Advertisement

Function-Hiding Inner Product Encryption Is Practical

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11035)

Abstract

In a functional encryption scheme, secret keys are associated with functions and ciphertexts are associated with messages. Given a secret key for a function f, and a ciphertext for a message x, a decryptor learns f(x) and nothing else about x. Inner product encryption is a special case of functional encryption where both secret keys and ciphertext are associated with vectors. The combination of a secret key for a vector \({\mathbf {x}}\) and a ciphertext for a vector \(\mathbf {y}\) reveal \(\langle {\mathbf {x}}, \mathbf {y}\rangle \) and nothing more about \(\mathbf {y}\). An inner product encryption scheme is function-hiding if the keys and ciphertexts reveal no additional information about both \({\mathbf {x}}\) and \(\mathbf {y}\) beyond their inner product.

In the last few years, there has been a flurry of works on the construction of function-hiding inner product encryption, starting with the work of Bishop, Jain, and Kowalczyk (Asiacrypt 2015) to the more recent work of Tomida, Abe, and Okamoto (ISC 2016). In this work, we focus on the practical applications of this primitive. First, we show that the parameter sizes and the run-time complexity of the state-of-the-art construction can be further reduced by another factor of 2, though we compromise by proving security in the generic group model. We then show that function privacy enables a number of applications in biometric authentication, nearest-neighbor search on encrypted data, and single-key two-input functional encryption for functions over small message spaces. Finally, we evaluate the practicality of our encryption scheme by implementing our function-hiding inner product encryption scheme. Using our construction, encryption and decryption operations for vectors of length 50 complete in a tenth of a second in a standard desktop environment.

Notes

Acknowledgments

This work was supported by NSF, DARPA, the Simons foundation, a grant from ONR, and an NSF Graduate Research Fellowship. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA.

