Results 1 
5 of
5
Functional Encryption with Bounded Collusions via MultiParty Computation ∗
, 2012
"... We construct a functional encryption scheme secure against an apriori bounded polynomial number of collusions for the class of all polynomialsize circuits. Our constructions require only semantically secure publickey encryption schemes and pseudorandom generators computable by smalldepth circuit ..."
Abstract

Cited by 39 (8 self)
 Add to MetaCart
We construct a functional encryption scheme secure against an apriori bounded polynomial number of collusions for the class of all polynomialsize circuits. Our constructions require only semantically secure publickey encryption schemes and pseudorandom generators computable by smalldepth circuits (known to be implied by most concrete intractability assumptions). For certain special cases such as predicate encryption schemes with public index, the construction requires only semantically secure encryption schemes, which is clearly the minimal necessary assumption. Our constructions rely heavily on techniques from secure multiparty computation and randomized encodings. All our constructions are secure under a strong, adaptive simulationbased definition of functional encryption.
Functional encryption: New perspectives and lower bounds
 Advances in Cryptology – CRYPTO ’13
, 2013
"... Functional encryption is an emerging paradigm for publickey encryption that enables finegrained control of access to encrypted data. In this work, we present new perspectives on security definitions for functional encryption, as well as new lower bounds on what can be achieved. Our main contributio ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
Functional encryption is an emerging paradigm for publickey encryption that enables finegrained control of access to encrypted data. In this work, we present new perspectives on security definitions for functional encryption, as well as new lower bounds on what can be achieved. Our main contributions are as follows: • We show a lower bound for functional encryption that satisfies a weak (nonadaptive) simulationbased security notion, via pseudorandom functions. This is the first lower bound that exploits unbounded collusions in an essential way. • We put forth and discuss a simulationbased notion of security for functional encryption, with an unbounded simulator (called USIM). We show that this notion interpolates indistinguishability and simulationbased security notions, and has strong correlations to results and barriers in the zeroknowledge and multiparty computation literature.
Simple Functional Encryption Schemes for Inner Products
"... Abstract. Functional encryption is a new paradigm in publickey encryption that allows users to finely control the amount of information that is revealed by a ciphertext to a given receiver. Recent papers have focused their attention on constructing schemes for general functionalities at expense of ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Functional encryption is a new paradigm in publickey encryption that allows users to finely control the amount of information that is revealed by a ciphertext to a given receiver. Recent papers have focused their attention on constructing schemes for general functionalities at expense of efficiency. Our goal, in this paper, is to construct functional encryption schemes for less general functionalities which are still expressive enough for practical scenarios. We propose a functional encryption scheme for the innerproduct functionality, meaning that decrypting an encrypted vector x with a key for a vector y will reveal only 〈x,y 〉 and nothing else, whose security is based on the DDH assumption. Despite the simplicity of this functionality, it is still useful in many contexts like descriptive statistics. In addition, we generalize our approach and present a generic scheme that can be instantiated, in addition, under the LWE assumption and offers various tradeoffs in terms of expressiveness and efficiency.
NonInteractive Secure Multiparty Computation∗
, 2014
"... We introduce and study the notion of noninteractive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,..., xn) is specified by a joint probability distribution R = (R1,..., Rn) and local encoding functions Enci(xi, Ri), 1 ≤ i ≤ n. Given correlated randomness (R1,..., Rn) ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
We introduce and study the notion of noninteractive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x1,..., xn) is specified by a joint probability distribution R = (R1,..., Rn) and local encoding functions Enci(xi, Ri), 1 ≤ i ≤ n. Given correlated randomness (R1,..., Rn) ∈R R, each party Pi, using its input xi and its randomness Ri, computes the message mi = Enci(xi, Ri). The messagesm1,...,mn can be used to decode f(x1,..., xn). For a set T ⊆ [n], the protocol is said to be Trobust if revealing the messages (Enci(xi, Ri))i 6∈T together with the randomness (Ri)i∈T gives the same information about (xi)i 6∈T as an oracle access to the function f restricted to these input values. Namely, a coalition T can learn no more than the restriction of f fixing the inputs of uncorrupted parties, which, in this noninteractive setting, one cannot hope to hide. For 0 ≤ t ≤ n, the protocol is trobust if it is Trobust for every T of size at most t and it is fully robust if it is nrobust. A 0robust NIMPC protocol for f coincides with a protocol in the private simultaneous messages model of Feige et al. (STOC 1994). In the setting of computational (indistinguishabilitybased) security, fully robust NIMPC is implied by multiinput functional encryption, a notion that was recently introduced by Goldwasser et al. (Euro
Compact Reusable Garbled Circuits
, 2014
"... Garbled circuits are integral to secure function evaluation. A garbled circuit C ̂ for a circuit C enables a user to compute C(x) and nothing more about C or x, when given an encoding x ̂ for the input x. Earlier, garbling schemes produced only singleuse garbled circuits which did not offer securit ..."
Abstract
 Add to MetaCart
Garbled circuits are integral to secure function evaluation. A garbled circuit C ̂ for a circuit C enables a user to compute C(x) and nothing more about C or x, when given an encoding x ̂ for the input x. Earlier, garbling schemes produced only singleuse garbled circuits which did not offer security when used to evaluate more than one input encoding. Very recently, the first reusable version of garbled circuits was constructed by Goldwasser et al. (STOC 2013), which allowed a garbled circuit to evaluate multiple input encodings. But, all these constructions of garbled circuits, including the singleuse ones, incur a multiplicative blowup in size i.e the size of the garbled circuit is C  · poly(λ) for some security parameter λ. Hence, a fundamental question about (reusable) garbled circuits is: How small can a garbled circuit be? The main result of this thesis is a garbling scheme which produces (reusable) garbled circuits with just an additive overhead in size i.e with size C+poly(λ, dmax). Here dmax is the maximum depth of circuits which the garbling scheme can handle. Modulo the additive poly(λ, dmax) factor which is independent of the size of the circuit, this is the best that one could hope for. The main technical ingredient of our work is a “fully ” keyhomomorphic encryption scheme; an object that we define and construct based on learning with errors (LWE) assumption. A fully keyhomomorphic