Paper 2013/559

A Definitional Framework for Functional Encryption

Christian Matt and Ueli Maurer


Functional encryption (FE) is a powerful generalization of various types of encryption. We investigate how FE can be used by a trusted authority to enforce access-control policies to data stored in an untrusted repository. Intuitively, if (functionally) encrypted data items are put in a publicly-readable repository, the effect of the encryption should be that every user has access to exactly (and only) those functions of the data items for which he has previously received the corresponding decryption key. That is, in an ideal-world view, the key authority can flexibly manage read access of users to the repository. This appears to be exactly what FE is supposed to achieve, and most natural applications of FE can be understood as specific uses of such a repository with access control. However, quite surprisingly, it is unclear whether known security definitions actually achieve this goal and hence whether known FE schemes can be used in such an application. In fact, there seems to be agreement in the cryptographic community that identifying the right security definitions for FE remains open. To resolve this problem, we treat FE in the constructive cryptography framework and propose a new conventional security definition, called composable functional encryption security (CFE-security), which exactly matches the described ideal-world interpretation. This definition (and hence the described application) is shown to be unachievable in the standard model but achievable in the random oracle model. Moreover, somewhat weaker definitions, which are achievable in the standard model, can be obtained by certain operational restrictions of the ideal-world repository, making explicit how schemes satisfying such a definition can (and cannot) meaningfully be used. Finally, adequate security definitions for generalizations of FE (such as multi-input, randomized functions, malicious ciphertext generation, etc.) can be obtained by straight-forward operational extensions of the repository and extracting the corresponding security definitions. This leads towards a unified treatment of the security of FE.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Major revision. IEEE 28th Computer Security Foundations Symposium (CSF), 2015
functional encryptionconstructive cryptographycomposabilitydefinitions
Contact author(s)
mattc @ inf ethz ch
2015-09-08: last of 2 revisions
2013-09-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Christian Matt and Ueli Maurer},
      title = {A Definitional Framework for Functional Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2013/559},
      year = {2013},
      doi = {10.1109/CSF.2015.22},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.