ∈ {0, 1} z ; Simulator State st ∈ {0, 1} * ; Function f ∈ F n Output: OTSE verification key vk v ; OTSE signature σ v ; Public Key of v th instance BFE.mpk v ; Secret Key BFE.sk f
  18. If (v, vk v , sk v ) does not exist in st, then (vk v , sk v ) ← SGen(pp). Add (v, vk v , sk v ) to st.
  19. Let (BFE.mpk v , BFE.msk v ) ← BFE.Setup(1 λ , 1 n , q). Store (v, BFE.mpk v , BFE.msk v ) in the state st.
  20. BFE.sk f ← BFE.KeyGen(BFE.msk v , f )
  21. σ v = SSign(pp, sk v , BFE.mpk v )
  22. Output (vk v , σ v , BFE.mpk v , BFE.sk f ) Figure 8: Routine Partially Simulated LeafGen • Setup: (1 n , 1 q , 1 z ) ← A(1 λ ). Sample s ← {0, 1} λ as PRF seed. Let st be the global state. Compute (vk , σ , x ) ← Sim.NodeGen(pp, , st).
  23. • Key Queries: Let A query KeyGen on tag tag ∈ {0, 1} z and function f . For j ∈ [0, z -1], compute (vk v j , σ v j , x v j ) ← Sim.NodeGen(pp, v j , st). Let (vk tag , σ tag , BFE.mpk tag , BFE.sk tag,f ) ← PartSim.LeafGen(pp, tag, st). References
  24. Shweta Agrawal. Stronger security for reusable garbled circuits, general definitions and attacks. In CRYPTO, 2017.
  25. Shweta Agrawal, Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. Func- tional encryption: New perspectives and lower bounds. In CRYPTO, 2013.
  26. Prabhanjan Ananth and Abhishek Jain. Indistinguishability obfuscation from compact functional encryption. In CRYPTO, 2015.
  27. Prabhanjan Ananth, Abhishek Jain, and Amit Sahai. Indistinguishability obfuscation from functional encryption for simple functions. Cryptology ePrint Archive, Report 2015/730, 2015.
  28. Shweta Agrawal, Monosij Maitra, Narasimha Sai Vempati, and Shota Yamada. Func- tional encryption for turing machines with dynamic bounded collusion from lwe. In CRYPTO, 2021.
  29. Shweta Agrawal and Alon Rosen. Functional encryption for bounded collusions, revis- ited. In Theory of Cryptography Conference, 2017.
  30. Shweta Agrawal and Ishaan Preet Singh. Reusable garbled deterministic finite au- tomata from learning with errors. In Ioannis Chatzigiannakis, Piotr Indyk, Fabian Kuhn, and Anca Muscholl, editors, ICALP, 2017.
  31. Prabhanjan Ananth and Vinod Vaikuntanathan. Optimal bounded-collusion secure functional encryption. In Dennis Hofheinz and Alon Rosen, editors, TCC, 2019.
  32. Dan Boneh and Matthew K. Franklin. Identity-based encryption from the weil pairing. In CRYPTO, 2001.
  33. Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. Foundations of garbled circuits. In CCS '12, 2012.
  34. Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan. Anonymous ibe, leakage resilience and circular security from new assumptions. In EUROCRYPT, 2018.
  35. Dan Boneh, Amit Sahai, and Brent Waters. Functional encryption: definitions and challenges. In TCC, 2011.
  36. Nir Bitansky and Vinod Vaikuntanathan. Indistinguishability obfuscation from func- tional encryption. In FOCS, 2015.
  37. Dan Boneh and Brent Waters. Conjunctive, subset, and range queries on encrypted data. In TCC, 2007.
  38. Clifford Cocks. An identity based encryption scheme based on Quadratic Residues. In Cryptography and Coding, IMA International Conference, volume 2260 of LNCS, pages 360-363, 2001.
  39. CVW + 18] Yilei Chen, Vinod Vaikuntanathan, Brent Waters, Hoeteck Wee, and Daniel Wichs. Traitor-tracing from lwe made simple and attribute-based. In TCC, 2018.
  40. Nico Döttling and Sanjam Garg. From selective ibe to full ibe and selective hibe. TCC, 2017.
  41. Nico Döttling and Sanjam Garg. Identity-based encryption from the diffie-hellman assumption. In CRYPTO, 2017.
