Abstract
Private-key functional encryption enables fine-grained access to symmetrically encrypted data. Although private-key functional encryption (supporting an unbounded number of keys and ciphertexts) seems significantly weaker than its public-key variant, its known realizations all rely on public-key functional encryption. At the same time, however, up until recently it was not known to imply any public-key primitive, demonstrating our poor understanding of this primitive. Bitansky et al. (Theory of cryptography—14th international conference, TCC 2016-B, 2016) showed that sub-exponentially secure private-key function encryption bridges from nearly exponential security in Minicrypt to slightly super-polynomial security in Cryptomania, and from sub-exponential security in Cryptomania to Obfustopia. Specifically, given any sub-exponentially secure private-key functional encryption scheme and a nearly exponentially secure one-way function, they constructed a public-key encryption scheme with slightly super-polynomial security. Assuming, in addition, a sub-exponentially secure public-key encryption scheme, they then constructed an indistinguishability obfuscator (or a public-key functional encryption scheme if the given building blocks are polynomially secure).
We show that quasi-polynomially secure private-key functional encryption bridges from sub-exponential security in Minicrypt all the way to Cryptomania. First, given any quasi-polynomially secure private-key functional encryption scheme, we construct an indistinguishability obfuscator for circuits with inputs of poly-logarithmic length. Then, we observe that such an obfuscator can be used to instantiate many natural applications of indistinguishability obfuscation. Specifically, relying on sub-exponentially secure one-way functions, we show that quasi-polynomially secure private-key functional encryption implies not just public-key encryption but leads all the way to public-key functional encryption for circuits with inputs of poly-logarithmic length. Moreover, relying on sub-exponentially secure injective one-way functions, we show that quasi-polynomially secure private-key functional encryption implies a hard-on-average distribution over instances of a PPAD-complete problem. Underlying our constructions is a new transformation from single-input functional encryption to multi-input functional encryption in the private-key setting. The previously known such transformation (Brakerski et al. J Cryptol 31(2):434–520, 2018) required a sub-exponentially secure single-input scheme, and obtained a scheme supporting only a slightly super-constant number of inputs. Our transformation both relaxes the underlying assumption and supports more inputs: Given any quasi-polynomially secure single-input scheme, we obtain a scheme supporting a poly-logarithmic number of inputs.
Similar content being viewed by others
Notes
As a concrete (yet quite general) example, consider a user who stores her data on a remote server: The user uses the master secret key both for encrypting her data, and for generating functional keys that will enable the server to offer her various useful services.
This is not true in various restricted cases, for example, when the functional encryption scheme has to support an a priori bounded number of functional keys or ciphertexts [39]. However, as mentioned, we focus on schemes that support an unbounded number of functional keys and ciphertexts.
This holds even if the construction is allowed to generate functional keys (in a non-black-box manner) for any circuit that invokes one-way functions in a black-box manner.
In this work, we focus on selectively secure schemes, where an adversary first submits all of its encryption queries, and can then adaptively interact with the key-generation oracle (see Definition 2.7). This notion of security suffices for the applications we consider in this paper.
A similar strategy was also employed by Ananth and Jain [4] that showed how to use any t-input private-key scheme to get a private-key \((t+1)\)-input scheme under the additional assumption that a public-key functional encryption scheme exists. Their construction, however, did not incur the polynomial blowup and could be applied all the way to get a scheme that supports a polynomial number of inputs.
We note that the notion of function privacy is very different from the one in the private-key setting, and in particular, natural definitions already imply obfuscation.
We focus on selective security and do not define full security since there is a generic transformation [3].
The injective one-way function can be relaxed to be a family of one-way functions such that a random element is an injective function with high probability. Furthermore, this primitive will not be used in the construction, but rather only in the proof of security.
