Cryptology ePrint Archive: Report 2015/470

On the power of Public-key Functional Encryption with Function Privacy

Vincenzo Iovino and Qiang Tang and Karol Żebrowski

Abstract: In the public-key setting, known constructions of function-private functional encryption (FPFE) were limited to very restricted classes of functionalities like inner-product [Agrawal et al. - PKC 2015]. Moreover, its power has not been well investigated. In this paper, we construct FPFE for general functions and explore its powerful applications (both for general functions and for specific efficient instantiations).

As warmup, we construct from FPFE a natural generalization of a signature scheme endowed with functional properties, that we call functional anonymous signature (FAS) scheme. In a FAS, Alice can sign a circuit $C$ chosen from some distribution $D$ to get a signature $\sigma$ and can publish a verification key that allows anybody holding a message $m$ to verify that (1) $\sigma$ is a valid signature of Alice for some (possibly unknown to him) circuit $C$ and (2) $C(m)=1$. Beyond unforgeability the security of FAS guarantees that the signature $\sigma$ hide as much information as possible about $C$ except what can be inferred from knowledge of $D$.

Then, we show that FPFE can be used to construct in a black-box way functional encryption schemes for randomized functionalities (RFE). Previous constructions of (public-key) RFE relied on iO [Goyal et al. - TCC 2015].

As further application, we show that efficient instantiations of FPFE can be used to achieve adaptively-secure CNF/DNF encryption for bounded degree formulae (BoolEnc). Though it was known how to implement BoolEnc from inner-product encryption [Katz et al. - EUROCRYPT 2008], as already observed by Katz et al. this reduction only works for selective security and completely breaks down for adaptive security. For this application we only need weak assumptions and the resulting adaptively-secure BoolEnc scheme is efficient.

Finally, we present a general picture of the relations among all these related primitives. One key observation is that Attribute-based Encryption with function privacy implies FE, a notable fact that sheds light on the importance of the function privacy property for FE.

Category / Keywords: Functional Encryption, Function Privacy, Inner-product Encryption, Obfuscation, Digital Signatures

Date: received 19 May 2015, last revised 28 Apr 2016

Contact author: vinciovino at gmail com

Available format(s): PDF | BibTeX Citation

Note: Updated with the application to BoolEnc

Version: 20160428:141853 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]