Functional Encryption: An Introduction and Survey Brent Waters.
Transcript of Functional Encryption: An Introduction and Survey Brent Waters.
![Page 1: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/1.jpg)
Functional Encryption:An Introduction and Survey
Brent Waters
![Page 2: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/2.jpg)
2
Pre-Public Key Cryptography
Established mutual secrets
Small networks
SK SK
![Page 3: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/3.jpg)
3
The world gets bigger
Internet – Billions of users
Unsustainable
![Page 4: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/4.jpg)
4
Public Key Cryptography
Public Key Encryption [DH76,M78,RSA78,GM84]
Avoid Secret Exchange
SKPubK
![Page 5: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/5.jpg)
5
Data in the Cloud: Another Turning Point?
Cloud is growing
Encryption a must
LA Times 7/17: City of LA weighs outsourcing IT to Google LAPD: Arrest Information Sensitive
![Page 6: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/6.jpg)
6
Rethinking Encryption
OR
Internal Affairs
AND
Undercover Central
Who matches this? Am I allowed to know?
What if they join later?
Should they see everything?
Process data before decryption?
Problem: Disconnect between policy
and mechanism
![Page 7: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/7.jpg)
7
Attribute-Based Encryption [SW05]
PK
MSK
“Undercover”“Central”
“Undercover”“Valley”
OR
Int. Affairs AND
Undercover Central
OR
Int. AffairsAND
Undercover Central
SKSK
Key AuthorityÁ =
![Page 8: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/8.jpg)
8
First Approach & Collusion Attacks
SKSarah:“A”
SKKevin:“B”
AND
A BPKA
SKB
PKB
SKA
EA(R) EB(M © R)
R?
M © R
MCollusion Attack!
Allowed Collusion [S03, MS03, J04,BMC06]
![Page 9: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/9.jpg)
9
Collusion Attacks: The Key Threat
Kevin:“Undercover”“Valley”
OR
Int. Affairs AND
Undercover Central
James:“Central”“Parking”
Need: Key “Personalization”
Tension: Functionality vs. Personalization
![Page 10: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/10.jpg)
10
Key Personalization (Intuition)
SK
SK
Kevin:“Undercover”…
James:“Central”…
Random t
Random t’
![Page 11: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/11.jpg)
11
Making it work (sketch)
OR
Internal Affairs AND
Undercover Central
Personalized Randomization
Secret Share in Exponent
Pairing 1st Step
Combine “Personalized” Shares
Final: “Unpersonalize”
![Page 12: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/12.jpg)
12
Is this what we need?
Descriptive Encryption
T.M. is more powerful
“All or nothing” decryption (no processing)
![Page 13: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/13.jpg)
13
Functional Encryption
Functionality: f(¢ , ¢ )
Public Params
Authority
MSK
Key: y 2 {0,1}*
X
SK y
CT: x 2 {0,1}*
f(x,y)
Security: Simulation Def.
![Page 14: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/14.jpg)
14
What can I do?
SK
![Page 15: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/15.jpg)
15
What could F.E. do?
SK
![Page 16: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/16.jpg)
16
IBE : Where it started
Key: y 2 {0,1}*
X
SK Y
CT: x = (M,ID)
f( x=(M,ID), y) =
S84, BF01, C01…
M , ID if y = ID
ID if y ID“Annotated”
![Page 17: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/17.jpg)
17
Attribute-Based Encryption
Key: y 2 {0,1}n (boolean variables)
X
SK Y
CT: x = (M, Á )
f( x=(M, Á ), y) =
SW05, GPSW06, C07, BSW07, OSW07, GJPS08, W08
M , Á if Á(y) = true
Á if Á(y) = false“Annotated”
![Page 18: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/18.jpg)
18
Attribute-Based Encryption
Key: y 2 {0,1}n (boolean variables)
X
SK Y
CT: x = (M, Á )
f( x=(M, Á ), y) =
SW05, GPSW06, C07, BSW07, OSW07, GJPS08, W08
M , Á if Á(y) = true
Á if Á(y) = false“Annotated”
“Ciphertext Policy”
![Page 19: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/19.jpg)
19
Attribute-Based Encryption
Key: y = Á
X
SK Y
CT: x = (M, X 2 {0,1}n )
f( x=(M,X ), y) =
SW05, GPSW06, C07, BSW07, OSW07, GJPS08, W08
M , Á if Á(X) = true
X if Á(X) = false“Annotated”
“Key Policy”
![Page 20: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/20.jpg)
20
Anonymous IBE & Searching on Encrypted Data
Key: y 2 {0,1}*
X
SK Y
CT: x 2 {0,1}*
f( x, y) =
BDOP04: Boneh-Franklin is anonymous
ABCKKLMNPS05 : defs.
BW06 : Standard Model
1 if y = x
0 otherwise
![Page 21: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/21.jpg)
21
Conjunctive Search [BW07, SBCSP07]
Key: y = (y1, …, yn) , yi 2 {0,1}* [ ?
X
SK Y
f( x=, y) =
Cancellation techniques -> AND
Must not learn intermediated result!
1 if 8 yi ? , yi = xi
0 otherwise
CT: x = (x1, …, xn) , xi 2 {0,1}*
![Page 22: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/22.jpg)
22
Inner Product & ORs [KSW08]
Key: y = (y1, …, yn) 2 ZN n
X
SK Y
f( x, y) =
OR –- Bob OR Alice -- p(z)=(A-z)(B-z)
Increased Malleability!
Subgroups
1 If x ¢ y =0
0 otherwise
CT: x = (x1, …, xn) 2 ZN n
![Page 23: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/23.jpg)
23
Three Directions
![Page 24: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/24.jpg)
Functionality
Current: Inner ProductNatural Limits?
Fully Homomorphic Enc? --- Can’t do IBE
Annotated: Hide What (Message), Not WhyExpect more progress
![Page 25: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/25.jpg)
Proofs of Security
“Partitioning” [BF01, C01, CHK03, BB04, W05]
SimulatorID Space
Priv. Key Space Challenge
Space
ID1
ID2…
…
IDQ
ID* (challenge ID)
Balance: Challenge Space 1/Q => 1/Q of no abort
![Page 26: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/26.jpg)
Structure gives problems!
2-level HIBEBalance: Depth d HIBE=> 1/Qd
.edu
.gov
ABE, … similar problems
“Selective Security”Declare X* before params
![Page 27: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/27.jpg)
Moving Past Partitioning
G06, GH09Simulator 1-key per identity – always looks good
Augmented n-BDHE
W09Dual System Encryption
Hybrid over keys
“Simple” Decision Linear
LSW09 ABE solution
![Page 28: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/28.jpg)
28
Multiple Authorities
Á =
:Friend:Student
AND
Problem: Disparate organizations
Central Authority + Certs?
Central Trust+ Bottleneck
C07: C.A. (no order), GlobalID, AND formulas
![Page 29: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/29.jpg)
Summary
Rethink Encryption
Describe Target
“Evaluate” vs. “Decrypt” a Ciphertext
Functional Encryption
Ideal: Any Functionality
“Lens” or common framework
Progress, but still much to do
![Page 30: Functional Encryption: An Introduction and Survey Brent Waters.](https://reader034.fdocuments.in/reader034/viewer/2022051315/56649e195503460f94b06a60/html5/thumbnails/30.jpg)
30
Thank you