References
S. Agrawal, S. Agrawal, S. Badrinarayanan, A. Kumarasubramanian, M. Prabhakaran, A. Sahai, Function private functional encryption and property preserving encryption: new definitions and positive results. Cryptology ePrint Archive, Report 2013/744 (2013)
P. Ananth, D. Boneh, S. Garg, A. Sahai, M. Zhandry, Differing-inputs obfuscation and applications. Cryptology ePrint Archive, Report 2013/689 (2013)
P. Ananth, Z. Brakerski, G. Segev, V. Vaikuntanathan, From selective to adaptive security in functional encryption, in Advances in Cryptology—CRYPTO ’15 (2015), pp. 657–677
P. Ananth, A. Jain, Indistinguishability obfuscation from compact functional encryption, in Advances in Cryptology—CRYPTO ’15 (2015), pp. 308–326
P. Ananth, A. Jain, M. Naor, A. Sahai, E. Yogev, Universal constructions and robust combiners for indistinguishability obfuscation and witness encryption, in Advances in Cryptology—CRYPTO ’16 (2016), pp. 491–520
P. Ananth, A. Jain, A. Sahai, Achieving compactness generically: indistinguishability obfuscation from non-compact functional encryption. Cryptology ePrint Archive, Report 2015/730 (2015)
T. Abbot, D. Kane, P. Valiant, On algorithms for Nash equilibria (2004)
G. Asharov, G. Segev, Limits on the power of indistinguishability obfuscation and functional encryption. SIAM J. Comput., 45(6), 2117–2176 (2016)
E. Boyle, K. Chung, R. Pass, On extractability obfuscation, in Proceedings of the 11th Theory of Cryptography Conference, TCC (2014), pp. 52–73
Z. Brakerski, C. Gentry, S. Halevi, T. Lepoint, A. Sahai, M. Tibouchi, Cryptanalysis of the quadratic zero-testing of GGH. Cryptology ePrint Archive, Report 2015/845 (2015)
B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs. J. ACM, 59(2), 6 (2012)
E. Boyle, S. Goldwasser, I. Ivan, Functional signatures and pseudorandom functions, in Proceedings of the 17th International Conference on Practice and Theory in Public-Key Cryptography (2014), pp. 501–519
Z. Brakerski, I. Komargodski, G. Segev, Multi-input functional encryption in the private-key setting: stronger security from weaker assumptions. J. Cryptol., 31(2), 434–520 (2018)
D. Boneh, K. Lewi, M. Raykova, A. Sahai, M. Zhandry, J. Zimmerman, Semantically secure order-revealing encryption: Multi-input functional encryption without obfuscation, in Advances in Cryptology—EUROCRYPT ’15 (2015), pp. 563–594
N. Bitansky, R. Nishimaki, A. Passelègue, D. Wichs, From Cryptomania to Obfustopia through secret-key functional encryption, in Theory of Cryptography—14th International Conference, TCC 2016-B (2016), pp. 391–418
N. Bitansky, O. Paneth, A. Rosen, On the cryptographic hardness of finding a Nash equilibrium, in Proceedings of the 56th Annual IEEE Symposium on Foundations of Computer Science (2015), pp. 1480–1498
D. Boneh, A. Raghunathan, G. Segev, Function-private identity-based encryption: hiding the function in functional encryption, in Advances in Cryptology—CRYPTO ’13 (2013), pp. 461–478
D. Boneh, A. Raghunathan, G. Segev, Function-private subspace-membership encryption and its applications, in Advances in Cryptology—ASIACRYPT ’13 (2013), pp. 255–275
Z. Brakerski, G. Segev, Function-private functional encryption in the private-key setting, in Proceedings of the 12th Theory of Cryptography Conference, TCC (2015), pp. 306–324
D. Boneh, A. Sahai, B. Waters, Functional encryption: definitions and challenges, in Proceedings of the 8th Theory of Cryptography Conference, TCC (2011), pp. 253–273
D. Boneh, A. Sahai, B. Waters, Functional encryption: a new vision for public-key cryptography. Commun. ACM, 55(11), 56–64 (2012)
N. Bitansky, V. Vaikuntanathan, Indistinguishability obfuscation from functional encryption, in Proceedings of the 56th Annual IEEE Symposium on Foundations of Computer Science (2015), pp. 171–190
D. Boneh, B. Waters, Constrained pseudorandom functions and their applications, in Advances in Cryptology—ASIACRYPT ’13 (2013), pp. 280–300
X. Chen, X. Deng, S. Teng, Settling the complexity of computing two-player Nash equilibria. J. ACM, 56(3), 14 (2009)
J.H. Cheon, P. Fouque, C. Lee, B. Minaud, H. Ryu, Cryptanalysis of the new CLT multilinear map over the integers, in Advances in Cryptology—EUROCRYPT (2016), pp. 509–536
J. Coron, C. Gentry, S. Halevi, T. Lepoint, H.K. Maji, E. Miles, M. Raykova, A. Sahai, M. Tibouchi, Zeroizing without low-level zeroes: new MMAP attacks and their limitations, in Advances in Cryptology—CRYPTO ’15 (2015), pp. 247–266
J.H. Cheon, K. Han, C. Lee, H. Ryu, D. Stehlé, Cryptanalysis of the multilinear map over the integers, in Advances in Cryptology—EUROCRYPT ’15 (2015), pp. 3–12
J.H. Cheon, J. Jeong, C. Lee, An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without an encoding of zero. Cryptology ePrint Archive, Report 2016/139 (2016)
C. Daskalakis, P. W. Goldberg, C.H. Papadimitriou, The complexity of computing a Nash equilibrium. Commun. ACM, 52(2), 89–97 (2009)
C. Daskalakis, P.W. Goldberg, C.H. Papadimitriou, The complexity of computing a Nash equilibrium. SIAM J. Comput., 39(1), 195—259 (2009)
