Consistency for Functional Encryption

In functional encryption (FE) a sender, Alice, encrypts plaintexts that a receiver, Bob, can obtain functional evaluations of, while Charlie is responsible for initializing the encryption keys and issuing the decryption keys. Standard notions of security for FE deal with a malicious Bob and how the confidentiality of Alice’s messages can be maintained taking into account the leakage that occurs due to the functional keys that are revealed to the adversary via various forms of indistinguishability experiments that correspond to IND-CPA, IND-CCA and simulation-based security. In this work we provide a complete and systematic investigation of Consistency, a natural security property for FE, that deals with attacks that can be mounted by Alice, Charlie or a collusion of the two against Bob. We develop three main types of consistency notions according to which set of parties is corrupted and investigate their relation to the standard security properties of FE. We then provide explicit constructions that achieve consistency either directly via a construction based on MDDH for specific function classes of inner products over a modulo group or generically for all the consistency types via compilers using standard cryptographic tools. Finally, we put forth a universally composable treatment of FE and we show that our consistency notions naturally complement FE security by proving how they imply (and are implied by) UC security depending on which set of parties is corrupted thereby yielding a complete characterization of consistency for FE.

[1]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[2]  Hoeteck Wee,et al.  Multi-input Inner-Product Functional Encryption from Pairings , 2017, EUROCRYPT.

[3]  David Pointcheval,et al.  Multi-Client Functional Encryption with Repetition for Inner Product , 2018, IACR Cryptol. ePrint Arch..

[4]  Vinod Vaikuntanathan,et al.  Functional Encryption: New Perspectives and Lower Bounds , 2013, IACR Cryptol. ePrint Arch..

[5]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[6]  Kai-Min Chung,et al.  On Extractability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[7]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Mark Zhandry,et al.  Differing-Inputs Obfuscation and Applications , 2013, IACR Cryptol. ePrint Arch..

[10]  Ueli Maurer,et al.  A Definitional Framework for Functional Encryption , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[11]  Dennis Hofheinz,et al.  Designated-verifier pseudorandom generators, and their applications , 2019, IACR Cryptol. ePrint Arch..

[12]  David Naccache,et al.  Robust Encryption, Extended , 2019, CT-RSA.

[13]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[14]  Yehuda Lindell,et al.  A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions , 2006, Journal of Cryptology.

[15]  Silvio Micali,et al.  How to play any mental game, or a completeness theorem for protocols with honest majority , 2019, Providing Sound Foundations for Cryptography.

[16]  Omer Paneth,et al.  On the Achievability of Simulation-Based Security for Functional Encryption , 2013, CRYPTO.

[17]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[18]  Vinod Vaikuntanathan,et al.  Functional Encryption with Bounded Collusions via Multi-party Computation , 2012, CRYPTO.

[19]  Ryo Nishimaki,et al.  Designated Verifier/Prover and Preprocessing NIZKs from Diffie-Hellman Assumptions , 2019, IACR Cryptol. ePrint Arch..

[20]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[21]  Mihir Bellare,et al.  Public-Key Encryption Resistant to Parameter Subversion and its Realization from Efficiently-Embeddable Groups , 2018, IACR Cryptol. ePrint Arch..

[22]  Dario Fiore,et al.  Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings , 2018, IACR Cryptol. ePrint Arch..

[23]  Brent Waters,et al.  Traitor-Tracing from LWE Made Simple and Attribute-Based , 2018, IACR Cryptol. ePrint Arch..

[24]  Silvio Micali,et al.  Everything Provable is Provable in Zero-Knowledge , 1990, CRYPTO.

[25]  Amit Sahai,et al.  Multi-input Functional Encryption for Unbounded Arity Functions , 2015, ASIACRYPT.

[26]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[27]  Lance Fortnow The Complexity of Perfect Zero-Knowledge (Extended Abstract) , 1987, STOC 1987.

[28]  Markulf Kohlweiss,et al.  Decentralizing Inner-Product Functional Encryption , 2019, IACR Cryptol. ePrint Arch..

[29]  Craig Gentry,et al.  Functional Encryption Without Obfuscation , 2016, TCC.

[30]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[31]  Mihir Bellare,et al.  Semantically-Secure Functional Encryption: Possibility Results, Impossibility Results and the Quest for a General Definition , 2013, CANS.

[32]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[33]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[34]  Georg Fuchsbauer,et al.  NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion , 2016, IACR Cryptol. ePrint Arch..

[35]  John M. Pollard,et al.  Kangaroos, Monopoly and Discrete Logarithms , 2015, Journal of Cryptology.

[36]  Ron Rothblum,et al.  Towards Non-Interactive Zero-Knowledge for NP from LWE , 2019, IACR Cryptol. ePrint Arch..

[37]  Salil P. Vadhan,et al.  Derandomization in Cryptography , 2003, SIAM J. Comput..

[38]  Ilan Komargodski,et al.  Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions , 2016, Journal of Cryptology.

[39]  Fabrice Benhamouda,et al.  CCA-Secure Inner-Product Functional Encryption from Projective Hash Functions , 2017, IACR Cryptol. ePrint Arch..

[40]  Nir Bitansky,et al.  ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation , 2015, TCC.

[41]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[42]  Manuel Barbosa,et al.  On the Semantic Security of Functional Encryption Schemes , 2013, Public Key Cryptography.

[43]  Abhishek Jain,et al.  Indistinguishability Obfuscation from Compact Functional Encryption , 2015, CRYPTO.

[44]  Mihir Bellare,et al.  Robust Encryption , 2010, Journal of Cryptology.

[45]  Chris Peikert,et al.  Noninteractive Zero Knowledge for NP from (Plain) Learning With Errors , 2019, IACR Cryptol. ePrint Arch..

[46]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[47]  Damien Stehlé,et al.  Fully Secure Functional Encryption for Inner Products, from Standard Assumptions , 2016, CRYPTO.

[48]  Fabrice Benhamouda,et al.  From Single-Input to Multi-Client Inner-Product Functional Encryption , 2019, IACR Cryptol. ePrint Arch..

[49]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[50]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[51]  Ron Rothblum,et al.  Reusable Designated-Verifier NIZKs for all NP from CDH , 2019, IACR Cryptol. ePrint Arch..

[52]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[53]  Brent Waters,et al.  Impossibility of Simulation Secure Functional Encryption Even with Random Oracles , 2016, IACR Cryptol. ePrint Arch..

[54]  Amit Sahai,et al.  Verifiable Functional Encryption , 2016, ASIACRYPT.

[55]  Tanja Lange,et al.  Computing Small Discrete Logarithms Faster , 2012, INDOCRYPT.

[56]  Kenneth G. Paterson,et al.  Robust Encryption, Revisited , 2013, Public Key Cryptography.

[57]  Geoffroy Couteau,et al.  Efficient Designated-Verifier Non-Interactive Zero-Knowledge Proofs of Knowledge , 2018, IACR Cryptol. ePrint Arch..

[58]  David Pointcheval,et al.  Decentralized Multi-Client Functional Encryption for Inner Product , 2018, IACR Cryptol. ePrint Arch..

[59]  Vincenzo Iovino,et al.  Verifiable Inner Product Encryption Scheme , 2020, IACR Cryptol. ePrint Arch..

[60]  Vincenzo Iovino,et al.  Simulation-Based Secure Functional Encryption in the Random Oracle Model , 2014, LATINCRYPT.

[61]  Jorge Luis Villar,et al.  An Algebraic Framework for Diffie–Hellman Assumptions , 2015, Journal of Cryptology.