[Resource Topic] 2015/1017: Functional Encryption: Decentralised and Delegatable

Welcome to the resource topic for 2015/1017

Functional Encryption: Decentralised and Delegatable

Authors: Nishanth Chandran, Vipul Goyal, Aayush Jain, Amit Sahai


Recent advances in encryption schemes have allowed us to go far beyond point to point encryption, the scenario typically envisioned in public key encryption. In particular, Functional Encryption (FE) allows an authority to provide users with keys corresponding to various functions, such that a user with a secret key corresponding to a function f, can compute f(m) (and only that) from a cipher-text that encrypts m. While FE is a very powerful primitive, a key downside is the requirement of a central point of trust. FE requires the assumption of a central trusted authority which performs the system setup as well as manages the credentials of every party in the system on an ongoing basis. This is in contrast to public key infrastructure which may have multiple certificate authorities and allows a party to have different (and varying) level of trust in them. \ \ In this work, we address this issue of trust in two ways: \begin{itemize} \item First, we ask how realistic it is to have a central authority that manages all credentials and is trusted by everyone? For example, one may need to either obtain the permission of an income tax official or the permission of the police department and a court judge in order to be able to obtain specific financial information of a user from encrypted financial data. Towards that end, we introduce a new primitive that we call {\em Multi-Authority Functional Encryption} (MAFE) as a generalization of both Functional Encryption and Multi-Authority Attribute-Based Encryption (MABE). We show how to obtain MAFE for arbitrary polynomial-time computations based on subexponentially secure indistinguishability obfuscation and injective one-way functions. \item Second, we consider the notion of \emph{delegatable} functional encryption where any user in the system may independently act as a key generation authority. In delegatable FE, any user may derive a decryption key for a policy which is more restrictive" than its own. Thus, in delegatable functional encryption, keys can be generated in a hierarchical way, instead of directly by a central authority. In contrast to MAFE, however, in a delegatable FE scheme, the trust still flows’’ outward from the central authority. \end{itemize} Finally, we remark that our techniques are of independent interest: we construct FE in arguably a more natural way where a decryption key for a function f is simply a signature on f. Such a direct approach allows us to obtain a construction with interesting properties enabling multiple authorities as well as delegation.

ePrint: https://eprint.iacr.org/2015/1017

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .