6 research outputs found
Compactness vs Collusion Resistance in Functional Encryption
We present two general constructions that can be used to combine any
two functional
encryption (FE) schemes (supporting a bounded number of key queries)
into a new functional encryption scheme supporting
a larger number of key queries.
By using these constructions iteratively,
we transform any primitive FE scheme supporting a single
functional key query (from a sufficiently general class of functions)
and has certain weak compactness properties to a collusion-resistant
FE scheme with the same or slightly weaker compactness properties.
Together with previously known reductions, this
shows that the compact, weakly compact, collusion-resistant, and
weakly collusion-resistant versions of FE are all equivalent
under polynomial time reductions.
These are all FE variants known to imply the existence of indistinguishability
obfuscation, and were previously thought to offer slightly different avenues toward
the realization of obfuscation from general assumptions.
Our results show that they are indeed all equivalent, improving our
understanding of the minimal assumptions on
functional encryption required to instantiate
indistinguishability obfuscation
Single-Key to Multi-Key Functional Encryption with Polynomial Loss
Functional encryption (FE) enables fine-grained access to encrypted data. In a FE scheme, the holder of a secret key \SK_f (associated with a function ) and a ciphertext (encrypting plaintext ) can learn but nothing more.
An important parameter in the security model for FE is the number of secret keys that adversary has access to. In this work, we give a transformation from a FE scheme for which the adversary gets access to a single secret key (with ciphertext size sub-linear in the circuit for which this secret key is issued) to one that is secure even if adversary gets access to an {unbounded} number of secret keys. A novel feature of our transformation is that its security proof incurs only a {\em polynomial} loss
Indistinguishability Obfuscation from Well-Founded Assumptions
In this work, we show how to construct indistinguishability obfuscation from
subexponential hardness of four well-founded assumptions. We prove:
Let be arbitrary
constants. Assume sub-exponential security of the following assumptions, where
is a security parameter, and the parameters below are
large enough polynomials in :
- The SXDH assumption on asymmetric bilinear groups of a prime order ,
- The LWE assumption over with subexponential
modulus-to-noise ratio , where is the dimension of the LWE
secret,
- The LPN assumption over with polynomially many LPN samples
and error rate , where is the dimension of the LPN
secret,
- The existence of a Boolean PRG in with stretch
,
Then, (subexponentially secure) indistinguishability obfuscation for all
polynomial-size circuits exists
Public Key Encryption with Secure Key Leasing
We introduce the notion of public key encryption with secure key leasing
(PKE-SKL). Our notion supports the leasing of decryption keys so that a leased
key achieves the decryption functionality but comes with the guarantee that if
the quantum decryption key returned by a user passes a validity test, then the
user has lost the ability to decrypt. Our notion is similar in spirit to the
notion of secure software leasing (SSL) introduced by Ananth and La Placa
(Eurocrypt 2021) but captures significantly more general adversarial
strategies. In more detail, our adversary is not restricted to use an honest
evaluation algorithm to run pirated software. Our results can be summarized as
follows:
1. Definitions: We introduce the definition of PKE with secure key leasing
and formalize security notions.
2. Constructing PKE with Secure Key Leasing: We provide a construction of
PKE-SKL by leveraging a PKE scheme that satisfies a new security notion that we
call consistent or inconsistent security against key leasing attacks (CoIC-KLA
security). We then construct a CoIC-KLA secure PKE scheme using 1-key
Ciphertext-Policy Functional Encryption (CPFE) that in turn can be based on any
IND-CPA secure PKE scheme.
3. Identity Based Encryption, Attribute Based Encryption and Functional
Encryption with Secure Key Leasing: We provide definitions of secure key
leasing in the context of advanced encryption schemes such as identity based
encryption (IBE), attribute-based encryption (ABE) and functional encryption
(FE). Then we provide constructions by combining the above PKE-SKL with
standard IBE, ABE and FE schemes.Comment: 68 pages, 4 figures. added related works and a comparison with a
concurrent work (2023-04-07
Public Key Encryption with Secure Key Leasing
We introduce the notion of public key encryption with secure key leasing (PKE-SKL). Our notion supports the leasing of decryption keys so that a leased key achieves the decryption functionality but comes with the guarantee that if the quantum decryption key returned by a user passes a validity test, then the user has lost the ability to decrypt. Our notion is similar in spirit to the notion of secure software leasing (SSL) introduced by Ananth and La Placa (Eurocrypt 2021) but captures significantly more general adversarial strategies. In more detail, our adversary is not restricted to use an honest evaluation algorithm to run pirated software. Our results can be summarized as follows:
1. Definitions: We introduce the definition of PKE with secure key leasing and formalize a security notion that we call indistinguishability against key leasing attacks (IND-KLA security). We also define a one-wayness notion for PKE-SKL that we call OW-KLA security and show that an OW-KLA secure PKE-SKL scheme can be lifted to an IND-KLA secure one by using the (quantum) Goldreich-Levin lemma.
2. Constructing IND-KLA PKE with Secure Key Leasing: We provide a construction of OW-KLA secure PKE-SKL (which implies IND-KLA secure PKE-SKL as discussed above) by leveraging a PKE scheme that satisfies a new security notion that we call consistent or inconsistent security against key leasing attacks (CoIC-KLA security). We then construct a CoIC-KLA secure PKE scheme using 1-key Ciphertext-Policy Functional Encryption (CPFE) that in turn can be based on any IND-CPA secure PKE scheme.
3. Identity Based Encryption, Attribute Based Encryption and Functional Encryption with Secure Key Leasing: We provide definitions of secure key leasing in the context of advanced encryption schemes such as identity based encryption (IBE), attribute-based encryption (ABE) and functional encryption (FE). Then we provide constructions by combining the above PKE-SKL with standard IBE, ABE and FE schemes.
Notably, our definitions allow the adversary to request distinguishing keys in the security game, namely, keys that distinguish the challenge bit by simply decrypting the challenge ciphertext, so long as it returns them (and they pass the validity test) before it sees the challenge ciphertext. All our constructions satisfy this stronger definition, albeit with the restriction that only a bounded number of such keys be allowed to the adversary in the IBE and ABE (but not FE) security games.
Prior to our work, the notion of single decryptor encryption (SDE) has been studied in the context of PKE (Georgiou and Zhandry, Eprint 2020) and FE (Kitigawa and Nishimaki, Asiacrypt 2022) but all their constructions rely on strong assumptions including indistinguishability obfuscation. In contrast, our constructions do not require any additional assumptions, showing that PKE/IBE/ABE/FE can be upgraded to support secure key leasing for free
The Birth of Cryptographic Obfuscation -- A Survey
The first candidate indistinguishability obfuscator (iO) of Garg et al. (FOCS 2013) changed the previously pessimistic attitude towards general-purpose cryptographic obfuscation. The potential realizability of such a powerful tool motivated a plethora of applications, including solutions for long-standing open problems, from almost all areas of cryptography. At the same time, the question of whether iO is realizable under standard assumptions is still open. In this work, we review the rapid development of candidate constructions and organize the results of the first four years since the breakthrough. Our goal is to give a bird\u27s-eye view of the infancy of cryptographic obfuscation, providing insight into the most important ideas and techniques