Functional Encryption: Definitions and Challenges

  • Dan Boneh
  • Amit Sahai
  • Brent Waters
Conference paper

DOI: 10.1007/978-3-642-19571-6_16

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6597)
Cite this paper as:
Boneh D., Sahai A., Waters B. (2011) Functional Encryption: Definitions and Challenges. In: Ishai Y. (eds) Theory of Cryptography. TCC 2011. Lecture Notes in Computer Science, vol 6597. Springer, Berlin, Heidelberg


We initiate the formal study of functional encryption by giving precise definitions of the concept and its security. Roughly speaking, functional encryption supports restricted secret keys that enable a key holder to learn a specific function of encrypted data, but learn nothing else about the data. For example, given an encrypted program the secret key may enable the key holder to learn the output of the program on a specific input without learning anything else about the program.

We show that defining security for functional encryption is non-trivial. First, we show that a natural game-based definition is inadequate for some functionalities. We then present a natural simulation-based definition and show that it (provably) cannot be satisfied in the standard model, but can be satisfied in the random oracle model. We show how to map many existing concepts to our formalization of functional encryption and conclude with several interesting open problems in this young area.

Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Dan Boneh
    • 1
  • Amit Sahai
    • 2
  • Brent Waters
    • 3
  1. 1.Stanford UniversityUSA
  2. 2.University of CaliforniaLos AngelesUSA
  3. 3.University of TexasAustinUSA

Personalised recommendations