Functional encryption (FE) is a generalization of public-key encryption in which possessing a secret key allows one to learn a function of what the ciphertext is encrypting.

Functional encryption
General
DesignersAmit Sahai, Brent Waters, Dan Boneh, Shafi Goldwasser, Yael Kalai
Derived fromPublic-key encryption
Related toHomomorphic encryption

Formal definition

edit

More precisely, a functional encryption scheme for a given functionality   consists of the following four algorithms:

  •  : creates a public key   and a master secret key  .
  •  : uses the master secret key to generate a new secret key   for the function  .
  •  : uses the public key to encrypt a message  .
  •  : uses secret key to calculate   where   is the value that   encrypts.

The security of FE requires that any information an adversary learns from an encryption of   is revealed by  . Formally, this is defined by simulation.[1]

Applications

edit

Functional encryption generalizes several existing primitives including Identity-based encryption (IBE) and attribute-based encryption (ABE). In the IBE case, define   to be equal to   when   corresponds to an identity that is allowed to decrypt, and   otherwise. Similarly, in the ABE case, define   when   encodes attributes with permission to decrypt and   otherwise.

History

edit

Functional encryption was proposed by Amit Sahai and Brent Waters in 2005[2] and formalized by Dan Boneh, Amit Sahai and Brent Waters in 2010.[3] Until recently, however, most instantiations of Functional Encryption supported only limited function classes such as boolean formulae. In 2012, several researchers developed Functional Encryption schemes that support arbitrary functions.[1][4][5][6]

References

edit
  1. ^ a b Goldwasser, Shafi; Kalai, Yael; Ada Popa, Raluca; Vaikuntanathan, Vinod; Zeldovich, Nickolai (2013). Reusable garbled circuits and succinct functional encryption - Stoc 13 Proceedings of the 2013 ACM Symposium on Theory of Computing. New York, NY, USA: ACM. pp. 555–564. ISBN 978-1-4503-2029-0.
  2. ^ Amit Sahai; Brent Waters (2005). "Fuzzy Identity-Based Encryption". In Ronald Cramer (ed.). Advances in Cryptology. EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Springer. pp. 457–473. ISBN 978-3-540-25910-7. LCCN 2005926095.
  3. ^ Boneh, Dan; Amit Sahai; Brent Waters (2011). "Functional Encryption: Definitions and Challenges" (PDF). Proceedings of Theory of Cryptography Conference (TCC) 2011.
  4. ^ Gorbunov, Sergey; Hoeteck Wee; Vinod Vaikuntanathan (2013). "Attribute-Based Encryption for Circuits". Proceedings of STOC.
  5. ^ Sahai, Amit; Brent Waters (2012). "Attribute-Based Encryption for Circuits from Multilinear Maps" (PDF). arXiv:1210.5287.
  6. ^ Goldwasser, Shafi; Yael Kalai; Raluca Ada Popa; Vinod Vaikuntanathan; Nickolai Zeldovich (2013). "How to Run Turing Machines on Encrypted Data" (PDF). Advances in Cryptology – CRYPTO 2013. Lecture Notes in Computer Science. Vol. 8043. pp. 536–553. doi:10.1007/978-3-642-40084-1_30. hdl:1721.1/91472. ISBN 978-3-642-40083-4.