Cryptology ePrint Archive: Report 2017/319

Embed-Augment-Recover: Function Private Predicate Encryption from Minimal Assumptions in the Public-Key Setting

Sikhar Patranabis and Debdeep Mukhopadhyay

Abstract: We present a new class of public-key predicate encryption schemes that are provably function private in the standard model under well-known cryptographic assumptions, and assume predicate distributions satisfying realistic min-entropy requirements. More concretely, we present public-key constructions for identity-based encryption (IBE) and inner-product encryption (IPE) that are computationally function private in the standard model under a family of weaker variants of the DLIN assumption. Existing function private constructions in the public-key setting impose highly stringent requirements on the min-entropy of predicate distributions, thereby limiting their applicability in the context of real-world predicates. For example, the statistically function private constructions of Boneh, Raghunathan and Segev (CRYPTO'13 and ASIACRYPT'13) are inherently restricted to predicate distributions with min-entropy roughly proportional to $\lambda$, where $\lambda$ is the security parameter. Our constructions allow relaxing this min-entropy requirement to $\omega(\log\lambda)$, while achieving a computational notion of function privacy against probabilistic polynomial-time adversaries, which suffices for most real-world applications. Our constructions also avoid the need for strong assumptions such as indistinguishability obfuscation.

Category / Keywords: Predicate Encryption, Public-Key, Function Privacy, Computational Indistinguishability, Min-Entropy, Identity-Based Encryption, Inner-Product Encryption

Date: received 11 Apr 2017, last revised 18 Sep 2017

Contact author: sikhar patranabis at iitkgp ac in

Available format(s): PDF | BibTeX Citation

Note: The paper is augmented with a revised related work section

Version: 20170918:062155 (All versions of this report)

Short URL: ia.cr/2017/319

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]