ABSTRACT
Motivated by privacy and usability requirements in various scenarios where existing cryptographic tools (like secure multi-party computation and functional encryption) are not adequate, we introduce a new cryptographic tool called Controlled Functional Encryption (C-FE). As in functional encryption, C-FE allows a user (client) to learn only certain functions of encrypted data, using keys obtained from an authority. However, we allow (and require) the client to send a fresh key request to the authority every time it wants to evaluate a function on a ciphertext. We obtain efficient solutions by carefully combining CCA2 secure public-key encryption (or rerandomizable RCCA secure public-key encryption, depending on the nature of security desired) with Yao's garbled circuit. Our main contributions in this work include developing and for- mally defining the notion of C-FE; designing theoretical and practical constructions of C-FE schemes achieving these definitions for specific and general classes of functions; and evaluating the performance of our constructions on various application scenarios.
- Cancer facts and statistics. http://www.cancer.org/ research/ cancerfactsstatistics/ .Google Scholar
- A combinational multiplier using the xilinx spartan ii fpga. http://ecen3233.okstate.edu/PDF/Labs/Combinational%20Multiplier.pdf .Google Scholar
- Fast facts on US hospitals. http://www.aha.org/ research/ rc/ stat-studies/ fast-facts.shtml.Google Scholar
- Havasupai tribe and the lawsuit settlement aftermath. http://genetics.ncai.org/ case-study/havasupai-Tribe.cfm.Google Scholar
- Indian tribe wins fight to limit research of its dna. http://www.nytimes.com/2010/04/ 22/ us/22dna.html?pagewanted=all&_r=1&.Google Scholar
- List of genetic diseases with associated genes and snp's. http://www.eupedia.com/genetics/genetic_diseases.shtml.Google Scholar
- Tpm reset attack. http://www.cs.dartmouth.edu/ pkilab/sparks/ .Google Scholar
- S. Agrawal, S. Gurbanov, V. Vaikuntanathan, and H. Wee. Functional encryption: New perspectives and lower bounds. In Crypto, 2013.Google ScholarCross Ref
- M. J. Atallah and J. Li. Secure outsourcing of sequence comparisons. International Journal of Information Security, 4(4):277--287, 2005. Google ScholarDigital Library
- E. Ayday, J. L. Raisaro, and J.-P. Hubaux. Privacy-enhancing technologies for medical tests using genomic data. In NDSS, 2013.Google Scholar
- E. Ayday, J. L. Raisaro, P. J. McLaren, J. Fellay, and J.-P. Hubaux. Privacy-preserving computation of disease risk by using genomic, clinical, and environmental data. In HealthTech, 2013.Google Scholar
- E. Ayday, J. L. Raisaro, J. Rougemont, and J.-P. Hubaux. Protecting and evaluating genomic privacy in medical tests and personalized medicine. In WPES, 2013. Google ScholarDigital Library
- P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, and G. Tsudik. Countering gattaca: efficient and secure testing of fully-sequenced human genomes. In CCS'11, pages 691--702, 2011. Google ScholarDigital Library
- M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. InCRYPTO'98, number 1462, pages 26--45. Google ScholarDigital Library
- M. Bellare, V. T. Hoang, and P. Rogaway. Foundations of garbled circuits. In CCS'12, pages 784--796, 2012. Google ScholarDigital Library
- M. Bellare and P. Rogaway. Optimal asymmetric encryption. In EUROCRYPT, pages 92--111, 1995.Google ScholarCross Ref
- J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In IEEE S&P, pages 321--334, 2007. Google ScholarDigital Library
- M. Blanton, M. J. Atallah, K. B. Frikken, and Q. Malluhi. Secure and efficient outsourcing of sequence comparisons. In ESORICS, pages 505--522. 2012.Google ScholarCross Ref
- D. Boneh, A. Sahai, and B. Waters. Functional encryption: Definitions and challenges. In TCC, pages 253--273, 2011. Google ScholarDigital Library
- F. Bruekers, S. Katzenbeisser, K. Kursawe, and P. Tuyls. Privacy-preserving matching of DNA profiles. IACR Cryptology ePrint Archive, 2008:203, 2008.Google Scholar
