Presentation is loading. Please wait.

Presentation is loading. Please wait.

FUNCTIONAL ENCRYPTION & PROPERTY PRESERVING ENCRYPTION Shashank Agrawal (UIUC), Shweta Agrawal (IIT-D), Saikrishna Badrinarayanan (IIT-M), Abisekh Kumarasubramanian.

Similar presentations


Presentation on theme: "FUNCTIONAL ENCRYPTION & PROPERTY PRESERVING ENCRYPTION Shashank Agrawal (UIUC), Shweta Agrawal (IIT-D), Saikrishna Badrinarayanan (IIT-M), Abisekh Kumarasubramanian."— Presentation transcript:

1 FUNCTIONAL ENCRYPTION & PROPERTY PRESERVING ENCRYPTION Shashank Agrawal (UIUC), Shweta Agrawal (IIT-D), Saikrishna Badrinarayanan (IIT-M), Abisekh Kumarasubramanian (UCLA), Manoj Prabhakaran (UIUC), Amit Sahai (UCLA).

2 OUTLINE  Various encryption schemes:  Public-key functional encryption,  Private-key functional encryption,  Property Preserving encryption.  Fairly new ideas, spend some time on each one.  What they are?  Our results.  Come back and discuss Public-key functional encryption in detail.

3 PUBLIC KEY FUNCTIONAL ENC. MSK, MPK Alice MPK ENC (m) Julie Bob Trusted Authority

4 PUBLIC KEY FUNCTIONAL ENC.  First formally studied by Boneh, Sahai and Waters in  Encompasses well-known notions of encryption:  Public-key encryption [DH76, RSA77, …],  Identity-based encryption [Sha84, BF01, Coc01, BW06, GPV08],  Attribute-based encryption [SW05, GPSW06, GVW13, GGH+13],  Predicate encryption [KSW08, LOS+10, AFV11],  Searchable encryption [BCOP04], etc.  Has been the subject of intense study in the recent past.

5 OUR CONTRIBUTION  A new definition for Functional Encryption:  Simulation based (real-ideal world),  Provides both function and message hiding,  Simple and intuitive.  First definition with the above features.  Construct a secure protocol in the generic group model.  Practice: Security against a large class of attacks.  Function family F: inner-product predicates.

6 PRIVATE KEY FUNCTIONAL ENC. SK ENC (m1, SK) ENC (m2, SK) ENC (m3, SK) Client Server

7 USE CASE

8 PRIVATE KEY FUNCTIONAL ENC.  First studied by Shen, Shi and Waters in 2009 [SSW09].  SSW09 construct a secure protocol for inner-product predicates.  A new protocol that is better in several ways.

9 AN IMPROVED PROTOCOL SSW09 protocolOur protocol Selective securityFull security Composite-order groupsPrime-order groups Non-standard assumptionsStandard assumption

10 OUR PROTOCOL  Derived from Okamoto and Takashima [OT12].  Symmetric nature of inner-product predicates.  Ways to transform a protocol with weaker properties into one with stronger properties [Fre10, Lew12].  No method can simultaneously solve all the three problems.

11 PROPERTY PRESERVING ENCRYPTION SK ENC (m1, SK) ENC (m2, SK) Client Server TEST(ENC(m1), ENC(m2)) = P(m1, m2)

12 USE CASE

13 PROPERTY PRESERVING ENCRYPTION  Introduced by Pandey and Rouselakis in 2012 [PR12].  PR12 gives a protocol for the inner-product property.  We improve their protocol in two crucial ways.  Exploit connection b/n Private-key FE and PPE. PR12Our protocol Composite-order groupsPrime order groups Generic group model Standard model (DLIN assumption)

14 PUBLIC-KEY FUNCTIONAL ENCRYPTION

15 MSK, MPK Alice MPK ENC (m, MPK) Julie Adversary Trusted Authority

16 INDISTINGUISHABILITY BASED DEF.

17 SIMULATION BASED DEF.  A new definition for Functional Encryption:  Simulation based (real-ideal world),  Provides both function and message hiding,  Simple and intuitive.  Real world execution of a protocol is compared with an “Ideal” world.  Ideal world: Security requirements we want from our protocol.

18 Real WorldIdeal World Environment MSK, MPK MPK Adversary Trusted Authority Oracle Simulator

19 OUR SET-UP  Strong security definition.  Cannot be realized in the standard model [BSW11, O’N11, BO12].  Adversary doesn’t exploit structure of the group.  Generic group model: captures most real-world attacks.  Function family F: inner product predicates.  Looking at some special cases of Functional Encryption.  Inner-product predicates capture those cases.

20 IDENTITY BASED ENCRYPTION

21 COMPLEX POLICIES

22 INNER-PRODUCT PREDICATES

23 OUR PROTOCOL  A protocol for inner-product predicates in the Generic group model, which is secure under a strong simulation- based definition.  Two constructions  Dual Pairing Vector Spaces (Okamoto and Takashima in 2008).  Secret Sharing.  The constructions have comparable efficiency.  For vectors of length n, ciphertext and key of length 3n.

24 CONCLUSION  A new powerful definition for Public-Key Functional Encryption.  Protocol in the Generic group model.  Another definition Relax-SIM.  Protocol in the standard model.  Improve protocols for Private-Key Functional Encryption and Property Preserving Encryption in various ways.  First protocols under standard assumptions/model.

25 THANK YOU  Paper will soon be available on Eprint.


Download ppt "FUNCTIONAL ENCRYPTION & PROPERTY PRESERVING ENCRYPTION Shashank Agrawal (UIUC), Shweta Agrawal (IIT-D), Saikrishna Badrinarayanan (IIT-M), Abisekh Kumarasubramanian."

Similar presentations


Ads by Google