Upgrading to Functional Encryption

The notion of Functional Encryption (FE) has recently emerged as a strong primitive with several exciting applications. In this work, we initiate the study of the following question: Can existing public key encryption schemes be “upgraded” to Functional Encryption schemes without changing their public keys or the encryption algorithm? We call a public-key encryption scheme with this property to be FE-compatible. Indeed, assuming ideal obfuscation, it is easy to see that every CCA-secure public-key encryption scheme is FE-compatible. Despite the recent success in using indistinguishability obfuscation to replace ideal obfuscation for many applications, we show that this phenomenon most likely will not apply here. We show that assuming fully homomorphic encryption and the learning with errors (LWE) assumption, there exists a CCA-secure encryption scheme that is provably not FE-compatible. We also show that a large class of natural CCA-secure encryption schemes proven secure in the random oracle model are not FE-compatible in the random oracle model.

[1]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[2]  Daniel Wichs,et al.  Obfuscating Compute-and-Compare Programs under LWE , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[3]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[4]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[5]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[6]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[7]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[8]  Steven Myers,et al.  Bit Encryption Is Complete , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[9]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[10]  Brent Waters,et al.  A Punctured Programming Approach to Adaptively Secure Functional Encryption , 2015, CRYPTO.

[11]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[12]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[13]  A. D. Santis,et al.  Zero-Knowledge Proofs of Knowledge Without Interaction (Extended Abstract) , 1992, FOCS 1992.

[14]  Amit Sahai,et al.  Multi-input Functional Encryption for Unbounded Arity Functions , 2015, ASIACRYPT.

[15]  Kai-Min Chung,et al.  On Extractability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[16]  Goichiro Hanaoka,et al.  Chosen Ciphertext Security via UCE , 2014, Public Key Cryptography.

[17]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[18]  Jakob Jonsson,et al.  Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.

[19]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[20]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[21]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[22]  Satoshi Hada,et al.  Zero-Knowledge and Code Obfuscation , 2000, ASIACRYPT.

[23]  Abhishek Jain,et al.  Indistinguishability Obfuscation from Compact Functional Encryption , 2015, CRYPTO.

[24]  Zvika Brakerski,et al.  Hierarchical Functional Encryption , 2015, IACR Cryptol. ePrint Arch..

[25]  Allison Bishop,et al.  Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security , 2012, EUROCRYPT.

[26]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[27]  Brent Waters,et al.  Lockable Obfuscation , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[28]  Craig Gentry,et al.  Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness , 2010, CRYPTO.

[29]  Brent Waters,et al.  Universal Signature Aggregators , 2015, EUROCRYPT.

[30]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[31]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[32]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[33]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[34]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.