nach oben

Journal of Cryptology

Erschienen in:

17.04.2017

Function-Private Functional Encryption in the Private-Key Setting

verfasst von: Zvika Brakerski, Gil Segev

Erschienen in: Journal of Cryptology | Ausgabe 1/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Functional encryption supports restricted decryption keys that allow users to learn specific functions of the encrypted messages. Although the vast majority of research on functional encryption has so far focused on the privacy of the encrypted messages, in many realistic scenarios it is crucial to offer privacy also for the functions for which decryption keys are provided. Whereas function privacy is inherently limited in the public-key setting, in the private-key setting it has a tremendous potential. Specifically, one can hope to construct schemes where encryptions of messages \(\mathsf{m}_1, \ldots , \mathsf{m}_T\) together with decryption keys corresponding to functions \(f_1, \ldots , f_T\), reveal essentially no information other than the values \(\{ f_i(\mathsf{m}_j)\}_{i,j\in [T]}\). Despite its great potential, the known function-private private-key schemes either support rather limited families of functions (such as inner products) or offer somewhat weak notions of function privacy. We present a generic transformation that yields a function-private functional encryption scheme, starting with any non-function-private scheme for a sufficiently rich function class. Our transformation preserves the message privacy of the underlying scheme and can be instantiated using a variety of existing schemes. Plugging in known constructions of functional encryption schemes, we obtain function-private schemes based either on the learning with errors assumption, on obfuscation assumptions, on simple multilinear-maps assumptions, and even on the existence of any one-way function (offering various trade-offs between security and efficiency).

Vorheriger Artikel A Black-Box Construction of Non-malleable Encryption from Semantically Secure Encryption

Nächster Artikel All-But-Many Encryption

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Additional constructions were presented by Boneh et al. [8] who were able to reduce the garbling overhead from multiplicative to additive in either the size of the circuit or the size of the encoded input.

A similar approach was also taken by De Caro et al. [16] and Ananth et al. [3] who used a private-key encryption scheme for embedding “trapdoors” into functional keys. The main difference, however, is that De Caro et al. and Ananth et al. use such trapdoors only within the proof of security, whereas Goldwasser et al. use them for implementing the standard behavior of their scheme.

The approach of Goldwasser et al. can be extended to deal with any a priori bounded number of functions, as long as they are specified in advance (this is done using [25]). In this case, the length of ciphertexts in their scheme would be linear in the number of functions. This is in fact inherent to their setting, as they consider a simulation-based notion of security [4]. We consider indistinguishability-based notions of security and would like to inherit the (either full or selective) security of the underlying functional encryption scheme.

For indistinguishability-based message privacy in the public-key setting, considering one challenge is equivalent to considering a left-or-right encryption oracle [25]. Therefore, as public-key schemes are also private-key ones, in our indistinguishability-based definitions we directly consider left-or-right encryption oracles.

Recall (Definition 2.1) that for a probabilistic two-input functionality \({\mathcal {O}}\) and for \(b \in \{0,1\}\), we denote by \({\mathcal {O}}_b\) the probabilistic three-input functionality \({\mathcal {O}}_b(k, x_0, x_1) \mathop {=}\limits ^\mathsf{def} {\mathcal {O}}(k, x_b)\).

To be absolutely formal, this building block is implied by the former in an obvious way.

S. Agrawal, S. Agrawal, S. Badrinarayanan, A. Kumarasubramanian, M. Prabhakaran, A. Sahai, Function private functional encryption and property preserving encryption: new definitions and positive results, in Cryptology. ePrint Archive, Report 2013/744 (2013)

P. Ananth, D. Boneh, S. Garg, A. Sahai, M. Zhandry. Differing-inputs obfuscation and applications, in Cryptology. ePrint Archive, Report 2013/689 (2013)

P. Ananth, Z. Brakerski, G. Segev, V. Vaikuntanathan, From selective to adaptive security in functional encryption, in Advances in Cryptology—CRYPTO ’15 (2015), pp. 657–677

S. Agrawal, S. Gorbunov, V. Vaikuntanathan, H. Wee, Functional encryption: new perspectives and lower bounds, in Advances in Cryptology—CRYPTO ’13 (2013), pp. 500–518

G. Asharov, G. Segev. Limits on the power of indistinguishability obfuscation and functional encryption, in Proceedings of the 56th Annual IEEE Symposium on Foundations of Computer Science (2015), pp. 191–209

E. Boyle, K. Chung, R. Pass, On extractability obfuscation, in Proceedings of the 11th Theory of Cryptography Conference (2014), pp. 52–73

D. Boneh, M. K. Franklin, Identity-based encryption from the Weil pairing. SIAM J. Comput., 32(3):586–615 (2003) (Preliminary version in Advances in Cryptology—CRYPTO ’01, pp. 213–229, 2001)

D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, V. Nikolaenko, G. Segev, V. Vaikuntanathan, D. Vinayagamurthy, Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits, in Advances in Cryptology—EUROCRYPT ’14 (2014), pp. 533–556

Z. Brakerski, I. Komargodski, G. Segev, Multi-input functional encryption in the private-key setting: stronger security from weaker assumptions, in Advances in Cryptology—EUROCRYPT ’16 (2016), pp. 852–880

10.

