functional encryption

More precisely, a functional encryption scheme for a given functionality $f$ consists of the following four algorithms:

• $(\backslash text\{pk\},\; \backslash text\{msk\})\; \backslash leftarrow\; \backslash textsf\{Setup\}(1^\backslash lambda)$: creates a public key $\backslash text\{pk\}$ and a master secret key $\backslash text\{msk\}$.
• $\backslash text\{sk\}\; \backslash leftarrow\; \backslash textsf\{Keygen\}(\backslash text\{msk\},\; f)$: uses the master secret key to generate a new secret key $\backslash text\{sk\}$ for the function $f$.
• $c\; \backslash leftarrow\; \backslash textsf\{Enc\}(\backslash text\{pk\},\; x)$: uses the public key to encrypt a message $x$.
• $y\; \backslash leftarrow\; \backslash textsf\{Dec\}(\backslash text\{sk\},\; c)$: uses secret key to calculate $y\; =\; f(x)$ where $x$ is the value that $c$ encrypts.

The security of FE requires that any information an adversary learns from an encryption of $x$ is revealed by $f(x)$. Formally, this is defined by simulation.{{Cite book|url=https://books.google.com/books?id=w-39uAEACAAJ&pg=PA555|title=Reusable garbled circuits and succinct functional encryption - Stoc 13 Proceedings of the 2013 ACM Symposium on Theory of Computing|last1=Goldwasser|first1=Shafi|last2=Kalai|first2=Yael|last3=Ada Popa|first3=Raluca|last4=Vaikuntanathan|first4=Vinod|last5=Zeldovich|first5=Nickolai|publisher=ACM|year=2013|isbn=978-1-4503-2029-0|location=New York, NY, USA|pages=555–564|language=en}}

Functional encryption generalizes several existing primitives including Identity-based encryption (IBE) and attribute-based encryption (ABE). In the IBE case, define $F(k,x)$ to be equal to $x$ when $k$ corresponds to an identity that is allowed to decrypt, and $\backslash perp$ otherwise. Similarly, in the ABE case, define $F(k,\; x)\; =\; x$ when $k$ encodes attributes with permission to decrypt and $\backslash perp$ otherwise.

Functional encryption was proposed by Amit Sahai and Brent Waters in 2005{{Cite conference| url=https://books.google.com/books?id=HrCI4ZyuZL0C|pages=457–473 | author1= Amit Sahai | author2= Brent Waters | chapter= Fuzzy Identity-Based Encryption |title= Advances in Cryptology |conference= EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings|date=2005 | editor= Ronald Cramer |publisher=Springer |isbn=978-3-540-25910-7|language=en|lccn=2005926095 }} and formalized by Dan Boneh, Amit Sahai and Brent Waters in 2010.{{cite journal|last=Boneh|first=Dan |author2=Amit Sahai |author3=Brent Waters|title=Functional Encryption: Definitions and Challenges|journal=Proceedings of Theory of Cryptography Conference (TCC) 2011|year=2011|url=http://eprint.iacr.org/2010/543.pdf}} Until recently, however, most instantiations of Functional Encryption supported only limited function classes such as boolean formulae. In 2012, several researchers developed Functional Encryption schemes that support arbitrary functions.{{cite journal|last=Gorbunov|first=Sergey |author2=Hoeteck Wee |author3=Vinod Vaikuntanathan|title=Attribute-Based Encryption for Circuits|year = 2013|journal = Proceedings of STOC}}{{cite web|last=Sahai|first=Amit|author2=Brent Waters|title=Attribute-Based Encryption for Circuits from Multilinear Maps|year=2012 |arxiv=1210.5287 |url=http://eprint.iacr.org/2012/592.pdf}}{{cite book|last1=Goldwasser|first1=Shafi |author2=Yael Kalai |author3=Raluca Ada Popa |author4=Vinod Vaikuntanathan |author5=Nickolai Zeldovich|title=Advances in Cryptology – CRYPTO 2013 |chapter=How to Run Turing Machines on Encrypted Data |series=Lecture Notes in Computer Science |year=2013|volume=8043 |pages=536–553 |doi=10.1007/978-3-642-40084-1_30 |isbn=978-3-642-40083-4 |chapter-url=http://eprint.iacr.org/2013/229.pdf|doi-access=free |hdl=1721.1/91472 |hdl-access=free }}

{{reflist}}

Category:Cryptographic_primitives