• PDF / 393,343 Bytes
• 31 Pages / 439.37 x 666.142 pts Page_size
• 81 Downloads / 227 Views

DOWNLOAD

REPORT

Center for Encrypted Functionalities, University of California, Los Angeles, USA {saikrishna,sahai}@cs.ucla.edu, [email protected] 2 Microsoft Research, Bengaluru, India [email protected]

Abstract. In light of security challenges that have emerged in a world with complex networks and cloud computing, the notion of functional encryption has recently emerged. In this work, we show that in several applications of functional encryption (even those cited in the earliest works on functional encryption), the formal notion of functional encryption is actually not sufficient to guarantee security. This is essentially because the case of a malicious authority and/or encryptor is not considered. To address this concern, we put forth the concept of verifiable functional encryption, which captures the basic requirement of output correctness: even if the ciphertext is maliciously generated (and even if the setup and key generation is malicious), the decryptor is still guaranteed a meaningful notion of correctness which we show is crucial in several applications. We formalize the notion of verifiable function encryption and, following prior work in the area, put forth a simulation-based and an indistinguishability-based notion of security. We show that simulationbased verifiable functional encryption is unconditionally impossible even in the most basic setting where there may only be a single key and a single ciphertext. We then give general positive results for the indistinguishability setting: a general compiler from any functional encryption scheme into a verifiable functional encryption scheme with the only additional assumption being the Decision Linear Assumption over Bilinear Groups (DLIN). We also give a generic compiler in the secret-key setting for functional encryption which maintains both message privacy and function privacy. Our positive results are general and also apply to other simpler settings such as Identity-Based Encryption, AttributeBased Encryption and Predicate Encryption. We also give an application of verifiable functional encryption to the recently introduced primitive A. Sahai—Research supported in part from a DARPA/ARL SAFEWARE award, NSF Frontier Award 1413955, NSF grants 1228984, 1136174, and 1065276, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the author and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government. c International Association for Cryptologic Research 2016  J.H. Cheon and T. Takagi (Eds.): ASIACRYPT 2016, Part II, LNCS 10032, pp. 557–587, 2016. DOI: 10.1007/978-3-662-53890-6 19

558

S. Badrinarayanan et al. of functional commitments. Finally, in the context of indistinguishability obfuscation, there is a fundamental question of whether the corr

Recommend Documents

Blind Functional Encryption

181 71 30MB

Multi-input Functional Encryption

171 88 393KB

When Does Functional Encryption Imply Obfuscation?

114 97 495KB

Compactness vs Collusion Resistance in Functional Encryption

175 108 11MB

Functional Encryption for Bounded Collusions, Revisited

175 19 759KB

Leakage-Resilient Functional Encryption via Pair Encodings

183 21 341KB

On Zero-Testable Homomorphic Encryption and Publicly Verifiable Non-interactive Arguments

137 75 410KB

Verifiable Contracting

158 19 19MB

Efficient Verifiable Delay Functions

186 97 461KB

Single-Key to Multi-Key Functional Encryption with Polynomial Loss

180 28 11MB

An efficient public key functional encryption for inner product evaluations

149 82 606KB

From Cryptomania to Obfustopia Through Secret-Key Functional Encryption

156 47 11MB