N. Bitansky, R. Nishimaki, A. Passelegue, D. Wichs, From cryptomania to obfustopia through secret-key functional encryption, in Cryptology (2016). ePrint Archive, Report 2016/558

11.

M. Bellare, A. O’Neill, in Semantically-secure functional encryption: possibility results, impossibility results and the quest for a general definition, in Proceedings of the 12th International Conference on Cryptology and Network Security (2013), pp. 218–234

12.

D. Boneh, A. Raghunathan, G. Segev, Function-private identity-based encryption: hiding the function in functional encryption, in Advances in Cryptology—CRYPTO ’13 (2013), pp. 461–478

13.

D. Boneh, A. Raghunathan, G. Segev, Function-private subspace-membership encryption and its applications, in Advances in Cryptology—ASIACRYPT ’13 (2013), pp. 255–275

14.

D. Boneh, A. Sahai, B. Waters, Functional encryption: definitions and challenges, in Proceedings of the 8th Theory of Cryptography Conference (2011), pp. 253–273

15.

C. Cocks, An identity based encryption scheme based on quadratic residues, in Proceedings of the 8th IMA International Conference on Cryptography and Coding (2011), pp. 360–363

16.

A. De Caro, V. Iovino, A. Jain, A. O’Neill, O. Paneth, G. Persiano, On the achievability of simulation-based security for functional encryption, in Advances in Cryptology—CRYPTO ’13 (2013), pp. 519–535

17.

S. Goldwasser, S. D. Gordon, V. Goyal, A. Jain, J. Katz, F.-H. Liu, A. Sahai, E. Shi, H.-S. Zhou, Multi-input functional encryption, in Advances in Cryptology—EUROCRYPT ’14 (2014), pp. 578–602 (merge of [20] and [22])

18.

S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in Proceedings of the 54th Annual IEEE Symposium on Foundations of Computer Science (2013), pp. 40–49

19.

S. Garg, C. Gentry, S. Halevi, M. Zhandry, Fully secure functional encryption without obfuscation, in Cryptology. ePrint Archive, Report 2014/666 (2014)

20.

S. Goldwasser, V. Goyal, A. Jain, A. Sahai, Multi-input functional encryption, in Cryptology. ePrint Archive, Report 2013/727 (2013)

21.

V. Goyal, A. Jain, V. Koppula, A. Sahai, Functional encryption for randomized functionalities, in Cryptology. ePrint Archive, Report 2013/729 (2013)

22.

S. D. Gordon, J. Katz, F.-H. Liu, E. Shi, H.-S Zhou, Multi-input functional encryption, in Cryptology. ePrint Archive, Report 2013/774 (2013)

23.

S. Goldwasser, Y. Kalai, R.A. Popa, V. Vaikuntanathan, N. Zeldovich, Reusable garbled circuits and succinct functional encryption, in Proceedings of the 45th Annual ACM Symposium on Theory of Computing (2013), pp. 555–564

24.

S. Goldwasser, Y.T. Kalai, R.A. Popa, V. Vaikuntanathan, N. Zeldovich, How to run turing machines on encrypted data, in Advances in Cryptology—CRYPTO ’13 (2013), pp. 536–553

25.

S. Gorbunov, V. Vaikuntanathan, H. Wee, Functional encryption with bounded collusions via multi-party computation, in Advances in Cryptology—CRYPTO ’12 (2012), pp. 162–179

26.

I. Komargodski, G. Segev, E. Yogev, Functional encryption for randomized functionalities in the private-key setting from minimal assumptions, in Proceedings of the 12th Theory of Cryptography Conference (2015), pp. 352–377

27.

M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (1990), pp. 427–437

28.

A. O’Neill, Definitional issues in functional encryption, in Cryptology. ePrint Archive, Report 2010/556 (2010)

29.

A. Shamir, Identity-based cryptosystems and signature schemes, in Advances in Cryptology—CRYPTO ’84 (1984), pp. 47–53

30.

E. Shen, E. Shi, B. Waters, Predicate privacy in encryption systems, in Proceedings of the 6th Theory of Cryptography Conference (2009), pp. 457–473

31.

A. Sahai, B. Waters, Slides on functional encryption (2008). http://www.cs.utexas.edu/~bwaters/presentations/files/functional.ppt

32.

A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in Proceedings of the 46th Annual ACM Symposium on Theory of Computing (204), pp. 475–484

33.

B. Waters, A punctured programming approach to adaptively secure functional encryption, in Advances in Cryptology—CRYPTO ’15 (2015), pp. 678–697

Titel: Function-Private Functional Encryption in the Private-Key Setting
verfasst von: Zvika Brakerski
Gil Segev
Publikationsdatum: 17.04.2017
Verlag: Springer US
Erschienen in: Journal of Cryptology / Ausgabe 1/2018
Print ISSN: 0933-2790
Elektronische ISSN: 1432-1378
DOI: https://doi.org/10.1007/s00145-017-9255-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2018

A Black-Box Construction of Non-malleable Encryption from Semantically Secure Encryption

Functional Encryption for Randomized Functionalities in the Private-Key Setting from Minimal Assumptions

Practical Homomorphic Message Authenticators for Arithmetic Circuits

Optimal Security Proofs for Full Domain Hash, Revisited

All-But-Many Encryption

Minimizing Locality of One-Way Functions via Semi-private Randomized Encodings