Anzeige
Erschienen in:
2019 | OriginalPaper | Buchkapitel
How to Leverage Hardness of Constant-Degree Expanding Polynomials over \(\mathbb {R}\) to build \(i\mathcal {O}\)
verfasst von : Aayush Jain, Huijia Lin, Christian Matt, Amit Sahai
Erschienen in: Advances in Cryptology – EUROCRYPT 2019
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Abstract
In this work, we introduce and construct D-restricted Functional Encryption (FE) for any constant \(D \ge 3\), based only on the SXDH assumption over bilinear groups. This generalizes the notion of 3-restricted FE recently introduced and constructed by Ananth et al. (ePrint 2018) in the generic bilinear group model.
A \(D=(d+2)\)-restricted FE scheme is a secret key FE scheme that allows an encryptor to efficiently encrypt a message of the form \(M=(\varvec{x},\varvec{y},\varvec{z})\). Here, \(\varvec{x}\in \mathbb {F}_{\mathbf {p}}^{d\times n}\) and \(\varvec{y},\varvec{z}\in \mathbb {F}_{\mathbf {p}}^n\). Function keys can be issued for a function \(f=\varSigma _{\varvec{I}= (i_1,..,i_d,j,k)}\ c_{\varvec{I}}\cdot \varvec{x}[1,i_1] \cdots \varvec{x}[d,i_d] \cdot \varvec{y}[j]\cdot \varvec{z}[k]\) where the coefficients \(c_{\varvec{I}}\in \mathbb {F}_{\mathbf {p}}\). Knowing the function key and the ciphertext, one can learn \(f(\varvec{x},\varvec{y},\varvec{z})\), if this value is bounded in absolute value by some polynomial in the security parameter and n. The security requirement is that the ciphertext hides \(\varvec{y}\) and \(\varvec{z}\), although it is not required to hide \(\varvec{x}\). Thus \(\varvec{x}\) can be seen as a public attribute.
D-restricted FE allows for useful evaluation of constant-degree polynomials, while only requiring the SXDH assumption over bilinear groups. As such, it is a powerful tool for leveraging hardness that exists in constant-degree expanding families of polynomials over \(\mathbb {R}\). In particular, we build upon the work of Ananth et al. to show how to build indistinguishability obfuscation (\(i\mathcal {O}\)) assuming only SXDH over bilinear groups, LWE, and assumptions relating to weak pseudorandom properties of constant-degree expanding polynomials over \(\mathbb {R}\).