Paper 2015/1017

Functional Encryption: Decentralised and Delegatable

Nishanth Chandran, Vipul Goyal, Aayush Jain, and Amit Sahai

Abstract

Recent advances in encryption schemes have allowed us to go far beyond point to point encryption, the scenario typically envisioned in public key encryption. In particular, Functional Encryption (FE) allows an authority to provide users with keys corresponding to various functions, such that a user with a secret key corresponding to a function $f$, can compute $f(m)$ (and only that) from a cipher-text that encrypts $m$. While FE is a very powerful primitive, a key downside is the requirement of a central point of trust. FE requires the assumption of a central trusted authority which performs the system setup as well as manages the credentials of every party in the system on an ongoing basis. This is in contrast to public key infrastructure which may have multiple certificate authorities and allows a party to have different (and varying) level of trust in them. \\ \\ In this work, we address this issue of trust in two ways: \begin{itemize} \item First, we ask how realistic it is to have a central authority that manages all credentials and is trusted by everyone? For example, one may need to either obtain the permission of an income tax official or the permission of the police department and a court judge in order to be able to obtain specific financial information of a user from encrypted financial data. Towards that end, we introduce a new primitive that we call {\em Multi-Authority Functional Encryption} (MAFE) as a generalization of both Functional Encryption and Multi-Authority Attribute-Based Encryption (MABE). We show how to obtain MAFE for arbitrary polynomial-time computations based on subexponentially secure indistinguishability obfuscation and injective one-way functions. \item Second, we consider the notion of \emph{delegatable} functional encryption where any user in the system may independently act as a key generation authority. In delegatable FE, any user may derive a decryption key for a policy which is ``more restrictive" than its own. Thus, in delegatable functional encryption, keys can be generated in a hierarchical way, instead of directly by a central authority. In contrast to MAFE, however, in a delegatable FE scheme, the trust still ``flows'' outward from the central authority. \end{itemize} Finally, we remark that our techniques are of independent interest: we construct FE in arguably a more natural way where a decryption key for a function $f$ is simply a signature on $f$. Such a direct approach allows us to obtain a construction with interesting properties enabling multiple authorities as well as delegation.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Functional Encryption
Contact author(s)
aayushjainiitd @ gmail com
History
2015-11-03: revised
2015-10-21: received
See all versions
Short URL
https://ia.cr/2015/1017
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/1017,
      author = {Nishanth Chandran and Vipul Goyal and Aayush Jain and Amit Sahai},
      title = {Functional Encryption: Decentralised and Delegatable},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1017},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/1017}},
      url = {https://eprint.iacr.org/2015/1017}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.