Practical CCA-Secure Functional Encryptions for Deterministic Functions

Functional encryption (FE) can implement fine-grained control to encrypted plaintext via permitting users to compute only some specified functions on the encrypted plaintext using private keys with respect to those functions. Recently, many FEs were put forward; nonetheless, most of them cannot resist chosen-ciphertext attacks (CCAs), especially for those in the secret-key settings. This changed with the work, i.e., a generic transformation of public-key functional encryption (PK-FE) from chosen-plaintext (CPA) to chosen-ciphertext (CCA), where the underlying schemes are required to have some special properties such as restricted delegation or verifiability features. However, examples for such underlying schemes with these features have not been found so far. Later, a CCA-secure functional encryption from projective hash functions was proposed, but their scheme only applies to inner product functions. To construct such a scheme, some nontrivial techniques will be needed. Our key contribution in this work is to propose CCA-secure functional encryptions in the PKE and SK environment, respectively. In the existing generic transformation from (adaptively) simulation-based CPA- (SIM-CPA-) secure ones for deterministic functions to (adaptively) simulation-based CCA- (SIM-CCA-) secure ones for randomized functions, whether the schemes were directly applied to CCA settings for deterministic functions is not implied. We give an affirmative answer and derive a SIM-CCA-secure scheme for deterministic functions by making some modifications on it. Again, based on this derived scheme, we also propose an (adaptively) indistinguishable CCA- (IND-CCA-) secure SK-FE for deterministic functions. The final results show that our scheme can be instantiated under both nonstandard assumptions (e.g., hard problems on multilinear maps and indistinguishability obfuscation (IO)) and under standard assumptions (e.g., DDH, RSA, LWE, and LPN).

An Adaptively Secure Functional Encryption for Randomized Functions

Functional encryption (FE) can provide a fine-grained access control on the encrypted message. Therefore, it has been applied widely in security business. The previous works about functional encryptions most focused on the deterministic functions. The randomized algorithm has wide application, such as securely encryption algorithms against chosen ciphertext attack, privacy-aware auditing. Based on this, FE for randomized functions was proposed. The existing constructions are provided in a weaker selective security model, where the adversary is forced to output the challenge message before the start of experiment. This security is not enough in some scenes. In this work, we present a novel construction for FE, which supports the randomized functionalities. We use the technology of key encapsulated mechanism to achieve adaptive security under the simulated environment, where the adversary is allowed to adaptively choose the challenge message at any point in time. Our construction is built based on indistinguishability obfuscation, non-interactive witness indistinguishable proofs and perfectly binding commitment scheme.

Multiparty Non-Interactive Key Exchange and More From Isogenies on Elliptic Curves

We describe a framework for constructing an efficient non-interactive key exchange (NIKE) protocol for n parties for any n ≥ 2. Our approach is based on the problem of computing isogenies between isogenous elliptic curves, which is believed to be difficult. We do not obtain a working protocol because of a missing step that is currently an open mathematical problem. What we need to complete our protocol is an efficient algorithm that takes as input an abelian variety presented as a product of isogenous elliptic curves, and outputs an isomorphism invariant of the abelian variety.Our framework builds a cryptographic invariant map, which is a new primitive closely related to a cryptographic multilinear map, but whose range does not necessarily have a group structure. Nevertheless, we show that a cryptographic invariant map can be used to build several cryptographic primitives, including NIKE, that were previously constructed from multilinear maps and indistinguishability obfuscation.