Reference : On the Achievability of Simulation-Based Security for Functional Encryption
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
On the Achievability of Simulation-Based Security for Functional Encryption
De caro, Angelo []
Iovino, Vincenzo mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Jain, Abhishek [Johns Hopkins University]
O'Neill, Adam [Georgetown University]
Paneth, Omer [Boston University]
Persiano, Giuseppe [University of Salerno]
Advances in Cryptology - CRYPTO 2013 - 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part II
Lecture Notes in Computer Science 8043
from 18-08-2013 to 22-08-2013
Santa Barbara
[en] Functional Encryption ; Hidden-Vector Encryption ; Simulation-Security
[en] This work attempts to clarify to what extent simulation-based security (SIM-security) is achievable for functional encryption (FE) and its relation to the weaker indistinguishability-based security (IND-security). Our main result is a compiler that transforms any FE scheme for the general circuit functionality (which we denote by Circuit-FE) meeting indistinguishability-based security (IND-security) to a Circuit-FE scheme meeting SIM-security, where:
In the random oracle model, the resulting scheme is secure for an unbounded number of encryption and key queries, which is the strongest security level one can ask for.
In the standard model, the resulting scheme is secure for a bounded number of encryption and non-adaptive key queries, but an unbounded number of adaptive key queries. This matches known impossibility results and improves upon Gorbunov et al. [CRYPTO’12] (which is only secure for non-adaptive key queries).
Our compiler is inspired by the celebrated Fiat-Lapidot-Shamir paradigm [FOCS’90] for obtaining zero-knowledge proof systems from witness-indistinguishable proof systems. As it is currently unknown whether Circuit-FE meeting IND-security exists, the purpose of this result is to establish that it remains a good target for future research despite known deficiencies of IND-security [Boneh et al. – TCC’11, O’Neill – ePrint ’10]. We also give a tailored construction of SIM-secure hidden vector encryption (HVE) in composite-order bilinear groups. Finally, we revisit the known negative results for SIM-secure FE, extending them to natural weakenings of the security definition and thus providing essentially a full picture of the (in)achievability of SIM-secure FE.

File(s) associated to this reference

Fulltext file(s):

Open access
main.pdfExtended versionPublisher postprint590.81 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.