In light of such an inherent difficulty, any meaningful notion of function privacy must be based on the minimal assumption that, from the adversary's point of view, identities that correspond to its given decryption keys are sampled from somewhat unpredictable distributions. We show that this assumption is in fact sufficient for obtaining a strong and realistic notion of function privacy. Loosely speaking, our framework requires that a decryption key corresponding to an identity sampled from any sufficiently unpredictable distribution is indistinguishable from a decryption key corresponding to an independently and uniformly sampled identity.
Within our framework we develop an approach for designing function-private identity-based encryption schemes, leading to constructions that are based on standard assumptions in bilinear groups (DBDH, DLIN) and lattices (LWE). In addition to function privacy, our schemes are also anonymous, and thus yield the first public-key searchable encryption schemes that are provably keyword private: A search key sk_w enables to identify encryptions of an underlying keyword w, while not revealing any additional information about w beyond the minimum necessary, as long as the keyword w is sufficiently unpredictable.
Category / Keywords: public-key cryptography / Publication Info: CRYPTO '13. This is the full version. Date: received 14 May 2013, last revised 25 May 2013 Contact author: segev at stanford edu Available formats: PDF | BibTeX Citation Version: 20130525:201020 (All versions of this report) Discussion forum: Show discussion | Start new discussion