Online-Offline Functional Encryption for Bounded Collusions

We give a new construction of bounded key functional encryption. Our scheme is well suited for optimization in an online-offline model that allows for preparation in an offline phase, where a majority of the computation is done before the data becomes available. This is followed by an efficient online phase, which is performed when the data becomes known. Such a model has been considered in the context of Attribute-Based Encryption by Hohenberger and Waters (PKC’14). The online component of our scheme significantly outperforms the best previously known construction of bounded key functional encryption by Gorbunov, Vaikuntanathan and Wee (CRYPTO’12), and in fact quasi-linearly depends only on the message size in contrast to the GVW12 ciphertext, which additionally grows as O(q) for q queries. Security of our scheme is based on the Ring LWE assumption, which is comparable to the assumption underlying the GVW scheme and is well-established compared to those underlying known constructions of unbounded key functional encryption (based on multilinear maps and/or obfuscation). To prove security of our scheme, we introduce a new proof technique, which we call noisy functional encryption. Arguing security via this technique requires the encryptor to artificially add noise to the decryption equation, providing an intriguing tradeoff between correctness and security. This technique appears to be quite general and we believe it is likely to have other applications. ∗IIT Delhi, India. Email: shweta.a@gmail.com. Work done (in part) while visiting IDC Herzliya, supported by the ERC under the EU’s Seventh Framework Programme (FP/2007-2013) ERC Grant Agreement n. 307952. Work done (in part) while visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant CNS-1523467. †Efi Arazi School of Computer Science, IDC Herzliya, Israel. Email: alon.rosen@idc.ac.il. Supported by ISF grant no. 1255/12, NSF-BSF Cyber Security and Privacy grant no. 2014/632, and by the ERC under the EU’s Seventh Framework Programme (FP/2007-2013) ERC Grant Agreement n. 307952. Work done (in part) while visiting the Simons Institute for the Theory of Computing, supported by the Simons Foundation and by the DIMACS/Simons Collaboration in Cryptography through NSF grant CNS-1523467.

[1]  Vinod Vaikuntanathan,et al.  Functional Encryption with Bounded Collusions via Multi-party Computation , 2012, CRYPTO.

[2]  Allison Bishop,et al.  Bounded-Collusion IBE from Key Homomorphism , 2012, TCC.

[3]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[4]  Abhi Shelat,et al.  Bounded CCA2-Secure Encryption , 2007, ASIACRYPT.

[5]  Joseph K. Liu,et al.  An Efficient Identity-Based Online/Offline Encryption Scheme , 2009, ACNS.

[6]  Craig Gentry,et al.  Zeroizing Without Low-Level Zeroes: New MMAP Attacks and their Limitations , 2015, CRYPTO.

[7]  Jung Hee Cheon,et al.  Cryptanalysis of the Multilinear Map over the Integers , 2014, EUROCRYPT.

[8]  Yuval Ishai,et al.  COMPUTATIONALLY PRIVATE RANDOMIZING POLYNOMIALS AND THEIR APPLICATIONS , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[9]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[10]  Yael Tauman Kalai,et al.  Robustness of the Learning with Errors Assumption , 2010, ICS.

[11]  Vinod Vaikuntanathan,et al.  Functional Encryption for Inner Product Predicates from Learning with Errors , 2011, IACR Cryptol. ePrint Arch..

[12]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[13]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[14]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[15]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[16]  Brent Waters,et al.  Online/Offline Attribute-Based Encryption , 2014, IACR Cryptol. ePrint Arch..

[17]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[18]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[19]  Brent Waters,et al.  Attribute-Based Encryption for Circuits from Multilinear Maps , 2012, CRYPTO.

[20]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[21]  Brice Minaud,et al.  Cryptanalysis of the New CLT Multilinear Map over the Integers , 2016, EUROCRYPT.

[22]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[23]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[24]  Yupu Hu,et al.  Cryptanalysis of GGH Map , 2016, EUROCRYPT.

[25]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[26]  Yuval Ishai,et al.  How to Garble Arithmetic Circuits , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[27]  J. Cheon,et al.  An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero , 2016, LMS J. Comput. Math..

[28]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[29]  Abhishek Jain,et al.  Indistinguishability Obfuscation from Compact Functional Encryption , 2015, CRYPTO.

[30]  Ivan Damgård,et al.  Semi-Homomorphic Encryption and Multiparty Computation , 2011, IACR Cryptol. ePrint Arch..

[31]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[32]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[33]  Amit Sahai,et al.  Worry-free encryption: functional encryption with public keys , 2010, CCS '10.

[34]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[35]  Fuchun Guo,et al.  Identity-Based Online/Offline Encryption , 2008, Financial Cryptography.

[36]  Anat Paskin-Cherniavsky,et al.  On the Power of Correlated Randomness in Secure Computation , 2013, TCC.

[37]  Brent Waters,et al.  Functional Encryption for Regular Languages , 2012, CRYPTO.

[38]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[39]  Craig Gentry,et al.  Graph-Induced Multilinear Maps from Lattices , 2015, TCC.

[40]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[41]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[42]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[43]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[44]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[45]  Nir Bitansky,et al.  Indistinguishability Obfuscation: From Approximate to Exact , 2016, TCC.

[46]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[47]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[48]  Angelo De Caro,et al.  Simple Functional Encryption Schemes for Inner Products , 2015, IACR Cryptol. ePrint Arch..

[49]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[50]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[51]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[52]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[53]  Eric Miles,et al.  Annihilation Attacks for Multilinear Maps: Cryptanalysis of Indistinguishability Obfuscation over GGH13 , 2016, CRYPTO.

[54]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[55]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[56]  Nir Bitansky,et al.  Indistinguishability Obfuscation from Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[57]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[58]  Damien Stehlé,et al.  Fully Secure Functional Encryption for Linear Functions from Standard Assumptions , 2015 .

[59]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[60]  Craig Gentry,et al.  Fully Secure Functional Encryption without Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[61]  A. Sahai,et al.  Indistinguishability Obfuscation from Functional Encryption for Simple Functions Prabhanjan Ananth , 2015 .

[62]  Omer Paneth,et al.  Public-Coin Concurrent Zero-Knowledge in the Global Hash Model , 2013, TCC.

[63]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[64]  Yehuda Lindell,et al.  Cut-and-Choose Based Two-Party Computation in the Online/Offline and Batch Settings , 2014, IACR Cryptol. ePrint Arch..