Functional encryption

Template:Infobox encryption method

Functional encryption (FE) is a generalization of public-key encryption in which possessing a secret key allows one to learn a function of what the ciphertext is encrypting.

More precisely, a functional encryption scheme for a given functionality ${\displaystyle f}$ consists of the following four algorithms:

• ${\displaystyle (\text{pk},\text{msk})\leftarrow \mathsf{\text{Setup}}(1^{\lambda })}$: creates a public key ${\displaystyle \text{pk}}$ and a master secret key ${\displaystyle \text{msk}}$.
• ${\displaystyle \text{sk}\leftarrow \mathsf{\text{Keygen}}(\text{msk},f)}$: uses the master secret key to generate a new secret key ${\displaystyle \text{sk}}$ for the function ${\displaystyle f}$.
• ${\displaystyle c\leftarrow \mathsf{\text{Enc}}(\text{pk},x)}$: uses the public key to encrypt a message ${\displaystyle x}$.
• ${\displaystyle y\leftarrow \mathsf{\text{Dec}}(\text{sk},c)}$: uses secret key to calculate ${\displaystyle y=f(x)}$ where ${\displaystyle x}$ is the value that ${\displaystyle c}$ encrypts.

The security of FE requires that any information an adversary learns from an encryption of ${\displaystyle x}$ is revealed by ${\displaystyle f(x)}$. Formally, this is defined by simulation.^[1]

Functional encryption generalizes several existing primitives including Identity-based encryption (IBE) and attribute-based encryption (ABE). In the IBE case, define ${\displaystyle F(k,x)}$ to be equal to ${\displaystyle x}$ when ${\displaystyle k}$ corresponds to an identity that is allowed to decrypt, and ${\displaystyle \perp }$ otherwise. Similarly, in the ABE case, define ${\displaystyle F(k,x)=x}$ when ${\displaystyle k}$ encodes attributes with permission to decrypt and ${\displaystyle \perp }$ otherwise.

Functional encryption was proposed by Amit Sahai and Brent Waters in 2005^[2] and formalized by Dan Boneh, Amit Sahai and Brent Waters in 2010.^[3] Until recently, however, most instantiations of Functional Encryption supported only limited function classes such as boolean formulae. In 2012, several researchers developed Functional Encryption schemes that support arbitrary functions.^[1][4][5][6]

Template:Reflist