Paper 2023/629

Publicly Auditable Functional Encryption

Vlasis Koutsos, Hong Kong University of Science and Technology
Dimitrios Papadopoulos, Hong Kong University of Science and Technology
Abstract

We introduce the notion of publicly auditable functional encryption (PAFE). Compared to standard functional encryption, PAFE operates in an extended setting that includes an entity called auditor, besides key-generating authority, encryptor, and decryptor. The auditor requests function outputs from the decryptor and wishes to check their correctness with respect to the ciphertexts produced by the encryptor, without having access to the functional secret key that is used for decryption. This is in contrast with previous approaches for result verifiability and consistency in functional encryption that aim to ensure decryptors about the legitimacy of the results they decrypt. We propose four different flavors of public auditability with respect to different sets of adversarially controlled parties (only decryptor, encryptor-decryptor, authority-decryptor, and authority-encryptor-decryptor) and provide constructions for building corresponding secure PAFE schemes from standard functional encryption, commitment schemes, and non-interactive witness-indistinguishable proof systems. At the core of our constructions lies the notion of a functional public key, that works as the public analog of the functional secret key of functional encryption and is used for verification purposes by the auditor. Crucially, in order to ensure that these new keys cannot be used to infer additional information about plaintext values (besides the requested decryptions by the auditor), we propose a new indistinguishability-based security definition for PAFE to accommodate not only functional secret key queries (as in standard functional encryption) but also functional public key and decryption queries. Finally, we propose a publicly auditable multi-input functional encryption scheme (MIFE) that supports inner-product functionalities and is secure against adversarial decryptors. Instantiated with existing MIFE using ``El Gamal''-like ciphertexts and Σ-protocols, this gives a lightweight publicly auditable scheme.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. ACNS 2023
Keywords
Functional EncryptionAuditabilityPublic Verifiability
Contact author(s)
vkoutsos @ cse ust hk
dipapado @ cse ust hk
History
2023-05-03: approved
2023-05-02: received
See all versions
Short URL
https://ia.cr/2023/629
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2023/629,
      author = {Vlasis Koutsos and Dimitrios Papadopoulos},
      title = {Publicly Auditable Functional Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2023/629},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/629}},
      url = {https://eprint.iacr.org/2023/629}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.