## Cryptology ePrint Archive: Report 2016/962

On Removing Graded Encodings from Functional Encryption

Nir Bitansky and Huijia Lin and Omer Paneth

Abstract: Functional encryption (FE) has emerged as an outstanding concept. By now, we know that beyond the immediate application to computation over encrypted data, variants with {\em succinct ciphertexts} are so powerful that they yield the full might of indistinguishability obfuscation (IO). Understanding how, and under which assumptions, such succinct schemes can be constructed has become a grand challenge of current research in cryptography. Whereas the first schemes were based themselves on IO, recent progress has produced constructions based on {\em constant-degree graded encodings}. Still, our comprehension of such graded encodings remains limited, as the instantiations given so far have exhibited different vulnerabilities.

Our main result is that, assuming LWE, {\em black-box constructions} of {\em sufficiently succinct} FE schemes from constant-degree graded encodings can be transformed to rely on a much better-understood object --- {\em bilinear groups}. In particular, under an {\em \"{u}ber assumption} on bilinear groups, such constructions imply IO in the plain model. The result demonstrates that the exact level of ciphertext succinctness of FE schemes is of major importance. In particular, we draw a fine line between known FE constructions from constant-degree graded encodings, which just fall short of the required succinctness, and the holy grail of basing IO on better-understood assumptions.

In the heart of our result, are new techniques for removing ideal graded encoding oracles from FE constructions. Complementing the result, for weaker ideal models, namely the generic-group model and the random-oracle model, we show a transformation from {\em collusion-resistant} FE in either of the two models directly to FE (and IO) in the plain model, without assuming bilinear groups.

Category / Keywords: foundations / functional-encryption, obfuscation, graded-encodings, bilinear-groups

Original Publication (with minor differences): IACR-EUROCRYPT-2017

Date: received 4 Oct 2016, last revised 7 Apr 2017

Contact author: nirbitan at csail mit edu

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2016/962

[ Cryptology ePrint archive ]