[Resource Topic] 2011/337: Functional Re-encryption and Collusion-Resistant Obfuscation

Welcome to the resource topic for 2011/337

Functional Re-encryption and Collusion-Resistant Obfuscation

Authors: Nishanth Chandran, Melissa Chase, Vinod Vaikuntanathan


We introduce a natural cryptographic functionality called \emph{functional re-encryption}. Informally, this functionality, for a public-key encryption scheme and a function F with n possible outputs, transforms (re-encrypts") an encryption of a message $m$ under an input public key" \pk into an encryption of the same message m under one of the n ``output public keys", namely the public key indexed by F(m). In many settings, one might require that the program implementing the functional re-encryption functionality should reveal nothing about both the input secret key \sk as well as the function F. As an example, consider a user Alice who wants her email server to share her incoming mail with one of a set of n recipients according to an access policy specified by her function F, but who wants to keep this access policy private from the server. Furthermore, in this setting, we would ideally obtain an even stronger guarantee: that this information remains hidden even when some of the n recipients may be corrupted. To formalize these issues, we introduce the notion of \emph{collusion-resistant obfuscation} and define this notion with respect to average-case secure obfuscation (Hohenberger \emph{et al.} - TCC 2007). We then provide a construction of a functional re-encryption scheme for any function F with a polynomial-size domain and show that it satisfies this notion of collusion-resistant obfuscation. We note that collusion-resistant security can be viewed as a special case of dependent auxiliary input security (a setting where virtually no positive results are known), and this notion may be of independent interest. Finally, we show that collusion-resistant obfuscation of functional re-encryption for a function F gives a way to obfuscate F in the sense of Barak {\em et al.} (CRYPTO 2001), indicating that this task is impossible for arbitrary (polynomial-time computable) functions F.

ePrint: https://eprint.iacr.org/2011/337

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .