Presentation is loading. Please wait.

Presentation is loading. Please wait.

Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter.

Similar presentations


Presentation on theme: "Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter."— Presentation transcript:

1 Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter

2 Overview  Describe the problem we want to solve.  Why existing tools like SMPC and FE are not quite right.  Define Controlled Functional Encryption (CFE).  Discuss applications and constructions.

3 Goal To come up with a new model of Functional Encryption which is simple, realistic, and allows the design of very efficient protocols.

4 Motivation Havasupai tribe and the lawsuit settlement aftermath In 1989, researchers from ASU partnered with the Havasupai Tribe, a community with high rates of Type II Diabetes, to study links between genes and diabetes risk. When the researchers were not successful in finding a genetic link, they used the DNA from blood samples for other unrelated studies such as schizophrenia, migration, and inbreeding, all of which are taboo topics for the Havasupai. Source:

5 Volunteer  Contribute to scientific research by providing my genomic data.  Doesn’t trust anyone with my entire data.  Enforce policies like:  Only certain kinds of experiments can be run.  My data should be available only for an year.  Any researcher is allowed to run only 5 experiments.

6 Scientist  I would like to conduct experiments, but with appropriate consent.  I do not want to reveal the design of my experiments.  Could be malicious!

7 Two-party Computation  When a scientist wants to conduct an experiment, he contacts the volunteer, and they engage in 2-party secure computation.  Good  Does handle privacy concerns of both volunteers and scientists.  Efficient methods now known (using Garbled circuits, for e.g.)  Bad  Many scientists in the world, conduct experiments at different times.  Inconvenient for scientists if a small time-frame is provided.

8 Functional Encryption MSK, MPK Alice MPK ENC (m) Bob Trusted Authority

9 Functional Encryption  How it would work?  Authority generates (MPK, MSK).  Volunteer encrypts her data under MPK, provides it to a scientist.  Authority issues keys corresponding to the function scientist would like to evaluate.  Good  Scientists can only evaluate the function for which a key is given.  Volunteer’s burden reduced substantially.  Bad  No efficient schemes for computing functions of interest (e.g. actual value of inner product).  Enforcing policies like bounded usage.

10 Controlled Functional Encryption

11 Controlled Functional Encryption

12 Security  Malicious scientist, semi-honest central authority.  Assumption: Scientists and authority don’t collude.  Ideal-real world simulation based security definition.  Function hiding and function revealing.

13 Applications

14 Actual value of Inner-product  Think of a genome as a huge vector of small numbers X.  Let V be another vector of the same length.  Computing allows us to check for disease susceptibility, patient similarity, etc.

15 Protocol MPK, MSK X+R, Enc (R, Pol, MPK) V, Enc (R, Pol, MPK) - X V

16 General Construction  Input of scientist: f – any function  Input of volunteer: x  Output: F (f, x) = f (x)  Two party computation using Garbled circuits:  Authority has input MSK  Client has input f, y = Enc(x)  Compute F ( f, Dec (y) ) – circuit becomes big  A new method that avoids decryption.  Authority and client together compute F ( f, x ) only

17 Thank you.


Download ppt "Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter."

Similar presentations


Ads by Google