We show that defining security for functional encryption is non-trivial. First, we show that a natural game-based definition is inadequate for some functionalities. We then present a natural simulation-based definition and show that it (provably) cannot be satisfied in the standard model, but can be satisfied in the random oracle model. We show how to map many existing concepts to our formalization of functional encryption and conclude with several interesting open problems in this young area.
Category / Keywords: Date: received 24 Oct 2010, last revised 4 Jan 2011 Contact author: bwaters at cs utexas edu Available format(s): PDF | BibTeX Citation Version: 20110104:075754 (All versions of this report) Short URL: ia.cr/2010/543