Jump to content

Functional encryption

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Vejvančický (talk | contribs) at 04:13, 12 April 2013 (fmt). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Functional encryption is a type of public-key encryption in which a the decryption of a ciphertext is possible if and only if the plaintext satisfies some functional relation. Functional encryption generalizes several existing primitives including Identity-Based encryption and Attribute-Based Encryption.

Functional encryption was proposed by Sahai and Waters in 2005[1] and formalized by Boneh, Sahai and Waters in 2010[2]. Until recently, however, most instantiations of Functional Encryption supported only limited function classes such as boolean formulae. In 2012, several researchers developed Functional Encryption schemes that support arbitrary functions.[3] [4] [5]

Background

Functional Encryption is a new vision of public key encryption. Traditionally, we view encryption as a mechanism for a user, Alice, to confidentially encode a data to a target recipient Bob. Alice encrypts the data under the recipients public key such that only Bob, with knowledge of his private key, can decrypt it.

However, in some applications, it may be necessary to share data according to an encryption policy without prior knowledge of who will be receiving the data. Suppose an informant needs to encrypt a message for anyone in a police department's internal affairs office or anyone who is undercover and in the central office -- even though she may not know which officers fit this criteria. The informant will want to encrypt the review with the access policy.

In this system, only users with attributes (credentials) that match this policy should be able to decrypt the document. Traditionally this sort of access control was implemented using a trusted server. With Functional Encryption, however, it is possible to represent the user's access policy using some arbitrary function that takes as input an associated ciphertext tag (that e.g., contains information about the ciphertext). A private key generator subsequently embeds the description of into a secret key, which is given to the user. Functional encryption schemes guarantee that the user may decrypt the ciphertext if an only if when evaluates to 1.

One realization of Functional Encryption is Attribute Based Encryption (ABE). In these schemes, the function is a boolean formula over a set of attributes (e.g., Secret OR Top_Secret AND CIA_Agent). Users obtain keys for specific formulae from a trusted party known as a private key generator. Ciphertexts are encrypted with attributes such that the ciphertext can only be decrypted when the attributes satisfy the policy embedded in the user's key.

References

  1. ^ Sahai, Amit (2005). "Fuzzy Identity-Based Encryption" (PDF). Proceedings of Eurocrypt 2005. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  2. ^ Boneh, Dan (2011). "Functional Encryption: Definitions and Challenges" (PDF). Proceedings of Theory of Cryptography Conference (TCC) 2011. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  3. ^ Goldwasser, Shafi (2013). "Reusable Garbled Circuits and Succinct Functional Encryption" (PDF). Proceedings of STOC 2013. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  4. ^ Gorbunov, Serge. "Attribute-Based Encryption for Circuits". {{cite journal}}: Cite journal requires |journal= (help); Unknown parameter |coauthors= ignored (|author= suggested) (help)
  5. ^ Sahai, Amit. "Attribute-Based Encryption for Circuits from Multilinear Maps" (PDF). {{cite journal}}: Cite journal requires |journal= (help); Unknown parameter |coauthors= ignored (|author= suggested) (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Functional_encryption&oldid=549953503"