Fully Secure Functional Encryption for Inner Products, from Standard Assumptions

Abstract : Functional encryption is a modern public-key paradigm where a master secret key can be used to derive sub-keys SKF associated with certain functions F in such a way that the decryption operation reveals F (M), if M is the encrypted message, and nothing else. Recently, Abdalla et al. gave simple and efficient realizations of the primitive for the computation of linear functions on encrypted data: given an encryption of a vector y over some specified base ring, a secret key SKx for the vector x allows computing x, y. Their technique surprisingly allows for instantiations under standard assumptions, like the hardness of the Decision Diffie-Hellman (DDH) and Learning-with-Errors (LWE) problems. Their constructions, however, are only proved secure against selective adversaries, which have to declare the challenge messages M0 and M1 at the outset of the game. In this paper, we provide constructions that provably achieve security against more realistic adaptive attacks (where the messages M0 and M1 may be chosen in the challenge phase, based on the previously collected information) for the same inner product functionality. Our constructions are obtained from hash proof systems endowed with homomorphic properties over the key space. They are (almost) as efficient as those of Abdalla et al. and rely on the same hardness assumptions. In addition, we obtain a solution based on Paillier's composite residuosity assumption, which was an open problem even in the case of selective adversaries. We also propose LWE-based schemes that allow evaluation of inner products modulo a prime p, as opposed to the schemes of Abdalla et al. that are restricted to evaluations of integer inner products of short integer vectors. We finally propose a solution based on Paillier's composite residuosity assumption that enables evaluation of inner products modulo an RSA integer N = p · q. We demonstrate that the functionality of inner products over a prime field is powerful and can be used to construct bounded collusion FE for all circuits.
Type de document :
Communication dans un congrès
Crypto 2016, Aug 2016, Santa Barbara, United States. Springer, 9816, pp.333 - 362, 2016, Crypto 2016. 〈http://www.iacr.org/conferences/crypto2016/〉. 〈10.1007/978-3-662-53015-3_12〉
Liste complète des métadonnées

Littérature citée [60 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01228559
Contributeur : Benoit Libert <>
Soumis le : mardi 22 novembre 2016 - 09:45:04
Dernière modification le : samedi 21 avril 2018 - 01:27:27
Document(s) archivé(s) le : lundi 20 mars 2017 - 17:38:28

Fichier

FE-IPFE-adaptive.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Shweta Agrawal, Benoît Libert, Damien Stehlé. Fully Secure Functional Encryption for Inner Products, from Standard Assumptions. Crypto 2016, Aug 2016, Santa Barbara, United States. Springer, 9816, pp.333 - 362, 2016, Crypto 2016. 〈http://www.iacr.org/conferences/crypto2016/〉. 〈10.1007/978-3-662-53015-3_12〉. 〈hal-01228559v4〉

Partager

Métriques

Consultations de la notice

355

Téléchargements de fichiers

193