Function Private Functional Encryption and Property Preserving Encryption : New Definitions and Positive Results

This work furthers the exploration of meaningful definitions for security of Functional Encryption. We propose new simulation based definitions for function privacy in addition to data privacy and study their achievability. In addition, we improve efficiency/ underlying assumptions/ security achieved by existing inner product Functional Encryption and Property Preserving Encryption schemes, in both the private and public key setting. Our results can be summarized as follows: • We present a new simulation based definition, which we call Relax-AD-SIM, that lies between simulation based (SIM) and indistinguishability based (IND) definitions for data privacy, and implies the function privacy definition of [BRS13a]. Our definition relaxes the requirements on the simulator to bypass impossibility of SIM in the standard model. We show that the inner product FE scheme of [KSW08] enjoys Relax-AD-SIM security for function hiding and the inner product FE scheme of [LOS10] enjoys Relax-AD-SIM security for data hiding. • We study whether known impossibilities for achieving strong SIM based security imply actual real world attacks. For this, we present a new UC-style SIM based definition of security that captures both data and function hiding, both public key and symmetric key settings and represents the “dream” security of FE. While known impossibilities rule out its achievability in the standard model, we show, surprisingly, that it can be achieved in the generic group model for Inner Product FE ([KSW08]). This provides evidence that FE implementations may enjoy extremely strong security against a large class of real world attacks, namely generic attacks. It also implies a program obfuscator for the inner product functionality in the generic group model, which is related to the hyperplane-membership obfuscator of [CRV10]. • We provide several improvements to known constructions of Inner Product FE. In the private key setting, the construction by Shen et al. was based on non-standard assumptions, used composite order groups, and only achieved selective security. We give the first construction of a symmetric key inner product FE which is built using prime order groups, and is fully secure under the standard DLIN assumption. Our scheme is more efficient in the size of key and ciphertext than [SSW09], when the latter is converted to prime-order groups. We also port the public key inner product scheme of [KSW08] to prime order groups. • We give the first standard model construction of a property preserving encryption (PPE) scheme [PR12] for inner-products. Our scheme is secure under the DLIN assumption and satisfies the strongest definition of security – Left-or-Right security. Note that previously known constructions were only known to be secure in the generic group model. ∗UIUC. Email: sagrawl2@illinois.edu. †I.I.T, Delhi. Email: shweta.a@gmail.com. ‡UIUC. Email: bsaikrishna7393@gmail.com. §UCLA Email: abishekk@cs.ucla.edu. ¶UIUC. Email: manojmp@gmail.com. ‖UCLA Email: sahai@cs.ucla.edu.

[1]  Vinod Vaikuntanathan,et al.  Functional Encryption: New Perspectives and Lower Bounds , 2013, IACR Cryptol. ePrint Arch..

[2]  Yannis Rouselakis,et al.  Property Preserving Symmetric Encryption , 2012, EUROCRYPT.

[3]  Tatsuaki Okamoto,et al.  Hierarchical Predicate Encryption for Inner-Products , 2009, ASIACRYPT.

[4]  Manuel Barbosa,et al.  On the Semantic Security of Functional Encryption Schemes , 2013, Public Key Cryptography.

[5]  Brent Waters,et al.  Functional Encryption for Regular Languages , 2012, CRYPTO.

[6]  Alfred Menezes,et al.  Another look at generic groups , 2007, Adv. Math. Commun..

[7]  Craig Costello Particularly Friendly Members of Family Trees , 2012, IACR Cryptol. ePrint Arch..

[8]  David Mandell Freeman,et al.  Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10 , 2006, ANTS.

[9]  Ran Canetti,et al.  Obfuscation of Hyperplane Membership , 2010, TCC.

[10]  Vinod Vaikuntanathan,et al.  Functional Encryption with Bounded Collusions via Multi-party Computation , 2012, CRYPTO.

[11]  Dan Boneh,et al.  Function-Private Identity-Based Encryption: Hiding the Function in Functional Encryption , 2013, CRYPTO.

[12]  Dan Boneh,et al.  Function-Private Subspace-Membership Encryption and Its Applications , 2013, IACR Cryptol. ePrint Arch..

[13]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[14]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[15]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[16]  Brent Waters,et al.  Attribute-Based Encryption for Circuits from Multilinear Maps , 2012, CRYPTO.

[17]  Brent Waters,et al.  Building efficient fully collusion-resilient traitor tracing and revocation schemes , 2010, CCS '10.

[18]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[19]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[20]  Mihir Bellare,et al.  Semantically-Secure Functional Encryption: Possibility Results, Impossibility Results and the Quest for a General Definition , 2013, CANS.

[21]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[22]  Francisco Rodríguez-Henríquez,et al.  Implementing Pairings at the 192-bit Security Level , 2012, IACR Cryptol. ePrint Arch..

[23]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[24]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[25]  Manoj Prabhakaran,et al.  Cryptographic Agents: Towards a Unified Theory of Computing on Encrypted Data , 2015, EUROCRYPT.

[26]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[27]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[28]  Dan Boneh,et al.  Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE , 2010, CRYPTO.

[29]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[30]  Vinod Vaikuntanathan,et al.  Functional Encryption for Inner Product Predicates from Learning with Errors , 2011, IACR Cryptol. ePrint Arch..

[31]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[32]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[33]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[34]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[35]  Yael Tauman Kalai,et al.  How to Run Turing Machines on Encrypted Data , 2013, CRYPTO.

[36]  David Mandell Freeman,et al.  Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups , 2010, EUROCRYPT.

[37]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[38]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[39]  Tatsuaki Okamoto,et al.  Homomorphic Encryption and Signatures from Vector Decomposition , 2008, Pairing.

[40]  Elaine Shi,et al.  Predicate Privacy in Encryption Systems , 2009, IACR Cryptol. ePrint Arch..

[41]  Allison Lewko,et al.  Tools for simulating features of composite order bilinear groups in the prime order setting , 2012 .

[42]  Mark Zhandry,et al.  Differing-Inputs Obfuscation and Applications , 2013, IACR Cryptol. ePrint Arch..

[43]  Omer Paneth,et al.  On the Achievability of Simulation-Based Security for Functional Encryption , 2013, CRYPTO.

[44]  Michael Scott,et al.  A Taxonomy of Pairing-Friendly Elliptic Curves , 2010, Journal of Cryptology.

[45]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[46]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[47]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[48]  Sanjit Chatterjee,et al.  Property Preserving Symmetric Encryption Revisited , 2015, ASIACRYPT.

[49]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[50]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[51]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.