Cryptology ePrint Archive: Report 2020/137

Consistency for Functional Encryption

Christian Badertscher and Aggelos Kiayias and Markulf Kohlweiss and Hendrik Waldner

Abstract: In functional encryption (FE) a sender, Alice, encrypts plaintexts that a receiver, Bob, can obtain functional evaluations of, while Charlie is responsible for initializing the encryption keys and issuing the decryption keys. Standard notions of security for FE deal with a malicious Bob and how the confidentiality of Alice's messages can be maintained taking into account the leakage that occurs due to the functional keys that are revealed to the adversary via various forms of indistinguishability experiments that correspond to IND-CPA, IND-CCA and simulation-based security. In this work we provide a complete and systematic investigation of Consistency, a natural security property for FE, that deals with attacks that can be mounted by Alice, Charlie or a collusion of the two against Bob. We develop three main types of consistency notions according to which set of parties is corrupted and investigate their relation to the standard security properties of FE.

We then provide explicit constructions that achieve consistency either directly via a construction based on MDDH for specific function classes of inner products over a modulo group or generically for all the consistency types via compilers using standard cryptographic tools. Finally, we put forth a universally composable treatment of FE and we show that our consistency notions naturally complement FE security by proving how they imply (and are implied by) UC security depending on which set of parties is corrupted thereby yielding a complete characterization of consistency for FE.

Category / Keywords: foundations / Functional Encryption, Consistency, Compilers, Composable Security

Date: received 8 Feb 2020

Contact author: christian badertscher at ed ac uk,mkohlwei@ed ac uk,akiayias@inf ed ac uk,hendrik waldner@ed ac uk

Available format(s): PDF | BibTeX Citation

Version: 20200210:173942 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]