Skip to main content
SpringerLink
Log in

Public-Key Function-Private Hidden Vector Encryption (and More)

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2019 (ASIACRYPT 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11923))

Abstract

We construct public-key function-private predicate encryption for the “small superset functionality,” recently introduced by Beullens and Wee (PKC 2019). This functionality captures several important classes of predicates:

  • Point functions. For point function predicates, our construction is equivalent to public-key function-private anonymous identity-based encryption.

  • Conjunctions. If the predicate computes a conjunction, our construction is a public-key function-private hidden vector encryption scheme. This addresses an open problem posed by Boneh, Raghunathan, and Segev (ASIACRYPT 2013).

  • d-CNFs and read-once conjunctions of d-disjunctions for constant-size d.

Our construction extends the group-based obfuscation schemes of Bishop et al. (CRYPTO 2018), Beullens and Wee (PKC 2019), and Bartusek et al. (EUROCRYPT 2019) to the setting of public-key function-private predicate encryption. We achieve an average-case notion of function privacy, which guarantees that a decryption key \(\mathsf {sk} _f\) reveals nothing about f as long as f is drawn from a distribution with sufficient entropy. We formalize this security notion as a generalization of the (enhanced) real-or-random function privacy definition of Boneh, Raghunathan, and Segev (CRYPTO 2013). Our construction relies on bilinear groups, and we prove security in the generic bilinear group model.

Research conducted at Princeton University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Note that we would require a public-key predicate encryption scheme for this scenario, with the assumption that an email client would encrypt any email to the user under the user’s public key.

  2. 2.

    Function privacy had been studied before the work of BRS [BRS13a], albeit in the private key setting [SWP00, OS07, BSW09, SSW09].

  3. 3.

    We remark that [BKM+18, BLMZ19] framed their results as obfuscation for conjunctions. Beullens and Wee [BW19] were the first to notice that these techniques are in fact obfuscating a more general class of “big subset” predicates, which in particular encompass conjunctions.

  4. 4.

    While our definitions are new, we are not the first to observe the connection between program obfuscation and function-privacy. See also [AAB+15, ITZ16, ABF16].

  5. 5.

    We note that we are not the first to give a public-key function-private definition that is agnostic to the predicate class. In particular, this is also achieved by the definition of [ITZ16]. However, their definition does not extend to enhanced function privacy, and furthermore they do not give any constructions achieving their definition except under a strengthening of indistinguishability obfuscation due to [BCKP14].

  6. 6.

    The “big subset” function of Beullens and Wee [BW19] is also parameterized by the same ntX, but it outputs 1 if and only if \(Y \subseteq X\) and \(|Y| \ge t\). The functionalities are seen to be equivalent by associating each input set Y with its complement \([n] \setminus Y\).

  7. 7.

    In more detail, an attacker trying to distinguish between an encryption of \(y_0\) and an encryption of \(y_1\) (for \(y_0,y_1\) of their choice) is free to request decryption keys corresponding to any function \(I_x\) provided that \(I_x\) does not trivially allow the attacker to distinguish between \(y_0\) and \(y_1\). The attacker can therefore request \(g_1^{rx}\) for any x that does not equal \(y_0\) or \(y_1\). Given challenge \(g_2^{\alpha r^{-1}y_b^{-1}},g_T^{\alpha }\) and decryption key \(g_1^{rx}\), the attacker can use the fact that they know \(x,y_0,y_1\) in the clear to determine b as follows. The attacker raise \(g_T^{\alpha }\) to the exponent \(xy_0^{-1}\) to obtain \(g_T^{\alpha x y_0^{-1}}\), and then computes \(e(g_1^{rx},g_2^{\alpha r^{-1}y_b^{-1}})\). If \(b = 0\), these quantities match, and otherwise they do not.

  8. 8.

    We use the shorthand \(g^{\mathbf {V}}\) where \(\mathbf {V} = (v_{i,j})_{i\in [k],j\in [\ell ]}\) to denote the matrix of group elements \((g^{v_{i,j}})_{i\in [k],j\in [\ell ]}\).