- R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS, pages 136--145, 2001. Google ScholarDigital Library
- H. Carter, C. Amrutkar, I. Dacosta, and P. Traynor. For your phone only: custom protocols for efficient secure function evaluation on mobile devices. SCN, 2013.Google Scholar
- H. Carter, B. Mood, P. Traynor, and K. Butler. Secure outsourced garbled circuit evaluation for mobile devices. In USENIX Security, pages 289--304, 2013. Google ScholarDigital Library
- K.-M. Chung, J. Katz, and H.-S. Zhou. Functional encryption from (small) hardware tokens. In ASIACRYPT, pages 120--139. 2013.Google ScholarCross Ref
- E. De Cristofaro, S. Faber, P. Gasti, and G. Tsudik. Genodroid: are privacy-preserving genomic tests ready for prime time? In WPES, pages 97--108, 2012. Google ScholarDigital Library
- D. Eppstein, M. T. Goodrich, and P. Baldi. Privacy-enhanced methods for comparing compressed DNA sequences. arXiv preprint arXiv:1107.3593, 2011.Google Scholar
- E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is secure under the RSA assumption. In CRYPTO, number 2139, pages 260--274. Jan. 2001. Google ScholarDigital Library
- S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, and B. Waters. Candidate indistinguishability obfuscation and functional encryption for all circuits. STOC, pages 40--49, 2013. Google ScholarDigital Library
- S. Garg, C. Gentry, S. Halevi, A. Sahai, and B. Waters. Attribute-based encryption for circuits from multilinear maps. In CRYPTO 2013, number 8043, pages 479--499. 2013.Google ScholarCross Ref
- S. Goldwasser, Y. Kalai, R. A. Popa, V. Vaikuntanathan, and N. Zeldovich. Reusable garbled circuits and succinct functional encryption. In STOC, pages 555--564, 2013. Google ScholarDigital Library
- S. Gorbunov, V. Vaikuntanathan, and H. Wee. Functional encryption with bounded collusions from multiparty computation. In CRYPTO, 2012.Google Scholar
- S. Gorbunov, V. Vaikuntanathan, and H. Wee. Functional encryption with bounded collusions via multi-party computation. In CRYPTO, pages 162--179. 2012.Google ScholarDigital Library
- S. Gorbunov, V. Vaikuntanathan, and H. Wee. Attribute-based encryption for circuits. In STOC, pages 545--554, 2013. Google ScholarDigital Library
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-based encryption for fine-grained access control of encrypted data. In CCS, pages 89--98, 2006. Google ScholarDigital Library
- Y. Huang, D. Evans, and J. Katz. Private set intersection: Are garbled circuits better than custom protocols. In NDSS, 2012.Google Scholar
- Y. Huang, D. Evans, J. Katz, and L. Malka. Faster secure two-party computation using garbled circuits. In USENIX Security, volume 201, 2011. Google ScholarDigital Library
- Y. Huang, J. Katz, and D. Evans. Quid-pro-quo-tocols: Strengthening semi-honest protocols with dual execution. In IEEE S&P, pages 272--284, 2012. Google ScholarDigital Library
- Y. Huang, J. Katz, and D. Evans. Efficient secure two-party computation using symmetric cut-and-choose. In CRYPTO, pages 18--35. 2013.Google ScholarCross Ref
- Y. Ishai. Randomization techniques for secure computation. Secure Multi-Party Computation, 10:222--248, 2013.Google Scholar
- S. Jha, L. Kruger, and V. Shmatikov. Towards practical privacy for genomic computation. In IEEE S&P, pages 216--230, 2008. Google ScholarDigital Library
- A. Joux. Faster index calculus for the medium prime case application to 1175-bit and 1425-bit finite fields. In EUROCRYPT, pages 177--193, 2013.Google ScholarCross Ref
- S. Kamara, P. Mohassel, and M. Raykova. Outsourcing multi-party computation. IACR Cryptology ePrint Archive, 2011:272, 2011.Google Scholar
- S. Kamara, P. Mohassel, and B. Riva. Salus: a system for server-aided secure function evaluation. In CCS, pages 797--808, 2012. Google ScholarDigital Library
- J. Katz, A. Sahai, and B. Waters. Predicate encryption supporting disjunctions, polynomial equations, and inner products. In EUROCRYPT, pages 146--162, 2008. Google ScholarDigital Library
- B. Kreuter, B. Mood, A. Shelat, and K. Butler. Pcf: A portable circuit format for scalable two-party secure computation. USENIX Security, 2013. Google ScholarDigital Library
