Cryptology ePrint Archive: Report 2017/151

Practical Functional Encryption for Quadratic Functions with Applications to Predicate Encryption

Carmen Elisabetta Zaira Baltico and Dario Catalano and Dario Fiore and Romain Gay

Abstract: We present two practically efficient functional encryption schemes for a large class of quadratic functionalities. Specifically, our constructions enable the computation of so-called bilinear maps on encrypted vectors. This represents a practically relevant class of functions that includes, for instance, multivariate quadratic polynomials (over the integers). Our realizations work over asymmetric bilinear groups and are surprisingly efficient and easy to implement. For instance, in our most efficient scheme the public key and each ciphertext consist of \(2n + 1\) and \(4n + 2\) group elements respectively, where n is the dimension of the encrypted vectors, while secret keys are only two group elements. Our two schemes build on similar ideas, but develop them in a different way in order to achieve distinct goals. Our first scheme is proved (selectively) secure under standard assumptions, while our second construction is concretely more efficient and is proved (adaptively) secure in the generic group model. As a byproduct of our functional encryption schemes, we show new predicate encryption schemes for degree-two polynomial evaluation, where ciphertexts consist of only \(O(n)\) group elements. This significantly improves the \(O(n^2)\) bound one would get from inner product encryption-based constructions.

Category / Keywords: public-key cryptography / functional encryption, predicate encryption

Original Publication (with major differences): IACR-CRYPTO-20217

Date: received 16 Feb 2017, last revised 23 Jun 2017

Contact author: rgay at di ens fr

Available format(s): PDF | BibTeX Citation

Note: This is a merged version of ePrint reports 2016/1104 and 2016/1106.

Version: 20170623:084606 (All versions of this report)

Short URL: ia.cr/2017/151

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]