Reference : Deniable Functional Encryption
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Deniable Functional Encryption
De caro, Angelo [IBM Zurich]
Iovino, Vincenzo mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
O'Neill, Adam [Georgetown University]
Public-key Cryptography - PKC 2016, 19th IACR International Conference on Practice and Theory in Public-Key Cryptography, Taipei, Taiwan, March 6-9, 2016, Proceedings, Part I
Lecture Notes in Computer Science 9614
19th IACR International Conference on Practice and Theory in Public-Key Cryptography, Taipei, Taiwan, March 6-9, 2016, Proceedings, Part I
fom 06-03-2015 to 09-03-2015
[en] Deniable encryption ; Functional encryption ; Simulation-security
[en] Deniable encryption, first introduced by Canetti et al. (CRYPTO 1997), allows a sender and/or receiver of encrypted communication to produce fake but authentic-looking coins and/or secret keys that “open” the communication to a different message. Here we initiate its study for the more general case of functional encryption (FE), as introduced by Boneh et al. (TCC 2011), wherein a receiver in possession of a key k can compute from any encryption of a message x the value F (k, x) according to the scheme’s functionality F . Our results are summarized as follows:
We put forth and motivate the concept of deniable FE, for which we consider two models. In the first model, as previously considered by O’Neill et al. (CRYPTO 2011) in the case of identity-based encryption, a receiver gets assistance from the master authority to generate a fake secret key. In the second model, there are “normal” and “deniable” secret keys, and a receiver in possession of a deniable secret key can produce a fake but authentic-looking normal key on its own. This parallels the “multi-distributional” model of deniability previously considered for public-key encryption.
In the first model, we show that any FE scheme for the general circuit functionality (as several recent candidate construction achieve) can be converted into an FE scheme having receiver deniability, without introducing any additional assumptions. In addition we show an efficient receiver deniable FE for Boolean Formulae from bilinear maps. In the second (multi-distributional) model, we show a specific FE scheme for the general circuit functionality having receiver deniability. This result additionally assumes differing-inputs obfuscation and relies on a new technique we call delayed trapdoor circuits. To our knowledge, a scheme in the multi-distributional model was not previously known even in the simpler case of identity-based encryption.
Finally, we show that receiver deniability for FE implies some form of simulation security, further motivating study of the latter and implying optimality of our results.
An extended version has been published in IET Information Security. DOI: 10.1049/iet-ifs.2017.0040
FnR ; FNR7884937 > Vincenzo Iovino > > Cryptography for Cloud Homomorphic Encrypted Secure Systems > 01/12/2014 > 30/11/2016 > 2014

File(s) associated to this reference

Fulltext file(s):

Open access
main.pdfPublisher postprint476.36 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.