References

  1. 1.
    Abdalla, M., Bourse, F., De Caro, A., Pointcheval, D.: Simple functional encryption schemes for inner products. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 733–751. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_33CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Raykova, M., Wee, H.: Multi-input inner-product functional encryption from pairings. Cryptology ePrint Archive, Report 2016/425 (2016). http://eprint.iacr.org/
  3. 3.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: ACM SIGMOD (2004)Google Scholar
  4. 4.
    Agrawal, S., Agrawal, S., Badrinarayanan, S., Kumarasubramanian, A., Prabhakaran, M., Sahai, A.: On the practical security of inner product functional encryption. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 777–798. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_35CrossRefGoogle Scholar
  5. 5.
    Agrawal, S., Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption: new perspectives and lower bounds. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 500–518. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_28CrossRefGoogle Scholar
  6. 6.
    Agrawal, S., Libert, B., Stehlé, D.: Fully secure functional encryption for inner products, from standard assumptions. IACR Cryptology ePrint Archive, 2015 (2015)Google Scholar
  7. 7.
    Akinyele, J.A., et al.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. 3(2), 111–128 (2013)CrossRefGoogle Scholar
  8. 8.
    Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 308–326. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_15CrossRefGoogle Scholar
  9. 9.
    Aranha, D.F., Fuentes-Castañeda, L., Knapp, E., Menezes, A., Rodríguez-Henríquez, F.: Implementing pairings at the 192-bit security level. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 177–195. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36334-4_11CrossRefGoogle Scholar
  10. 10.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_30CrossRefGoogle Scholar
  11. 11.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE S&P (2007)Google Scholar
  12. 12.
    Bishop, A., Jain, A., Kowalczyk, L.: Function-hiding inner product encryption. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 470–491. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_20CrossRefGoogle Scholar
  13. 13.
    Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_13CrossRefGoogle Scholar
  14. 14.
    Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_33CrossRefGoogle Scholar
  15. 15.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_26CrossRefGoogle Scholar
  16. 16.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_3CrossRefGoogle Scholar
  17. 17.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_13CrossRefGoogle Scholar
  18. 18.
    Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., Zimmerman, J.: Semantically secure order-revealing encryption: multi-input functional encryption without obfuscation. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 563–594. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_19CrossRefGoogle Scholar
  19. 19.
    Boneh, D., Raghunathan, A., Segev, G.: Function-private identity-based encryption: hiding the function in functional encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 461–478. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_26CrossRefzbMATHGoogle Scholar
  20. 20.
    Boneh, D., Raghunathan, A., Segev, G.: Function-private subspace-membership encryption and its applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 255–275. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42033-7_14CrossRefGoogle Scholar
  21. 21.
    Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19571-6_16CrossRefGoogle Scholar
  22. 22.
    Brakerski, Z., Komargodski, I., Segev, G.: From single-input to multi-input functional encryption in the private-key setting. IACR Cryptology ePrint Archive, 2015 (2015)Google Scholar
  23. 23.
    Brakerski, Z., Segev, G.: Function-private functional encryption in the private-key setting. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 306–324. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_12CrossRefGoogle Scholar
  24. 24.
    Chenette, N., Lewi, K., Weis, S.A., Wu, D.J.: Practical order-revealing encryption with limited leakage. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 474–493. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_24CrossRefzbMATHGoogle Scholar
  25. 25.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45325-3_32CrossRefGoogle Scholar
  26. 26.
    Costello, C.: Particularly friendly members of family trees. IACR Cryptology ePrint Archive, 2012 (2012)Google Scholar
  27. 27.
    Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM CCS (2006)Google Scholar
  28. 28.
    Datta, P., Dutta, R., Mukhopadhyay, S.: Functional encryption for inner product with full function privacy. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 164–195. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49384-7_7CrossRefGoogle Scholar
  29. 29.
    Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS (2013)Google Scholar
  31. 31.
    Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Functional encryption without obfuscation. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 480–511. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49099-0_18CrossRefGoogle Scholar
  32. 32.
    Goh, E.: Secure indexes. IACR Cryptology ePrint Archive, 2003 (2003)Google Scholar
  33. 33.
    Goldwasser, S., et al.: Multi-input functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_32CrossRefGoogle Scholar
  34. 34.
    Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: STOC (2013)Google Scholar
  35. 35.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multi-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_11CrossRefGoogle Scholar
  36. 36.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: STOC (2013)Google Scholar
  37. 37.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 503–523. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_25CrossRefGoogle Scholar
  38. 38.
    Hart, W., Johansson, F., Pancratz, S.: FLINT: fast Library for Number Theory (2013). Version 2.4.0: http://flintlib.org
  39. 39.
    Joux, A.: A one round protocol for tripartite Diffie–Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000).  https://doi.org/10.1007/10722028_23CrossRefGoogle Scholar
  40. 40.
    Joye, M., Passelègue, A.: Practical trade-offs for multi-input functional encryption. IACR Cryptology ePrint Archive, 2016 (2016)Google Scholar
  41. 41.
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_9CrossRefGoogle Scholar
  42. 42.
    Kim, S., Kim, J., Seo, J.H.: A new approach for practical function-private inner product encryption. IACR Cryptology ePrint Archive 2017:4 (2017)Google Scholar
  43. 43.
    Kim, S., Lewi, K., Mandal, A., Montgomery, H.W., Roy, A., Wu, D.J.: Function-hiding inner product encryption is practical. IACR Cryptology ePrint Archive 2016:440 (2016)Google Scholar
  44. 44.
    Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543–571. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_20CrossRefGoogle Scholar
  45. 45.
    Lee, K., Lee, D.H.: Two-input functional encryption for inner products from bilinear maps. IEICE Trans. 101–A(6), 915–928 (2018)CrossRefGoogle Scholar
  46. 46.
    Lewi, K., Wu, D.J.: Order-revealing encryption: new constructions, applications, and lower bounds. In: ACM CCS (2016, to appear)Google Scholar
  47. 47.
    Lin, H., Vaikuntanathan, V.: Indistinguishability obfuscation from DDH-like assumptions on constant-degree graded encodings. In: FOCS, pp. 11–20 (2016)Google Scholar
  48. 48.
    Lynn, B.: The pairing-based cryptography library. Internet: crypto. stanford. edu/pbc/[Mar. 27, 2013] (2006)Google Scholar
  49. 49.
    Miller, V.S.: The weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004)MathSciNetCrossRefGoogle Scholar
  50. 50.
    Nechaev, V.: Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55, 165–172 (1994)MathSciNetCrossRefGoogle Scholar
  51. 51.
    Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_8CrossRefGoogle Scholar
  52. 52.
    Okamoto, T., Takashima, K.: Homomorphic encryption and signatures from vector decomposition. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 57–74. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85538-5_4CrossRefGoogle Scholar
  53. 53.
    Okamoto, T., Takashima, K.: Hierarchical predicate encryption for inner-products. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 214–231. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7_13CrossRefGoogle Scholar
  54. 54.
    Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14623-7_11CrossRefGoogle Scholar
  55. 55.
    Okamoto, T., Takashima, K.: Fully secure unbounded inner-product and attribute-based encryption. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 349–366. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34961-4_22CrossRefGoogle Scholar
  56. 56.
    O’Neill, A.: Definitional issues in functional encryption. IACR Cryptology ePrint Archive, 2010 (2010)Google Scholar
  57. 57.
    Pandey, O., Rouselakis, Y.: Property preserving symmetric encryption. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 375–391. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_23CrossRefGoogle Scholar
  58. 58.
    Ramanna, S.C.: More efficient constructions for inner-product encryption. IACR Cryptology ePrint Archive, 2016 (2016)Google Scholar
  59. 59.
    Sahai, A., Seyalioglu, H.: Worry-free encryption: functional encryption with public keys. In: ACM CCS (2010)Google Scholar
  60. 60.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27CrossRefGoogle Scholar
  61. 61.
    Shanks, D.: Class number, a theory of factorization, and genera. In: Proceedings of Symposium in Pure Mathematics (1971)Google Scholar
  62. 62.
    Shen, E., Shi, E., Waters, B.: Predicate privacy in encryption systems. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 457–473. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00457-5_27CrossRefGoogle Scholar
  63. 63.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-69053-0_18CrossRefGoogle Scholar
  64. 64.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE S&P (2000)Google Scholar
  65. 65.
    Tomida, J., Abe, M., Okamoto, T.: Efficient functional encryption for inner-product values with full-hiding security. In: Bishop, M., Nascimento, A.C.A. (eds.) ISC 2016. LNCS, vol. 9866, pp. 408–425. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45871-7_24CrossRefGoogle Scholar
  66. 66.
    Waters, B.: A punctured programming approach to adaptively secure functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 678–697. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_33CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Stanford UniversityStanfordUSA
  2. 2.FacebookMenlo ParkUSA
  3. 3.Fujitsu Laboratories of AmericaSunnyvaleUSA

Personalised recommendations