- B. Kreuter, A. Shelat, and C.-H. Shen. Billion-gate secure computation with malicious adversaries. In USENIX Security, pages 14--14, 2012. Google ScholarDigital Library
- Y. Lindell. Fast cut-and-choose based protocols for malicious and covert adversaries. In CRYPTO, pages 1--17. 2013.Google ScholarCross Ref
- D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay-secure two-party computation system. In USENIX Security, pages 287--302, 2004. Google ScholarDigital Library
- A. Manichaikul, J. C. Mychaleckyj, S. S. Rich, K. Daly, M. Sale, and W.-M. Chen. Robust relationship inference in genome-wide association studies. Bioinformatics, 26(22):2867--2873, 2010. Google ScholarDigital Library
- V. Nikolaenko, S. Ioannidis, U. Weinsberg, M. Joye, N. Taft, and D. Boneh. Privacy-preserving matrix factorization. In CCS, pages 801--812, 2013. Google ScholarDigital Library
- V. Nikolaenko, U. Weinsberg, S. Ioannidis, M. Joye, D. Boneh, and N. Taft. Privacy-preserving ridge regression on hundreds of millions of records. In IEEE S&P, pages 334--348, 2013. Google ScholarDigital Library
- T. Okamoto and K. Takashima. Fully secure functional encryption with general relations from the decisional linear assumption. In CRYPTO 2010, number 6223, pages 191--208. 2010. Google ScholarDigital Library
- A. O'Neill. Definitional issues in functional encryption. Cryptology ePrint Archive, Report 2010/556, 2010.Google Scholar
- C. Peikert, V. Vaikuntanathan, and B. Waters. A framework for efficient and composable oblivious transfer. In CRYPTO 2008, number 5157, pages 554--571. 2008. Google ScholarDigital Library
- M. Prabhakaran and M. Rosulek. Rerandomizable rcca encryption. In CRYPTO, pages 517--534, 2007. Google ScholarDigital Library
- A. Sahai and H. Seyalioglu. Worry-free encryption: functional encryption with public keys. In CCS, pages 463--472, 2010. Google ScholarDigital Library
- A. Sahai and B. Waters. Fuzzy identity-based encryption. In EUROCRYPT, pages 457--473, 2005. Google ScholarDigital Library
- D. Szajda, M. Pohl, J. Owen, B. G. Lawson, and V. Richmond. Toward a practical data privacy scheme for a distributed implementation of the smith-waterman genome sequence comparison algorithm. In NDSS, 2006.Google Scholar
- R. Wang, X. Wang, Z. Li, H. Tang, M. K. Reiter, and Z. Dong. Privacy-preserving genomic computation through program specialization. In CCS, pages 338--347, 2009. Google ScholarDigital Library
- A. C.-C. Yao. How to generate and exchange secrets. In FOCS, pages 162--167, 1986. Google ScholarDigital Library
- S. Zahur and D. Evans. Circuit structures for improving efficiency of security and privacy tools. In IEEE S&P, pages 493--507, 2013. Google ScholarDigital Library
Index Terms
- Controlled Functional Encryption
Recommendations
Worry-free encryption: functional encryption with public keys
CCS '10: Proceedings of the 17th ACM conference on Computer and communications securityIn this work, we put forward the notion of Worry-Free Encryption. This allows Alice to encrypt confidential information under Bob's public key and send it to him, without having to worry about whether Bob has the authority to actually access this ...
Publicly Auditable Functional Encryption
Applied Cryptography and Network SecurityAbstractWe introduce the notion of publicly auditable functional encryption (PAFE). Compared to standard functional encryption, PAFE operates in an extended setting that includes an entity called auditor, besides key-generating authority, encryptor, and ...
Functional encryption for inner product: achieving constant-size ciphertexts with adaptive security or support for negation
PKC'10: Proceedings of the 13th international conference on Practice and Theory in Public Key CryptographyIn functional encryption (FE) schemes, ciphertexts and private keys are associated with attributes and decryption is possible whenever key and ciphertext attributes are suitably related. It is known that expressive realizations can be obtained from a ...
Comments