Functional encryption

Functional encryption is a type of public-key encryption in which possessing a secret key allows one to learn a function of what the ciphertext is encrypting.

More precisely, a functional encryption scheme for a given functionality $F$ consists of the following four algorithms:

$(pk,msk)\leftarrow Setup(1^{\lambda })$ : creates a public key $pk$ and a master secret key $msk$ .
$sk\leftarrow Keygen(msk,k)$ : uses the master secret key to generate a new secret key $sk$ for value $k$ .
$c\leftarrow Enc(pk,x)$ : uses the public key to encrypt a message $x$ .
$F(k,x)\leftarrow Dec(sk,c)$ : uses secret key calculate a function of the value $c$ encrypts.

Functional encryption generalizes several existing primitives including Identity-based encryption (IBE) and Attribute-based encryption (ABE). In the IBE case, define $F(k,x)$ to be equal to $x$ when $k$ corresponds to an identity that is allowed to decrypt, and $\perp$ otherwise. Similarly, in the ABE case, define $F(k,x)=x$ when $k$ encodes attributes with permission to decrypt and $\perp$ otherwise.

Background

Functional encryption was proposed by Sahai and Waters in 2005^[1] and formalized by Boneh, Sahai and Waters in 2010.^[2] Until recently, however, most instantiations of Functional Encryption supported only limited function classes such as boolean formulae. In 2012, several researchers developed Functional Encryption schemes that support arbitrary functions.^[3]^[4]^[5] ^[6]

References

^ Sahai, Amit (2005). "Fuzzy Identity-Based Encryption" (PDF). Proceedings of Eurocrypt 2005. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
^ Boneh, Dan (2011). "Functional Encryption: Definitions and Challenges" (PDF). Proceedings of Theory of Cryptography Conference (TCC) 2011. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
^ Goldwasser, Shafi (2013). "Reusable Garbled Circuits and Succinct Functional Encryption" (PDF). Proceedings of STOC 2013. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
^ Gorbunov, Serge (2013). "Attribute-Based Encryption for Circuits". Proceedings of STOC. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
^ Sahai, Amit. "Attribute-Based Encryption for Circuits from Multilinear Maps" (PDF). {{cite journal}}: Cite journal requires |journal= (help); Unknown parameter |coauthors= ignored (|author= suggested) (help)
^ Goldwasser, Shafi (2013). "How to Run Turing Machines on Encrypted Data" (PDF). CRYPTO 2013. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

[1] Sahai, Amit (2005). "Fuzzy Identity-Based Encryption" (PDF). Proceedings of Eurocrypt 2005. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

[2] Boneh, Dan (2011). "Functional Encryption: Definitions and Challenges" (PDF). Proceedings of Theory of Cryptography Conference (TCC) 2011. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

[3] Goldwasser, Shafi (2013). "Reusable Garbled Circuits and Succinct Functional Encryption" (PDF). Proceedings of STOC 2013. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

[4] Gorbunov, Serge (2013). "Attribute-Based Encryption for Circuits". Proceedings of STOC. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

[5] Sahai, Amit. "Attribute-Based Encryption for Circuits from Multilinear Maps" (PDF). {{cite journal}}: Cite journal requires |journal= (help); Unknown parameter |coauthors= ignored (|author= suggested) (help)

[6] Goldwasser, Shafi (2013). "How to Run Turing Machines on Encrypted Data" (PDF). CRYPTO 2013. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)

[1]

[2]

[3]

[4]

[5]

[6]