Paper 2016/1179

Updatable Functional Encryption

Afonso Arriaga, Vincenzo Iovino, and Qiang Tang


Functional encryption (FE) allows an authority to issue tokens associated with various functions, allowing the holder of some token for function f to learn only f(D) from a ciphertext that encrypts D. The standard approach is to model f as a circuit, which yields inefficient evaluations over large inputs. Here, we propose a new primitive that we call updatable functional encryption (UFE), where instead of circuits we deal with RAM programs, which are closer to how programs are expressed in von Neumann architecture. We impose strict efficiency constrains in that the run-time of a token P' on ciphertext CT is proportional to the run-time of its clear-form counterpart (program P on memory D) up to a polylogarithmic factor in the size of D, and we envision tokens that are capable to update the ciphertext, over which other tokens can be subsequently executed. We define a security notion for our primitive and propose a candidate construction from obfuscation, which serves as a starting point towards the realization of other schemes and contributes to the study on how to compute RAM programs over public-key encrypted data.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Mycrypt 2016: Paradigm-shifting Crypto
Updatable functional encryptionRAM modelPersistent memory
Contact author(s)
afonso arriaga @ gmail com
2016-12-30: received
Short URL
Creative Commons Attribution


      author = {Afonso Arriaga and Vincenzo Iovino and Qiang Tang},
      title = {Updatable Functional Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1179},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.