TY - GEN
T1 - Making Public Key Functional Encryption Function Private, Distributively
AU - Fan, Xiong
AU - Tang, Qiang
N1 - Publisher Copyright:
© 2018, International Association for Cryptologic Research.
PY - 2018
Y1 - 2018
N2 - We put forth a new notion of distributed public key functional encryption. In such a functional encryption scheme, the secret key for a function f will be split into shares skif. Given a ciphertext ct that encrypts a message x, a secret key share skif, one can evaluate and obtain a shared value yi. Adding all the shares up can recover the actual value of f(x), while partial shares reveal nothing about the plaintext. More importantly, this new model allows us to establish function privacy which was not possible in the setting of regular public key functional encryption. We formalize such notion and construct such a scheme from any public key functional encryption scheme together with learning with error assumption. We then consider the problem of hosting services in the untrusted cloud. Boneh, Gupta, Mironov, and Sahai (Eurocrypt 2014) first studied such application and gave a construction based on indistinguishability obfuscation. Their construction had the restriction that the number of corrupted clients has to be bounded and known. They left an open problem how to remove such restriction. We resolve this problem by applying our function private (distributed) public key functional encryption to the setting of hosting service in multiple clouds. Furthermore, our construction provides a much simpler and more flexible paradigm which is of both conceptual and practical interests. Along the way, we strengthen and simplify the security notions of the underlying primitives, including function secret sharing.
AB - We put forth a new notion of distributed public key functional encryption. In such a functional encryption scheme, the secret key for a function f will be split into shares skif. Given a ciphertext ct that encrypts a message x, a secret key share skif, one can evaluate and obtain a shared value yi. Adding all the shares up can recover the actual value of f(x), while partial shares reveal nothing about the plaintext. More importantly, this new model allows us to establish function privacy which was not possible in the setting of regular public key functional encryption. We formalize such notion and construct such a scheme from any public key functional encryption scheme together with learning with error assumption. We then consider the problem of hosting services in the untrusted cloud. Boneh, Gupta, Mironov, and Sahai (Eurocrypt 2014) first studied such application and gave a construction based on indistinguishability obfuscation. Their construction had the restriction that the number of corrupted clients has to be bounded and known. They left an open problem how to remove such restriction. We resolve this problem by applying our function private (distributed) public key functional encryption to the setting of hosting service in multiple clouds. Furthermore, our construction provides a much simpler and more flexible paradigm which is of both conceptual and practical interests. Along the way, we strengthen and simplify the security notions of the underlying primitives, including function secret sharing.
UR - http://www.scopus.com/inward/record.url?scp=85043987192&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85043987192&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-76581-5_8
DO - 10.1007/978-3-319-76581-5_8
M3 - Conference contribution
AN - SCOPUS:85043987192
SN - 9783319765778
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 218
EP - 244
BT - Public-Key Cryptography - PKC 2018 - 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
A2 - Abdalla, Michel
A2 - Dahab, Ricardo
PB - Springer Verlag
T2 - 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2018
Y2 - 25 March 2018 through 29 March 2018
ER -