Cryptology ePrint Archive: Report 2015/470

On the power of Public-key Functional Encryption with Function Privacy

Vincenzo Iovino and Karol Zebrowski

Abstract: n CRYPTO 2014 Bitansky et al. introduced a natural strengthening of indistinguishability obfuscation (iO) called strong iO (siO) and showed candidate constructions of such primitive from reasonable assumptions. In this paper, assuming quasi-siO, a natural weakening of siO, for a class of circuits C we construct a public-key functional encryption (FE) scheme with function privacy (FPFE) for the same class C. In the public-key setting known constructions of FPFE were limited to very restricted classes of functionalities like inner-product [Agrawal et al. - PKC 2015] whereas ours can be instantiated for general functionalities. Then, inspired by the Naor’s transformation from IBE to signature schemes, we construct from FPFE a natural generalization of a signature scheme endowed with functional properties, that we call functional anonymous signature (FAS) scheme. In a FAS (that we show to be equivalent to quasi-siO and FPFE), Alice can sign a circuit C chosen from some distribution D to get a signature $\sigma$ and can publish a verification key that allows anybody holding a message m to verify that (1) $\sigma$ is a valid signature of Alice for some (possibly unknown to him) circuit C and (2) C(m) = 1. Beyond unforgeability the security of FAS guarantees that the signature hide as much information as possible about C except what can be inferred from knowledge of D. As other application of FPFE, we show that it can be used to construct in a black-box way (without using obfuscation directly) FE for randomized functionalities (RFE). Previous constructions of (public-key) RFE relied on iO [Goyal et al. - TCC 2015]. Furthermore, our constructions of FPFE and RFE naturally generalize to the multi-inputs setting. Finally, we present a general picture of the relations among all these related primitives. One of the key points that such implications draw is that Attribute-based Encryption with function privacy implies FE, a notable fact that sheds light on the importance and power of function privacy for FE.

Category / Keywords: Functional Encryption, Function Privacy, Obfuscation, Digital Signatures

Date: received 19 May 2015, last revised 28 May 2015

Contact author: vincenzo iovino at uni lu

Available format(s): PDF | BibTeX Citation

Note: on spp and typos

Version: 20150528:225556 (All versions of this report)

Short URL: ia.cr/2015/470

Discussion forum: Show discussion | Start new discussion