  9. 9.

    Indeed, m must be \(\omega (\log k)\) in order to make the function family evasive.

  10. 10.

    In [BW07], it is noted that this restriction on the size of the message space can be avoided in practice by essentially setting the payload to be the key of a symmetric key encryption scheme, and releasing an encryption of the actual message under this key (along with a consistency check). This technique can easily be applied in our setting.

References

  1. Agrawal, S., Agrawal, S., Badrinarayanan, S., Kumarasubramanian, A., Prabhakaran, M., Sahai, A.: On the practical security of inner product functional encryption. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 777–798. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46447-2_35

    Chapter  Google Scholar 

  2. Arriaga, A., Barbosa, M., Farshim, P.: Private functional encryption: indistinguishability-based definitions and constructions from obfuscation. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 227–247. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49890-4_13

    Chapter  Google Scholar 

  3. Barak, B., Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O., Sahai, A.: Obfuscation for evasive functions. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 26–51. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_2

    Chapter  Google Scholar 

  4. Bitansky, N., Canetti, R., Kalai, Y.T., Paneth, O.: On virtual grey box obfuscation for general circuits. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 108–125. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_7

    Chapter  Google Scholar 

  5. Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  6. Barak, B., et al.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_1

    Chapter  Google Scholar 

  7. Bartusek, J., Guan, J., Ma, F., Zhandry, M.: Return of GGH15: provable security against zeroizing attacks. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 544–574. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_20

    Chapter  MATH  Google Scholar 

  8. Bishop, A., Kowalczyk, L., Malkin, T., Pastro, V., Raykova, M., Shi, K.: A simple obfuscation scheme for pattern-matching with wildcards. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 731–752. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_25

    Chapter  Google Scholar 

  9. Bartusek, J., Lepoint, T., Ma, F., Zhandry, M.: New techniques for obfuscating conjunctions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 636–666. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_22

    Chapter  Google Scholar 

  10. Badrinarayanan, S., Miles, E., Sahai, A., Zhandry, M.: Post-zeroizing obfuscation: new mathematical tools, and the case of evasive circuits. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 764–791. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_27

    Chapter  Google Scholar 

  11. Brakerski, Z., Rothblum, G.N.: Obfuscating conjunctions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 416–434. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_24

    Chapter  Google Scholar 

  12. Brakerski, Z., Rothblum, G.N.: Obfuscating conjunctions. J. Crypt. 30(1), 289–320 (2017)

    Article  MathSciNet  Google Scholar 

  13. Boneh, D., Raghunathan, A., Segev, G.: Function-private identity-based encryption: hiding the function in functional encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 461–478. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_26

    Chapter  MATH  Google Scholar 

  14. Boneh, D., Raghunathan, A., Segev, G.: Function-private subspace-membership encryption and its applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 255–275. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_14

    Chapter  Google Scholar 

  15. Bethencourt, J., Song, D., Waters, B.: New techniques for private stream searching. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(3), 16 (2009)

    Article  Google Scholar 

  16. Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_29

    Chapter  Google Scholar 

  17. Beullens, W., Wee, H.: Obfuscating simple functionalities from knowledge assumptions. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 254–283. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_9

    Chapter  Google Scholar 

  18. Canetti, R.: Towards realizing random oracles: hash functions that hide all partial information. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 455–469. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052255

    Chapter  Google Scholar 

  19. Canetti, R., Rothblum, G.N., Varia, M.: Obfuscation of hyperplane membership. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 72–89. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_5

    Chapter  MATH  Google Scholar 

  20. Dodis, Y., Smith, A.: Correcting errors without leaking partial information. In: 37th ACM STOC (2005)

    Google Scholar 

  21. Goyal, R., Koppula, V., Waters, B.: Lockable obfuscation. In: 58th FOCS (2017)

    Google Scholar 

  22. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: 43rd ACM STOC (2011)

