A function encryption scheme is an encryption scheme that allows to release so-called “functional decryption” keys sk[f] (indexed by functions f) such that decrypting a ciphertext c=Encrypt(pk,m) under the secret key sk[f], produces as a result f(m) (rather than just m, as would a normal decryption algorithm.) The ability to reveal only partial information f(m) about a message m make functional encryption a very powerful tool. Standard public key encryption corresponds to a system which supports only the identity function f(m)=m. The wider the class of supported functions, the more expressive the associated functional encryption scheme.
In a (hierarchical) functional encryption scheme, the key generation algorithm produces a public key pk, and a secret key sk[id] for the identity function id(m)=m. Other secret keys are obtained by running a key delegation algorithm that on input the secret key sk[f] for some function f, and the description of another function g, produces a secret key sk[g.f] for the composition of the two functions (g.f)(m)=g(f(m)).
Identity Based Encryption (in both its standard and hierarchical form) can be seen as a special case of (hierarchical) functional encrytion for functions of a certain type: functions indexed by strings u such that f[u] (u,m)=(u,m), and f[u] (x,m)=(x) when x and u are different. Here, u is interpreted as the identity of a user, and encrypting (u,m) makes the message m decryptable only by the user who knows the correponding secret key sk[u]. (In an anonymous IBE, f[u] (x,m)=(), so that the identity of the recepient is also hidden.)
Here we consider functional encryption for other classes of functions.
Indistinguishability Obfuscation: Simpler Constructions using Secret-Key Functional Encryption
(Kitagawa, Nishimaki & Tanaka - ePrint 2017/275)
Robust Transforming Combiners from Indistinguishability Obfuscation to Functional Encryption
(Ananth, Jain & Sahai - Eurocrypt 2017)
From Minicrypt to Obfustopia via Private-Key Functional Encryption
(Komargodski & Segev - Eurocrypt 2017)
Compactness vs Collusion Resistance in Functional Encryption
(Li and Micciancio - TCC 2016B)
From Cryptomania to Obfustopia through Secret-Key Functional Encryption
(Bitansky, Nishimaki, Passelègue & Wichs - TCC 2016A)
Single-Key to Multi-Key Functional Encryption with Polynomial Loss
(Garg & Srinivasan - TCC 2016B)
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions
(Agrawal & Wu - Eurocrypt 2017)
Function-Private Functional Encryption in the Private-Key Setting
(Brakerski & Segev - TCC 2015)
Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions
(Brakerski, Komargodski & Segev - Eurocrypt 2016)
From Selective to Adaptive Security in Functional Encryption
(Ananth, Brakerski, Segev & Vaikuntanathan - Crypto 2015)
Functional Encryption for Randomized Functionalities in the Private-Key Setting from Minimal Assumptions
(Komargodski, Segev & Yogev - TCC 2015)
Attribute Based Encryption (ABE) correponds to functions indexed by a predicate P such that f[P] (x,m)=(x,m) if P(x) is true, and f[P] (x,m)=x if P(x) is false. Here x is interpreted as a set of attributes, and P is a policy that specifies under what conditions on the attributes a message can be decrypted. Notice that in this definition of ABE, the attributes are public, i.e., they are revealed by a ciphertext even when P(x) is false. One can also define a version of ABE with private attributes (usually called Predicate Encryption) where f[P] (x,m)=() when P(x) is false.
Attribute-Based Functional Encryption on Lattices
(Boyen - TCC 2013)
Attribute-Based Encryption for Circuits
(Gorbunov, Vaikuntanathan & Wee - J.ACM 2015/STOC 2013)
Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits
(Boneh, Gentry, Gorbunov, Halevi, Nikolaenko, Segev, Vaikuntanathan & Vinayagamurthy - Eurocrypt 2014)
Riding on Asymmetry: Efficient ABE for Branching Programs
(Gorbunov & Vinayagamurthy - AsiaCrypt 2015)
Ciphertext policy attribute-based encryption from lattices
(Zhang, Zhang & Ge - AsiaCCS 2012)
A Ciphertext Policy Attribute-Based Encryption Scheme without Pairings
(Zhang & Zhang - ISC 2011)
Predicate Encryption for Circuits from LWE
(Gorbunov, Vaikuntanathan & Wee - Crypto 2015)
Practical Functional Encryption for Quadratic Functions with Applications to Predicate Encryption
(Baltico, Catalano, Fiore & Gay - ePrint)
Attribute-Based Encryption for Finite Automata from LWE
(Boyen & Li - ProvSec 2015)
Turing Machines with Shortcuts: Efficient Attribute-Based Encryption for Bounded Functions
(Boyen & Li - ACNS 2016)
Functional Encryption for Inner Product Predicates from Learning with Errors
(Agrawal, Freeman & Vaikuntanathan - Asiacrypt 2011)
Lattice-Based Hierarchical Inner Product Encryption
(Abdalla, DeCaro & Mochetti - LatinCrypt 2012)
Improved (Hierarchical) Inner-Product Encryption from Lattices
(Xagawa - PKC 2013)
Simple Functional Encryption Schemes for Inner Products
(Abdalla, Bourse, DeCaro, Pointcheval - PKC 2015)
Fully Secure Functional Encryption for Inner Products, from Standard Assumptions
(Agrawal, Libert & Stehle)
Key-Private Proxy Re-encryption under LWE
(Aono, Boyen, Phong & Wang - IndoCrypt 2013)
Key-Private Proxy Re-Encryption from Lattices, Revisited
(Nihimaki & Xagawa - IEICE 2015
Lattice Based Identity Based Unidirectional Proxy Re-Encryption Scheme
(Singh, PanduRangan & Banerjee - SPACE 2014)
Proxy Re-encryption from Lattices
(Kirshanova - PKC 2014)