On the Achievability of Simulation-Based Security for Functional Encryption

  • Angelo De Caro
  • Vincenzo Iovino
  • Abhishek Jain
  • Adam O’Neill
  • Omer Paneth
  • Giuseppe Persiano
Conference paper

DOI: 10.1007/978-3-642-40084-1_29

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8043)
Cite this paper as:
De Caro A., Iovino V., Jain A., O’Neill A., Paneth O., Persiano G. (2013) On the Achievability of Simulation-Based Security for Functional Encryption. In: Canetti R., Garay J.A. (eds) Advances in Cryptology – CRYPTO 2013. Lecture Notes in Computer Science, vol 8043. Springer, Berlin, Heidelberg

Abstract

This work attempts to clarify to what extent simulation-based security (SIM-security) is achievable for functional encryption (FE) and its relation to the weaker indistinguishability-based security (IND-security). Our main result is a compiler that transforms any FE scheme for the general circuit functionality (which we denote by Circuit-FE) meeting indistinguishability-based security (IND-security) to a Circuit-FE scheme meeting SIM-security, where:

  • In the random oracle model, the resulting scheme is secure for an unbounded number of encryption and key queries, which is the strongest security level one can ask for.

  • In the standard model, the resulting scheme is secure for a bounded number of encryption and non-adaptive key queries, but an unbounded number of adaptive key queries. This matches known impossibility results and improves upon Gorbunov et al. [CRYPTO’12] (which is only secure for non-adaptive key queries).

Our compiler is inspired by the celebrated Fiat-Lapidot-Shamir paradigm [FOCS’90] for obtaining zero-knowledge proof systems from witness-indistinguishable proof systems. As it is currently unknown whether Circuit-FE meeting IND-security exists, the purpose of this result is to establish that it remains a good target for future research despite known deficiencies of IND-security [Boneh et al. – TCC’11, O’Neill – ePrint ’10]. We also give a tailored construction of SIM-secure hidden vector encryption (HVE) in composite-order bilinear groups. Finally, we revisit the known negative results for SIM-secure FE, extending them to natural weakenings of the security definition and thus providing essentially a full picture of the (in)achievability of SIM-secure FE.

Keywords

Functional Encryption Hidden Vector Encryption Simulation-Based Security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Angelo De Caro
    • 1
  • Vincenzo Iovino
    • 2
  • Abhishek Jain
    • 3
    • 4
  • Adam O’Neill
    • 4
  • Omer Paneth
    • 4
  • Giuseppe Persiano
    • 2
  1. 1.NTT Secure Platform LaboratoriesJapan
  2. 2.Dipartimento di InformaticaUniversity of SalernoItaly
  3. 3.MITUSA
  4. 4.Boston UniversityUSA

Personalised recommendations