Abstract
Functional encryption gives users fine-grained access to the encrypted data and permits the computation of specific functions on the protected plaintexts. Namely, data is encrypted using a public key, while restricted keys that correspond to particular functions are generated. This prevents the computer from computing anything other than the function specified by the restricted decrypting key. Functional encryption can handle more sophisticated data sharing involving an untrusted cloud. Finally, functional encryption is to become an increasingly valuable tool in the context of growing concern for privacy and the ubiquitous use of data.
You have full access to this open access chapter, Download chapter PDF
1 Introduction
Functional encryption is a cryptographic tool that gives users fine-grained access to encrypted data. Applications include situations where privacy and confidentiality conflict with practical data usage and aggregation, such as medical data or smart grid electricity consumption patterns. The benefits of functional encryption include built-in verifiability and the ability for the server to perform computations “blindly” on encrypted data while retaining the confidentiality of the plaintexts. The Swiss company Kudelsky Security is developing an open-source library for functional encryption. While developing a solution from scratch can improve performance, the more compelling case is to use existing technology for faster product development and a solution less prone to bugs.
2 Analysis
2.1 Definition
Functional encryption provides users with fine-grained access to the encrypted data and permits the computation of specific functions on the protected plaintexts. Namely, data is encrypted using a public key, while restricted keys that correspond to particular functions are generated. Decryption recovers only the function evaluated on the plaintext. It is possible to fine-tune which information is revealed during decryption, as opposed to the all-or-nothing access that standard encryption provides [1].
Consider the simple example of private spam filtering. Incoming emails are encrypted using the recipient’s public key. At the same time, the server has only a restricted key revealing whether such an email is spam without revealing the actual content of the email. Applications of Functional Encryption include many use cases where privacy and confidentiality conflict with practical data usage and aggregation, such as medical data or electric consumption patterns in smart grids.
Like Homomorphic Encryption (see Chap. 8), Functional Encryption allows the server to compute “blindly” on the encrypted data retaining the confidentiality of the plaintexts. Unlike Homomorphic Encryption, however, Functional Encryption gives the server some well-chosen, partial information of the plaintexts in the clear, thanks to the restricted decrypting keys, which relieves the server from the need to interact with the user to extract useful information such as in the example of spam filtering. Moreover, Functional Encryption has a built-in verifiability property. This prevents the server from computing anything else than the function specified by the restricted decrypting key.
2.2 Trends
Traditional encryption schemes already address the need for confidential point-to-point communication. However, only advanced encryption schemes such as Functional Encryption can handle more sophisticated data sharing involving an untrusted cloud. Several technological trends are likely to accelerate the deployment of this new tool:
-
recent progress regarding the building of general purpose Functional Encryption that supports rich and complex classes of functions, performing advanced analytics of the encrypted plaintexts
-
efficiency improvement for schemes supporting simple functions, with the implementation of libraries and the application to real-life use cases, such as Privacy-preserving and auditable Digital Currency, Motion Detection and Local Decision Making, and Privacy-Preserving Statistical Analysis [2,3,4,5].
-
rise of new decentralized schemes where no trusted setup is required, removing the single point of failure that plagues conventional encryption schemes.
Just as Homomorphic Encryption, Functional Encryption protects data in use—as opposed to standard encryption that only protects data in transit or at rest—with the additional advantage that the computation performed by the cloud is trusted by design and requires less interaction with the clients since the server can directly recover partial information from the encrypted data.
3 Consequences for Switzerland
A large share of Swiss businesses, such as the medical, banking, and insurance sectors, rely heavily on users’ data, which is often confidential and sensitive. Besides solid privacy laws, these businesses can build trust with the consumers by using cryptographic tools such as Functional Encryption to build a product that is private by design. On the other hand, many data sets deemed too sensitive to share could be securely aggregated and put to practical use, for instance, medical data used for research.
3.1 Implementation Possibilities: Make or Buy
The fact that the Fentec project [2], whose sponsors include the Swiss company Kudelsky Security [6], is currently developing an open-source library for Functional Encryption makes a case for buy. As typical for cryptographic schemes, and especially for recent technologies such as Functional Encryption, it is riskier to develop a homemade solution than using a tried and tested implementation. Using existing technology implies a faster development of products and a solution that is less prone to bugs.
On the other hand, making a scheme from scratch would avoid using a scheme that potentially has a (purposeful or accidental) trapdoor. It could also permit a tailored scheme for a particular application, improving performance.
Overall the case for buying is more compelling than making because it would require significant efforts to build a security scheme that is on par with the existing open-source solutions.
3.2 Variations and Recommendation
Functional Encryption schemes come in many forms. First, the general purpose schemes that can handle arbitrarily complex functions and satisfy strong security notions are versatile tools but need more concrete efficiency. Second, another class of Functional Encryption schemes handles complex functions but only supports a somewhat limited security notion where keys only have a short life span (technically speaking, the attackers’ capability of corrupting keys needs to be bounded and known in advance so that the security parameters can be scaled accordingly). These schemes may be well suited for applications that require performing sophisticated computation on the encrypted data and where the attackers’ capabilities are relatively limited in scope.
Finally, the third type of Functional Encryption scheme focuses on smaller classes of simple functions, such as a weighted average on encrypted data. These schemes are the most efficient, and the simple functions they handle are sufficient for applications such as private inference. In some applications, simplicity is beneficial since it allows the classifier to justify itself easily. For instance, if a bank refuses a loan based on data analysis from a client, it should be able to justify its choice and make sure the decision is fair (e.g., not based on discriminatory attributes). This is easier to do if the classifier is a simple function. There are a variety of schemes and underlying cryptographic assumptions available. The schemes based on elliptic curves enjoy the smallest ciphertext and key sizes. In contrast, the lattice-based options have the advantage of post-quantum security but are currently less efficient (especially size-wise) than their counterparts.
4 Conclusion
Functional encryption is to become an increasingly valuable tool in the context of growing concern for privacy and the ubiquitous use of data. Switzerland is involved in open-source projects such as Fentec sponsored in part by Kudelsky Security [6], which will facilitate the deployment of this technology for promising applications.
References
Wikipedia, Functional encryption. https://en.wikipedia.org/w/index.php?title=Functional_encryption&oldid=1096161660, July 2022.
Fentec | Functional Encryption Technologies. https://fentec.eu/, August 2022.
Technology. https://cosmian.com/technology/, August 2022. Cosmian.
Ruby Protocol - Web3 Privacy-Centric Infrastructure. https://www.ruby.xyz/, August 2022.
Picolo Labs. https://www.picolo.network/, August 2022.
Kudelski Security | Cybersecurity & Managed Security Company. https://kudelskisecurity.com, August 2022.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this chapter
Cite this chapter
Gay, R. (2023). Functional Encryption. In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B. (eds) Trends in Data Protection and Encryption Technologies . Springer, Cham. https://doi.org/10.1007/978-3-031-33386-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-33386-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33385-9
Online ISBN: 978-3-031-33386-6
eBook Packages: Computer ScienceComputer Science (R0)