Cryptology ePrint Archive: Report 2010/556

Definitional Issues in Functional Encryption

Adam O'Neill

Abstract: We provide a formalization of the emergent notion of ``functional encryption,'' as well as introduce various security notions for it, and study relations among the latter. In particular, we show that indistinguishability and semantic security based notions of security are {\em inequivalent} for functional encryption in general; in fact, ``adaptive'' indistinguishability does not even imply ``non-adaptive'' semantic security. This is alarming given the large body of work employing (special cases of) the former. We go on to show, however, that in the ``non-adaptive'' case an equivalence does hold between indistinguishability and semantic security for what we call {\em preimage sampleable} schemes. We take this as evidence that for preimage sampleable schemes an indistinguishability based notion may be acceptable in practice. We show that some common functionalities considered in the literature satisfy this requirement.

Category / Keywords: public-key cryptography /

Date: received 30 Oct 2010, last revised 18 Mar 2011

Contact author: adamo at cs utexas edu

Available format(s): PDF | BibTeX Citation

Version: 20110319:050336 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]