Chosen Ciphertext Secure Functional Encryption from Constrained Witness PRF

Functional encryption generates sophisticated keys for users so that they can learn specific functions of the encrypted message. We provide a generic construction of chosen ciphertext attacks (CCA) secure public-key functional encryption (PKFE) for all polynomial-size circuits. Our PKFE produces succinct ciphertexts that are independent of the size and depth of the circuit class under consideration. We accomplish our goal in two steps. First, we define a new cryptographic tool called constrained witness pseudorandom function (CWPRF) which is motivated by combining WPRF of Zhandry (TCC 2016) and constrained PRF of Boneh and Waters (ASIACRYPT 2013). More specifically, CWPRF computes pseudorandom values associated with NP statements and generates constrained keys for boolean functions. We can recompute the pseudorandom value corresponding to a particular statement either using a public evaluation key with a valid witness for the statement or applying a constrained key for a function that satisfies the statement. We construct CWPRF by coupling indistinguishability obfuscation (iO) and CPRF supporting all polynomial-size functions. In the second and main technical step, we show a generic construction of a CCA secure PKFE for all circuits utilizing our CWPRF. It has been observed that obtaining PKFE supporting all circuits is already a complex task and iO-based constructions of PKFEs are only proven to be chosen plaintext attacks (CPA) secure. On the other hand, existing CCA secure functional encryption schemes are designed for specific functions such as equality testing, membership testing, linear function etc. We emphasize that our construction presents the first CCA secure PKFE for all circuits along with succinct ciphertexts.

[1]  Eike Kiltz,et al.  Direct Chosen-Ciphertext Secure Identity-Based Key Encapsulation without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[2]  Dan Boneh,et al.  Constraining Pseudorandom Functions Privately , 2015, Public Key Cryptography.

[3]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[4]  Dan Boneh,et al.  Private Puncturable PRFs from Standard Lattice Assumptions , 2017, EUROCRYPT.

[5]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2006 .

[6]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[7]  Johannes Blömer,et al.  Construction of Fully CCA-Secure Predicate Encryptions from Pair Encoding Schemes , 2016, CT-RSA.

[8]  Nir Bitansky,et al.  Indistinguishability Obfuscation from Functional Encryption , 2018, J. ACM.

[9]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[10]  Goichiro Hanaoka,et al.  Adversary-Dependent Lossy Trapdoor Function from Hardness of Factoring Semi-smooth RSA Subgroup Moduli , 2016, CRYPTO.

[11]  Goichiro Hanaoka,et al.  Chosen Ciphertext Security via Point Obfuscation , 2014, TCC.

[12]  Ratna Dutta,et al.  Semi-Adaptively Secure Offline Witness Encryption from Puncturable Witness PRF , 2020, ProvSec.

[13]  Goichiro Hanaoka,et al.  Constructing and Understanding Chosen Ciphertext Security via Puncturable Key Encapsulation Mechanisms , 2015, TCC.

[14]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[15]  Goichiro Hanaoka,et al.  Generic Constructions for Chosen-Ciphertext Secure Attribute Based Encryption , 2011, Public Key Cryptography.

[16]  Chris Peikert,et al.  Noninteractive Zero Knowledge for NP from (Plain) Learning With Errors , 2019, IACR Cryptol. ePrint Arch..

[17]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[18]  Fabrice Benhamouda,et al.  CCA-Secure Inner-Product Functional Encryption from Projective Hash Functions , 2017, IACR Cryptol. ePrint Arch..

[19]  Brent Waters,et al.  Lossy Trapdoor Functions and Their Applications , 2011, SIAM J. Comput..

[20]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[21]  Amit Sahai,et al.  Indistinguishability Obfuscation from Well-Founded Assumptions , 2020, IACR Cryptol. ePrint Arch..

[22]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Identity-Based Encryption in the Standard Model with short Ciphertexts , 2006, IACR Cryptol. ePrint Arch..

[23]  Mark Zhandry,et al.  How to Avoid Obfuscation Using Witness PRFs , 2016, TCC.

[24]  Ratna Dutta,et al.  Offline Witness Encryption from Witness PRF and Randomized Encoding in CRS Model , 2019, ACISP.

[25]  Brent Waters,et al.  Constrained Pseudorandom Functions and Their Applications , 2013, ASIACRYPT.

[26]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[27]  Ratna Dutta,et al.  Chosen-Ciphertext Secure Multi-Identity and Multi-Attribute Pure FHE , 2020, IACR Cryptol. ePrint Arch..

[28]  Fuyuki Kitagawa,et al.  CPA-to-CCA Transformation for KDM Security , 2019, IACR Cryptol. ePrint Arch..

[29]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[30]  Tapas Pandit,et al.  Generic Conversions from CPA to CCA secure Functional Encryption , 2015, IACR Cryptol. ePrint Arch..

[31]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[32]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[33]  Brent Waters,et al.  Realizing Chosen Ciphertext Security Generically in Attribute-Based Encryption and Predicate Encryption , 2019, IACR Cryptol. ePrint Arch..