SimulationBased Secure Functional Encryption in the Random Oracle Model
Abstract

In the publickey setting we assume a bound on the number of queries but this bound only affects the runningtimes of our encryption and decryption procedures. We stress that our FE schemes in this model are SIMSecure and have ciphertexts and tokens of constantsize, whereas in the standard model, the current SIMSecure FE schemes for general functionalities [De Caro et al., Gorbunov et al. – CRYPTO’12] have ciphertexts and tokens of size growing as the number of queries.

In the symmetrickey setting we assume a timestamp on both ciphertexts and tokens. In this model, we provide FE schemes with short ciphertexts and tokens that are SIMSecure against adversaries asking an unbounded number of queries.
Both results also assume the RO model, but not functionalities with RO gates and rely on extractability obfuscation [Boyle et al. – TCC’14] (and other standard primitives) secure only in the standard model.
Keywords
Functional encryption Random oracle model Simulationbased security ObfuscationNotes
Acknowledgments
We thank Abhishek Jain, Adam O’Neill, Anna Sorrentino and the anonymous reviewers for useful comments. Part of this work was done while Vincenzo Iovino was at the University of Warsaw. This work was supported by the WELCOME/20104/2 grant founded within the framework of the EU Innovative Economy Operational Programme and by the National Research Fund of Luxembourg.
References
 1.Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011) Google Scholar
 2.O’Neill, A.: Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556 (2010). http://eprint.iacr.org/
 3.Bellare, M., O’Neill, A.: Semanticallysecure functional encryption: possibility results, impossibility results and the quest for a general definition. In: Abdalla, M., NitaRotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 218–234. Springer, Heidelberg (2013) Google Scholar
 4.Agrawal, S., Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption: new perspectives and lower bounds. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 500–518. Springer, Heidelberg (2013) Google Scholar
 5.De Caro, A., Iovino, V.: On the power of rewinding simulators in functional encryption. IACR Cryptology ePrint Archive, 2013:752 (2013)Google Scholar
 6.Agrawal, S., Agrawal, S., Badrinarayanan, S., Kumarasubramanian, A., Prabhakaran, M., Sahai, A.: Function private functional encryption and property preserving encryption : new definitions and positive results. Cryptology ePrint Archive, Report 2013/744 (2013). http://eprint.iacr.org/
 7.Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Ashby, V. (ed.) ACM CCS 93: 1st Conference on Computer and Communications Security, Fairfax, Virginia, USA, pp. 62–73. ACM Press, 3–5 November 1993Google Scholar
 8.De Caro, A., Iovino, V., Jain, A., O’Neill, A., Paneth, O., Persiano, G.: On the achievability of simulationbased security for functional encryption. In: Canetti and Garay [22], pp. 519–535Google Scholar
 9.Apon, D., Gordon, D., Katz, J., Liu, F.H., Zhou, H.S., Shi, E.: Personal Communication, July 2013Google Scholar
 10.Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multiparty computation. In: SafaviNaini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179. Springer, Heidelberg (2012) Google Scholar
 11.Goldwasser, S., Gordon, S.D., Goyal, V., Jain, A., Katz, J., Liu, F.H., Sahai, A., Shi, E., Zhou, H.S.: Multiinput functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014) Google Scholar
 12.Dov Gordon, S., Katz, J., Liu, F.H., Shi, E., Zhou, H.S.: Multiinput functional encryption. IACR Cryptology ePrint Archive, 2013:774 (2013)Google Scholar
 13.Goldwasser, S., Goyal, V., Jain, A., Sahai, A.: Multiinput functional encryption. Cryptology ePrint Archive, Report 2013/727 (2013). http://eprint.iacr.org/
 14.Boyle, E., Chung, K.M., Pass, R.: On extractability obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 52–73. Springer, Heidelberg (2014) Google Scholar
 15.Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited (preliminary version). In: 30th ACM STOCAnnual ACM Symposium on Theory of Computing, Dallas, Texas, USA, pp. 209–218. ACM Press, 23–26 May 1998Google Scholar
 16.Iovino, V., Żebrowksi, K.: Simulationbased secure functional encryption in the random oracle model. Cryptology ePrint Archive, Report 2014/810 (2014). http://eprint.iacr.org/
 17.Garg, S., Gentry, C., Halevi, S., Wichs, D.: On the implausibility of differinginputs obfuscation and extractable witness encryption with auxiliary input. Cryptology ePrint Archive, Report 2013/860 (2013). http://eprint.iacr.org/
 18.Boyle, E., Pass, R.: Limits of extractability assumptions with distributional auxiliary input. Cryptology ePrint Archive, Report 2013/703 (2013). http://eprint.iacr.org/
 19.Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs based on a single random string (extended abstract). In: 31st Annual Symposium on Foundations of Computer Science, St. Louis, Missouri, USA, vol. I, pp, 308–317. IEEE Computer Society, 22–24 October 1990Google Scholar
 20.Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. IACR Cryptology ePrint Archive, 2013:401 (2013)Google Scholar
 21.Canetti, R., Garay, J.A. (eds.): CRYPTO 2013, Part II. LNCS, vol. 8043. Springer, Heidelberg (2013) Google Scholar