Unbounded inner product functional encryption from bilinear maps
- PDF / 8,088,711 Bytes
- 57 Pages / 439.37 x 666.142 pts Page_size
- 27 Downloads / 221 Views
Unbounded inner product functional encryption from bilinear maps Junichi Tomida1 · Katsuyuki Takashima2 Received: 19 November 2019 / Revised: 27 February 2020 © The JJIAM Publishing Committee and Springer Japan KK, part of Springer Nature 2020
Abstract Inner product functional encryption (IPFE) is one class of functional encryption supporting only inner product functionality. All previous IPFE schemes are bounded schemes, meaning that the vector length that can be handled in the scheme is fixed in the setup phase. In this paper, we propose the first unbounded IPFE schemes, in which we do not have to fix the lengths of vectors in the setup phase and can handle (a priori) unbounded polynomial lengths of vectors. Our first scheme is private-key based and fully function hiding. That is, secret keys hide the information of the associated function. Our second scheme is public-key based and provides adaptive security in the indistinguishability based security definition. Both our schemes are based on SXDH, which is a well-studied standard assumption, and secure in the standard model. Furthermore, our schemes are quite efficient, incurring an efficiency loss by only a small constant factor from previous bounded function hiding schemes. Keywords Functional encryption · Inner product · Function hiding · Unbounded · Bilinear maps Mathematics Subject Classification 94A60
An extended abstract of this paper [30] appeared in Asiacrypt 2018—the 24th Annual International Conference on the Theory and Application of Cryptology and Information Security. This is a full version of the paper. * Junichi Tomida [email protected] Katsuyuki Takashima [email protected] 1
NTT, Musashino, Tokyo, Japan
2
Mitsubishi Electric, Kamakura, Kanagawa, Japan
13
Vol.:(0123456789)
J. Tomida, K. Takashima
1 Introduction Functional encryption (FE) [10, 28] is an advanced cryptographic paradigm that is expected to drastically enhance the availability of encrypted data. Traditional encryption schemes can provide only “all-or-nothing” decryption capability over encrypted data, i.e., an owner of a legitimate decryption key can learn the entire data from a ciphertext and the others can learn nothing. In contrast, FE allows a legitimate user to learn some computed results from encrypted data without revealing any other information. More precisely, FE supporting a function class F allows an owner of a master secret key 𝗆𝗌𝗄 to issue a secret key 𝗌𝗄f for any function f ∈ F , and decrypting a ciphertext 𝖼𝗍m of a message m with 𝗌𝗄f reveals only f(m) and nothing else. Although there are several constructions of FE for all circuits [18, 19, 32], all are based on currently impractical cryptographic primitives such as indistinguishability obfuscation [18] or multi-linear maps [17]. As a result, such general purpose FEs are far from practical, and this is why Abdalla et al. [1] initiated the study of a more specific and practical FE, i.e., inner product functional encryption (IPFE). In IPFE, an owner of a master
Data Loading...