C. Daskalakis, C.H. Papadimitriou, Continuous local search, in Proceedings of the 22nd Annual ACM-SIAM Symposium on Discrete Algorithms (2011), pp. 790–804
S. Goldwasser, S.D. Gordon, V. Goyal, A. Jain, J. Katz, F.-H. Liu, A. Sahai, E. Shi, H.-S. Zhou, Multi-input functional encryption, in Advances in Cryptology—EUROCRYPT ’14 (2014), pp. 578–602
S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in Proceedings of the 54th Annual IEEE Symposium on Foundations of Computer Science (2013), pp. 40–49
S. Garg, C. Gentry, S. Halevi, M. Zhandry, Functional encryption without obfuscation, in Proceedings of the 13th Theory of Cryptography Conference, TCC (2016), pp. 480–511
O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. J. ACM, 33(4), 792-807 (1986)
S. Goldwasser, Y. Kalai, R.A. Popa, V. Vaikuntanathan, N. Zeldovich, Reusable garbled circuits and succinct functional encryption, in Proceedings of the 45th Annual ACM Symposium on Theory of Computing (2013), pp. 555–564
S. Garg, O. Pandey, A. Srinivasan, Revisiting the cryptographic hardness of finding a Nash equilibrium, in Advances in Cryptology—CRYPTO ’16 (2016), pp. 579–604
S. Garg, A. Srinivasan, Single-key to multi-key functional encryption with polynomial loss, in Theory of Cryptography—14th International Conference, TCC (2016), pp. 419–442
S. Gorbunov, V. Vaikuntanathan, H. Wee, Functional encryption with bounded collusions via multi-party computation, in Advances in Cryptology—CRYPTO ’12 (2012), pp. 162–179
Y. Hu, H. Jia, Cryptanalysis of GGH map, in Advances in Cryptology—EUROCRYPT (2016), pp. 537–565
P. Hubácek, E. Yogev, Hardness of continuous local search: Query complexity and cryptographic lower bounds, in Proceedings of the 28th Annual ACM-SIAM Symposium on Discrete Algorithms, SODA (2017), pp. 1352–1371
R. Impagliazzo, A personal view of average-case complexity, in Proceedings of the 10th Annual Structure in Complexity Theory Conference (1995), pp. 134–147
I. Komargodski, T. Moran, M. Naor, R. Pass, A. Rosen, E. Yogev, One-way functions and (im)perfect obfuscation, in Proceedings of the 55th Annual IEEE Symposium on Foundations of Computer Science (2014), pp. 374–383
F. Kitagawa, R. Nishimaki, K. Tanaka, Obfustopia built on secret-key functional encryption, in Advances in Cryptology—EUROCRYPT (2018), pp. 603–648
A. Kiayias, S. Papadopoulos, N. Triandopoulos, T. Zacharias, Delegatable pseudorandom functions and applications, in Proceedings of the 20th Annual ACM Conference on Computer and Communications Security (2013), pp. 669–684
I. Komargodski, G. Segev, E. Yogev, Functional encryption for randomized functionalities in the private-key setting from minimal assumptions. J. Cryptol., 31(1), 60–100 (2018)
B. Li, D. Micciancio, Compactness vs collusion resistance in functional encryption, in Theory of Cryptography—14th International Conference, TCC (2016), pp. 443–468
E. Miles, A. Sahai, M. Zhandry, Annihilation attacks for multilinear maps: cryptanalysis of indistinguishability obfuscation over GGH13, in Advances in Cryptology—CRYPTO (2016), pp. 629–658
A. O’Neill, Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556 (2010)
C.H. Papadimitriou, On the complexity of the parity argument and other inefficient proofs of existence. J. Comput. Syst. Sci., 48(3), 498-532 (1994)
E. Shen, E. Shi, B. Waters, Predicate privacy in encryption systems, in Proceedings of the 6th Theory of Cryptography Conference, TCC (2009), pp. 457–473
A. Sahai, B. Waters, Slides on functional encryption (2008). http://www.cs.utexas.edu/~bwaters/presentations/files/functional.ppt
A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more, in Proceedings of the 46th Annual ACM Symposium on Theory of Computing (2014), pp. 475–484
B. Waters, A punctured programming approach to adaptively secure functional encryption, in Advances in Cryptology—CRYPTO ’15 (2015), pp. 678–697
Acknowledgements
We thank Zvika Brakerski and the anonymous referees for many valuable comments. The first author thanks his advisor Moni Naor for his support and guidance.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Rafail Ostrovsky.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Ilan Komargodski: Supported in part by a Packard Foundation Fellowship and by an AFOSR Grant FA9550-15-1-0262. Work done while being a Ph.D. student at the Weizmann Institute of Science, supported by grants from the Israel Science Foundation (No. 950/16) and by a Levzion Fellowship.
Gil Segev: Supported by the European Union’s 7th Framework Program (FP7) via a Marie Curie Career Integration Grant, by the European Union’s Horizon 2020 Framework Program (H2020) via an ERC Grant (Grant No. 714253), by the Israel Science Foundation (Grant No. 483/13), by the Israeli Centers of Research Excellence (I-CORE) Program (Center No. 4/11), by the US-Israel Binational Science Foundation (Grant No. 2014632), and by a Google Faculty Research Award.
Rights and permissions
About this article
Cite this article
Komargodski, I., Segev, G. From Minicrypt to Obfustopia via Private-Key Functional Encryption. J Cryptol 33, 406–458 (2020). https://doi.org/10.1007/s00145-019-09327-x
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-019-09327-x