  42. Nico Döttling, Sanjam Garg, Mohammad Hajiabadi, and Daniel Masny. New construc- tions of identity-based and key-dependent message secure encryption schemes. In IACR International Workshop on Public Key Cryptography, pages 3-31. Springer, 2018.
  43. Whitfield Diffie and Martin E. Hellman. New directions in cryptography, 1976.
  44. Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, and Moti Yung. Key-insulated public key cryptosystems. In International Conference on the Theory and Applications of Cryptographic Techniques, 2002.
  45. Rachit Garg, Rishab Goyal, George Lu, and Brent Waters. Dynamic collusion bounded functional encryption from identity-based encryption. In (To appear) EUROCRYPT, 2022. https://ia.cr/2021/847.
  46. GHM + 19] Sanjam Garg, Mohammad Hajiabadi, Mohammad Mahmoody, Ahmadreza Rahimi, and Sruthi Sekar. Registration-based encryption from standard assumptions. In IACR international workshop on public key cryptography, pages 63-93. Springer, 2019.
  47. Sanjam Garg, Mohammad Hajiabadi, Mohammad Mahmoody, and Ahmadreza Rahimi. Registration-based encryption: Removing private-key generator from IBE. In TCC, 2018.
  48. GKP + 13] Shafi Goldwasser, Yael Tauman Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich. How to run turing machines on encrypted data. In Annual Cryp- tology Conference, pages 536-553. Springer, 2013.
  49. Rishab Goyal, Venkata Koppula, and Brent Waters. Semi-adaptive security and bundling functionalities made generic and easy. In Theory of Cryptography -14th International Conference, TCC 2016-B, Beijing, China, October 31 -November 3, 2016, Proceedings, Part II, 2016.
  50. Rishab Goyal, Venkata Koppula, and Brent Waters. Collusion resistant traitor tracing from learning with errors. In STOC, 2018.
  51. Shafi Goldwasser, Allison Lewko, and David A Wilson. Bounded-collusion ibe from key homomorphism. In Theory of Cryptography Conference, 2012.
  52. Rishab Goyal, Ridwan Syed, and Brent Waters. Bounded collusion abe for tms from ibe. In ASIACRYPT, 2021.
  53. Rishab Goyal and Satyanarayana Vusirikala. Verifiable registration-based encryption. In CRYPTO, 2020.
  54. Sergey Gorbunov, Vinod Vaikuntanathan, and Hoeteck Wee. Functional encryption with bounded collusions via multi-party computation. In CRYPTO, 2012.
  55. ISV + 17] Gene Itkis, Emily Shen, Mayank Varia, David Wilson, and Arkady Yerukhimovich. Bounded-collusion attribute-based encryption from minimal assumptions. In IACR International Workshop on Public Key Cryptography, 2017.
  56. Aayush Jain, Huijia Lin, and Amit Sahai. Indistinguishability obfuscation from well- founded assumptions. In STOC, 2021.
  57. Jonathan Katz, Amit Sahai, and Brent Waters. Predicate encryption supporting dis- junctions, polynomial equations, and inner products. In EUROCRYPT, 2008.
  58. O'N10] Adam O'Neill. Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556, 2010.
  59. Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing, 2005.
  60. Adi Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of CRYPTO 84 on Advances in cryptology, pages 47-53, New York, NY, USA, 1985. Springer-Verlag New York, Inc.
  61. Amit Sahai and Hakan Seyalioglu. Worry-free encryption: functional encryption with public keys. In CCS, 2010.
  62. Amit Sahai and Brent Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457-473, 2005.
  63. Hoeteck Wee. Abe for dfa from lwe against bounded collusions, revisited. In TCC, 2021.
  64. Andrew C Yao. Protocols for secure computations. In 23rd annual symposium on foundations of computer science (sfcs 1982), pages 160-164. IEEE, 1982.
  65. Andrew Yao. How to generate and exchange secrets. In FOCS, pages 162-167, 1986.

