### Dynamic Collusion Bounded Functional Encryption from Identity-Based Encryption

Rachit Garg, Rishab Goyal, George Lu, and Brent Waters

##### Abstract

Functional Encryption is a powerful notion of encryption in which each decryption key is associated with a function $f$ such that decryption recovers the function evaluation $f(m)$. Informally, security states that a user with access to function keys $\mathsf{sk}_{f_1}, \mathsf{sk}_{f_2}, \ldots$ (and so on) can only learn $f_1(m), f_2(m), \ldots$ (and so on) but nothing more about the message. The system is said to be $q$-bounded collusion resistant if the security holds as long as an adversary gets access to at most $q = q(\lambda)$ function keys. A major drawback of such "statically" bounded collusion systems is that the collusion bound $q$ must be declared at setup time and is fixed for the entire lifetime of the system. We initiate the study of "dynamically" bounded collusion resistant functional encryption systems which provide more flexibility in terms of selecting the collusion bound, while reaping the benefits of statically bounded collusion FE systems (such as quantum resistance, simulation security, and general assumptions). Briefly, the virtues of a dynamically bounded scheme can be summarized as: (i) [Fine-grained individualized selection.] It lets each encryptor select the collusion bound by weighing the trade-off between performance overhead and the amount of collusion resilience. (ii) [Evolving encryption strategies.] Since the system is no longer tied to a single collusion bound, thus it allows to dynamically adjust the desired collusion resilience based on any number of evolving factors such as the age of the system, or a number of active users, etc. (iii) [Ease and simplicity of updatability.] None of the system parameters have to be updated when adjusting the collusion bound. That is, the same key $\mathsf{sk}_f$ can be used to decrypt ciphertexts for collusion bound $q = 2$ as well as $q = 2^\lambda$. We construct such a dynamically bounded functional encryption scheme for the class of all polynomial-size circuits under the general assumption of Identity-Based Encryption.

Available format(s)
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Functional Encryption
Contact author(s)
rachg96 @ cs utexas edu
goyal @ utexas edu
gclu @ cs utexas edu
bwaters @ cs utexas edu
History
2021-07-19: revised
See all versions
Short URL
https://ia.cr/2021/847

CC BY

BibTeX

@misc{cryptoeprint:2021/847,
author = {Rachit Garg and Rishab Goyal and George Lu and Brent Waters},
title = {Dynamic Collusion Bounded Functional Encryption from Identity-Based Encryption},
howpublished = {Cryptology ePrint Archive, Paper 2021/847},
year = {2021},
note = {\url{https://eprint.iacr.org/2021/847}},
url = {https://eprint.iacr.org/2021/847}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.