Campus Event Calendar: Vincenzo Iovino (09/04/2013 in E1 4/024)

Campus Event Calendar

Campus Event Calendar:
- All Upcoming:
  - only for D1
  - only for D2
  - only for INET
  - only for D4
  - only for D5
  - only for D6
  - only for RG1
  - Mailing Lists
  - by Speaker
  - by Type
  - by Category
  - by Title
  - Calendar
  - RSS Feed
- History of Events:

Event Entry

New for: D1, D2, D3, D4, D5

What and Who

On the Achievability of Simulation-based Security for Functional Encryption

Vincenzo Iovino

Universita di Salerno

SWS Colloquium

AG 1, AG 2, AG 3, AG 4, AG 5, SWS, RG1, MMCI

Expert Audience

English

Note: We use this to send email in the morning.

Date, Time and Location

Wednesday, 4 September 2013

15:00

60 Minutes

E1 4

024

Saarbrücken

Warning: New Room!

Abstract

Let F:K×M→∑ be a functionality, where K is the key space and M is the message space and Σ is the output space.Then a functional encryption (FE) scheme for F is a special encryption scheme in which, for every key k∈K, the owner of the master secret key Msk associated with the public key Pk can generate a special key or “token” Tok that allows the computation of F(k,m) from a ciphertext of m computed under public key Pk. In other words, whereas in traditional encryption schemes decryption is an all-or-nothing affair, in FE it is possible to finely control thea mount of information that is revealed by a ciphertext.
Unlike traditional encryption, for FE indistinguishability-security is not equivalent to simulation-based security.
This work attempts to clarify to what extent simulation-based security (SIM-security) is achievable for functional encryption and its relation to the weaker indistinguishability-based security (IND-security). Our main result is a compiler that transforms any FE scheme for the general circuit functionality (which we denote by circuit-FE) meeting IND-security to a circuit-FE scheme meeting SIM-security, where:

In the random oracle model, the resulting scheme is secure for an unbounded number of encryption and key queries, which is the strongest security level one can ask for.

In the standard model, the resulting scheme is secure for a bounded number of encryption and non-adaptive key queries, but an unbounded number of adaptive key queries.

This matches known impossibility results and improves upon Gorbunov et al. [CRYPTO'12] (which is only secure for non-adaptive key queries).
Our compiler is inspired by the celebrated Fiat-Lapidot-Shamir paradigm [FOCS'90] for obtaining zero-knowledge proof systems from witness-indistinguishable proof systems.
We also give a tailored construction of SIM-secure hidden vector encryption (HVE) in composite-order bilinear groups. Finally, we revisit the known negative results for SIM-secure FE, extending them to natural weakenings of the security definition and thus providing essentially a full picture of the achievability of FE.

We conclude with open problems and future challenges in the area.

Contact

Brigitta Hansen

0681 93039102

--email hidden

System used:

Meeting URL:

Meeting ID:

Passcode:

passcode not visible

Code Visible for:

logged in users only

Christian Klein, 10/13/2016 17:30
Carina Schmitt, 10/13/2016 17:27
Brigitta Hansen, 09/03/2013 10:06
Brigitta Hansen, 08/22/2013 15:58 -- Created document.

Imprint / Impressum | Data Protection / Datenschutzhinweis