    Google Scholar 

  23. Iovino, V., Tang, Q., Zebrowski, K.: On the power of public-key function-private functional encryption. In: CANS 2016 (2016)

    Google Scholar 

  24. Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17(4), 263–276 (2004)

    Article  MathSciNet  Google Scholar 

  25. Kim, S., Lewi, K., Mandal, A., Montgomery, H., Roy, A., Wu, D.J.: Function-hiding inner product encryption is practical. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 544–562. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_29

    Chapter  Google Scholar 

  26. Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_9

    Chapter  Google Scholar 

  27. Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. J. Cryptol. 26(2), 191–224 (2013)

    Article  MathSciNet  Google Scholar 

  28. Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 20–39. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_2

    Chapter  Google Scholar 

  29. Maurer, U.M.: Abstract models of computation in cryptography. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 1–12. Springer, Heidelberg (2005). https://doi.org/10.1007/11586821_1

    Chapter  MATH  Google Scholar 

  30. Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_6

    Chapter  Google Scholar 

  31. Nechaev, V.I.: Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55(2), 165–172 (1994)

    Article  MathSciNet  Google Scholar 

  32. Ostrovsky, R., Skeith, W.E.: Private searching on streaming data. J. Cryptol. 20(4), 397–430 (2007)

    Article  MathSciNet  Google Scholar 

  33. Patranabis, S., Mukhopadhyay, D.: New lower bounds on predicate entropy for function private public-key predicate encryption. Cryptology ePrint Archive, Report 2018/190 (2018). https://eprint.iacr.org/2018/190

  34. Patranabis, S., Mukhopadhyay, D., Ramanna, S.C.: Function private predicate encryption for low min-entropy predicates. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 189–219. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_7

    Chapter  Google Scholar 

  35. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_18

    Chapter  Google Scholar 

  36. Shen, E., Shi, E., Waters, B.: Predicate privacy in encryption systems. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 457–473. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_27

    Chapter  Google Scholar 

  37. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy (2000)

    Google Scholar 

  38. Wee, H.: On obfuscating point functions. In: 37th ACM STOC (2005)

    Google Scholar 

  39. Wichs, D., Zirdelis, G.: Obfuscating compute-and-compare programs under LWE. In: 58th FOCS (2017)

    Google Scholar 

Download references

Acknowledgements

This research was supported in part by ARO and DARPA Safeware under contracts W911NF-15-C-0227, W911NF-15-C-0236, W911NF-16-1-0389, W911NF-15-C-0213, and by NSF grants CNS-1633282, 1562888, 1565208, and 1814919. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the ARO and DARPA.

Author information

Authors and Affiliations

  1. UC Berkeley, Berkeley, USA

    James Bartusek

  2. Galois, Portland, USA

    Brent Carmer & Alex J. Malozemoff

  3. Johns Hopkins University, Baltimore, USA

    Abhishek Jain & Zhengzhong Jin

  4. Google, Mountain View, USA

    Tancrède Lepoint & Mariana Raykova

  5. Princeton University, Princeton, USA

    Fermi Ma

  6. Columbia University, New York, USA

    Tal Malkin

Authors
  1. James Bartusek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brent Carmer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abhishek Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhengzhong Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tancrède Lepoint
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Fermi Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Tal Malkin
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Alex J. Malozemoff
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Mariana Raykova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to James Bartusek .

Editor information

Editors and Affiliations

  1. University of Auckland, Auckland, New Zealand

    Steven D. Galbraith

  2. Security Fundamentals Lab, NICT, Tokyo, Japan

    Shiho Moriai

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bartusek, J. et al. (2019). Public-Key Function-Private Hidden Vector Encryption (and More). In: Galbraith, S., Moriai, S. (eds) Advances in Cryptology – ASIACRYPT 2019. ASIACRYPT 2019. Lecture Notes in Computer Science(), vol 11923. Springer, Cham. https://doi.org/10.1007/978-3-030-34618-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34618-8_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34617-1

  • Online ISBN: 978-3-030-34618-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation