Reference : On the Power of Rewinding Simulators in Functional Encryption
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
On the Power of Rewinding Simulators in Functional Encryption
De Caro, Angelo* [IBM Zurich]
Iovino, Vincenzo* mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
* These authors have contributed equally to this work.
Designs, Codes and Cryptography
Springer Science
Yes (verified by ORBilu)
[en] Cryptography ; Functional Encryption
[en] In a seminal work, Boneh, Sahai and Waters (BSW, for short) [TCC'11] showed that for functional encryption the indistinguishability notion of security (IND-Security) is weaker than simulation-based security (SIM-Security), and that SIM-Security is in general impossible to achieve. This has opened up the door to a plethora of papers showing feasibility and new impossibility results. Nevertheless, the quest for better definitions that (1) overcome the limitations of IND-Security and (2) the known impossibility results, is still open.

In this work, we explore the benefits and the limits of using {\em efficient rewinding black-box simulators} to argue security. To do so, we introduce a new simulation-based security definition, that we call {\em rewinding simulation-based security} (RSIM-Security), that is weaker than the previous ones but it is still sufficiently strong to not meet pathological schemes as it is the case for IND-Security (that is implied by the RSIM). This is achieved by retaining a strong simulation-based flavour but adding more rewinding power to the simulator having care to guarantee that it can not learn more than what the adversary would learn in any run of the experiment. What we found is that for RSIM the BSW impossibility result does not hold and that IND-Security is {\em equivalent} to RSIM-Security for {\em Attribute-Based Encryption} in the {\em standard model}. Nevertheless, we prove that there is a setting where rewinding simulators are of no help. The adversary can put in place a strategy that forces the simulator to rewind continuously.
Fonds National de la Recherche - FnR
FnR ; FNR7884937 > Vincenzo Iovino > > Cryptography for Cloud Homomorphic Encrypted Secure Systems > 01/12/2014 > 30/11/2016 > 2014

File(s) associated to this reference

Fulltext file(s):

Open access
main.pdfminor differencesPublisher postprint491.88 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.