Functional Encryption

A function encryption scheme is an encryption scheme that allows to release so-called “functional decryption” keys sk[f] (indexed by functions f) such that decrypting a ciphertext c=Encrypt(pk,m) under the secret key sk[f], produces as a result f(m) (rather than just m, as would a normal decryption algorithm.) The ability to reveal only partial information f(m) about a message m make functional encryption a very powerful tool. Standard public key encryption corresponds to a system which supports only the identity function f(m)=m. The wider the class of supported functions, the more expressive the associated functional encryption scheme.

In a (hierarchical) functional encryption scheme, the key generation algorithm produces a public key pk, and a secret key sk[id] for the identity function id(m)=m. Other secret keys are obtained by running a key delegation algorithm that on input the secret key sk[f] for some function f, and the description of another function g, produces a secret key sk[g.f] for the composition of the two functions (g.f)(m)=g(f(m)).

Identity Based Encryption (in both its standard and hierarchical form) can be seen as a special case of (hierarchical) functional encrytion for functions of a certain type: functions indexed by strings u such that f[u] (u,m)=(u,m), and f[u] (x,m)=(x) when x and u are different. Here, u is interpreted as the identity of a user, and encrypting (u,m) makes the message m decryptable only by the user who knows the correponding secret key sk[u]. (In an anonymous IBE, f[u] (x,m)=(), so that the identity of the recepient is also hidden.)

Here we consider functional encryption for other classes of functions.

General Functional Encryption and indistinguishability Obfuscation

  1. Indistinguishability Obfuscation: Simpler Constructions using Secret-Key Functional Encryption
    (Kitagawa, Nishimaki & Tanaka - ePrint 2017/275)

  2. Robust Transforming Combiners from Indistinguishability Obfuscation to Functional Encryption
    (Ananth, Jain & Sahai - Eurocrypt 2017)

  3. From Minicrypt to Obfustopia via Private-Key Functional Encryption
    (Komargodski & Segev - Eurocrypt 2017)

  4. Compactness vs Collusion Resistance in Functional Encryption
    (Li and Micciancio - TCC 2016B)

  5. From Cryptomania to Obfustopia through Secret-Key Functional Encryption
    (Bitansky, Nishimaki, Passelègue & Wichs - TCC 2016A)

  6. Single-Key to Multi-Key Functional Encryption with Polynomial Loss
    (Garg & Srinivasan - TCC 2016B)

  7. Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions
    (Agrawal & Wu - Eurocrypt 2017)

  8. Function-Private Functional Encryption in the Private-Key Setting
    (Brakerski & Segev - TCC 2015)

  9. Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions
    (Brakerski, Komargodski & Segev - Eurocrypt 2016)

  10. From Selective to Adaptive Security in Functional Encryption
    (Ananth, Brakerski, Segev & Vaikuntanathan - Crypto 2015)

  11. Functional Encryption for Randomized Functionalities in the Private-Key Setting from Minimal Assumptions
    (Komargodski, Segev & Yogev - TCC 2015)

Attribute Based Encryption

Attribute Based Encryption (ABE) correponds to functions indexed by a predicate P such that f[P] (x,m)=(x,m) if P(x) is true, and f[P] (x,m)=x if P(x) is false. Here x is interpreted as a set of attributes, and P is a policy that specifies under what conditions on the attributes a message can be decrypted. Notice that in this definition of ABE, the attributes are public, i.e., they are revealed by a ciphertext even when P(x) is false. One can also define a version of ABE with private attributes (usually called Predicate Encryption) where f[P] (x,m)=() when P(x) is false.

  1. Attribute-Based Functional Encryption on Lattices
    (Boyen - TCC 2013)

  2. Attribute-Based Encryption for Circuits
    (Gorbunov, Vaikuntanathan & Wee - J.ACM 2015/STOC 2013)

  3. Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits
    (Boneh, Gentry, Gorbunov, Halevi, Nikolaenko, Segev, Vaikuntanathan & Vinayagamurthy - Eurocrypt 2014)

  4. Riding on Asymmetry: Efficient ABE for Branching Programs
    (Gorbunov & Vinayagamurthy - AsiaCrypt 2015)

  5. Ciphertext policy attribute-based encryption from lattices
    (Zhang, Zhang & Ge - AsiaCCS 2012)

  6. A Ciphertext Policy Attribute-Based Encryption Scheme without Pairings
    (Zhang & Zhang - ISC 2011)

  7. Predicate Encryption for Circuits from LWE
    (Gorbunov, Vaikuntanathan & Wee - Crypto 2015)

  8. Practical Functional Encryption for Quadratic Functions with Applications to Predicate Encryption
    (Baltico, Catalano, Fiore & Gay - ePrint)

  9. Attribute-Based Encryption for Finite Automata from LWE
    (Boyen & Li - ProvSec 2015)

  10. Turing Machines with Shortcuts: Efficient Attribute-Based Encryption for Bounded Functions
    (Boyen & Li - ACNS 2016)

Inner Product

  1. Functional Encryption for Inner Product Predicates from Learning with Errors
    (Agrawal, Freeman & Vaikuntanathan - Asiacrypt 2011)

  2. Lattice-Based Hierarchical Inner Product Encryption
    (Abdalla, DeCaro & Mochetti - LatinCrypt 2012)

  3. Improved (Hierarchical) Inner-Product Encryption from Lattices
    (Xagawa - PKC 2013)

  4. Simple Functional Encryption Schemes for Inner Products
    (Abdalla, Bourse, DeCaro, Pointcheval - PKC 2015)

  5. Fully Secure Functional Encryption for Inner Products, from Standard Assumptions
    (Agrawal, Libert & Stehle)

Threshold Functions

  1. Functional Encryption for Threshold Functions (or Fuzzy IBE) from Lattices
    (Agrawal, Boyen, Vaikuntanathan, Voulgaris & Wee - PKC 2012)

Proxy Re-Encryption

  1. Key-Private Proxy Re-encryption under LWE
    (Aono, Boyen, Phong & Wang - IndoCrypt 2013)

  2. Key-Private Proxy Re-Encryption from Lattices, Revisited
    (Nihimaki & Xagawa - IEICE 2015

  3. Lattice Based Identity Based Unidirectional Proxy Re-Encryption Scheme
    (Singh, PanduRangan & Banerjee - SPACE 2014)

  4. Proxy Re-encryption from Lattices
    (Kirshanova - PKC 2014)