Abstract
Functional encryption (FE) can implement fine-grained control to encrypted plaintext via permitting users to compute only some specified functions on the encrypted plaintext using private keys with respect to those functions. Recently, many FEs were put forward; nonetheless, most of them cannot resist chosen-ciphertext attacks (CCAs), especially for those in the secret-key settings. This changed with the work, i.e., a generic transformation of public-key functional encryption (PK-FE) from chosen-plaintext (CPA) to chosen-ciphertext (CCA), where the underlying schemes are required to have some special properties such as restricted delegation or verifiability features. However, examples for such underlying schemes with these features have not been found so far. Later, a CCA-secure functional encryption from projective hash functions was proposed, but their scheme only applies to inner product functions. To construct such a scheme, some nontrivial techniques will be needed. Our key contribution in this work is to propose CCA-secure functional encryptions in the PKE and SK environment, respectively. In the existing generic transformation from (adaptively) simulation-based CPA- (SIM-CPA-) secure ones for deterministic functions to (adaptively) simulation-based CCA- (SIM-CCA-) secure ones for randomized functions, whether the schemes were directly applied to CCA settings for deterministic functions is not implied. We give an affirmative answer and derive a SIM-CCA-secure scheme for deterministic functions by making some modifications on it. Again, based on this derived scheme, we also propose an (adaptively) indistinguishable CCA- (IND-CCA-) secure SK-FE for deterministic functions. The final results show that our scheme can be instantiated under both nonstandard assumptions (e.g., hard problems on multilinear maps and indistinguishability obfuscation (IO)) and under standard assumptions (e.g., DDH, RSA, LWE, and LPN).
Highlights
PKE is the most useful asymmetric encryption, which encrypted the plaintext using a public encryption key pk and decrypted the ciphertext using a private key sk only owned by the receiver
We say that a public-key functional encryption (PK-functional encryption (FE)) scheme for deterministic functions is adaptively (q1, 1, q2) indistinguishable chosen-ciphertext secure ((q1, 1, q2)-INDCCA secure) if for any probability polynomial time (PPT) adversary A (A1, A2) where A1 and A2 make at most q1 and q2 key-generation queries, respectively, and we have that the function value AdvFINE,DF,CACA(λ) is negligible
We show several examples of how to instantiate a perfectly correct (q1, qc, q2)-SIM-CPA-secure functional encryption scheme CPAFE to apply to our generic constructions with CCA security in both public key and private key settings. e results described below show that the SIM-CPA-secure PKFE used to construct the Simulation-based CCA (SIM-CCA)-secure PK-FE can be designed from both standard assumptions and nonstandard assumptions
Summary
PKE is the most useful asymmetric encryption, which encrypted the plaintext using a public encryption key pk and decrypted the ciphertext using a private key sk only owned by the receiver. The generic transformation of Naor and Yung’s [16] from IND-CPA to IND-CCA encryption scheme can be adapted to functional encryption, it is only applied to the nonadaptive case in the public-key setting. It may achieve unbounded collusions, but which is not the key point we focus on in this paper. The removal operation does not affect the CPA-to-CCA transformation since the PRF and h does not participate in the transformation In this way, we get a SIM-CCA-secure PK-FE scheme for deterministic functions. For example, an IND-CPA-secure SK-FE which may induce a more practical scheme or simple functionality, it is not applicable to our construction. is is because, when we directly use the weak scheme, during the decryption query phase, the master secret key encrypted in the underlying SKFE ciphertext can be extracted out by the NIZK
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