Related papers

Dynamic Collusion Bounded Functional Encryption from Identity-Based Encryption
rishab goyal

Lecture Notes in Computer Science, 2021

Functional Encryption is a powerful notion of encryption in which each decryption key is associated with a function f such that decryption recovers the function evaluation f (m). Informally, security states that a user with access to function keys sk f1 , sk f2 , . . . (and so on) can only learn f 1 (m), f 2 (m), . . . (and so on) but nothing more about the message. The system is said to be q-bounded collusion resistant if the security holds as long as an adversary gets access to at most q = q(λ) function keys. A major drawback of such statically bounded collusion systems is that the collusion bound q must be declared at setup time and is fixed for the entire lifetime of the system. We initiate the study of dynamically bounded collusion resistant functional encryption systems which provide more flexibility in terms of selecting the collusion bound, while reaping the benefits of statically bounded collusion FE systems (such as quantum resistance, simulation security, and general assumptions). Briefly, the virtues of a dynamically bounded scheme can be summarized as: Fine-grained individualized selection. It lets each encryptor select the collusion bound by weighing the trade-off between performance overhead and the amount of collusion resilience.

View PDFchevron_right
Multi-input Functional Encryption with Unbounded-Message Security
Aayush Jain

Lecture Notes in Computer Science, 2016

Multi-input functional encryption (MIFE) was introduced by Goldwasser et al. (EUROCRYPT 2014) as a compelling extension of functional encryption. In MIFE, a receiver is able to compute a joint function of multiple, independently encrypted plaintexts. Goldwasser et al. (EUROCRYPT 2014) show various applications of MIFE to running SQL queries over encrypted databases, computing over encrypted data streams, etc. The previous constructions of MIFE due to Goldwasser et al. (EUROCRYPT 2014) based on indistinguishability obfuscation had a major shortcoming: it could only support encrypting an a priori bounded number of message. Once that bound is exceeded, security is no longer guaranteed to hold. In addition, it could only support selective-security, meaning that the challenge messages and the set of "corrupted" encryption keys had to be declared by the adversary up-front. In this work, we show how to remove these restrictions by relying instead on sub-exponentially secure indistinguishability obfuscation. This is done by carefully adapting an alternative MIFE scheme of Goldwasser et al. that previously overcame these shortcomings (except for selective security wrt. the set of "corrupted" encryption keys) by relying instead on differing-inputs obfuscation, which is now seen as an implausible assumption. Our techniques are rather generic, and we hope they are useful in converting other constructions using differing-inputs obfuscation to ones using sub-exponentially secure indistinguishability obfuscation instead.

View PDFchevron_right
Semantically Secure Functional Encryption, Revisited
Manuel Barbosa

Abstract. Functional encryption (FE) is a powerful cryptographic primitive that generalizes many asymmetric encryption systems proposed in recent years. Syntax and security definitions for general FE were recently proposed by Boneh, Sahai, and Waters (BSW)(TCC 2011) and independently by O'Neill (ePrint 2010/556). In this paper we revisit these definitions, identify a number of shortcomings in them, and propose a new definitional approach that overcomes these limitations.

View PDFchevron_right
A survey on Functional Encryption
Carla Mascia

2021

Functional Encryption (FE) expands traditional public-key encryption in two di erent ways: it supports fine-grained access control and it allows to learn a function of the encrypted data. In this paper, we review all FE classes, describing their functionalities and main characteristics. In particular, for each class we mention several schemes, providing their security assumptions and comparing their properties. To our knowledge, this is the first survey that encompasses the entire FE family.

View PDFchevron_right
Functional Encryption for Randomized Functionalities
Amit Sahai

Theory of Cryptography, 2015

In this work, we present the first definitions and constructions for functional encryption supporting randomized functionalities. The setting of randomized functionalities require us to revisit functional encryption definitions by, for the first time, explicitly adding security requirements for dishonest encryptors, to ensure that they cannot improperly tamper with the randomness that will be used for computing outputs. Our constructions are built using indistinguishability obfuscation.

View PDFchevron_right

Related topics

  • Computer Science
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved