Functional Encryption : Constructions and Lower Bounds by Sergey Gorbunov

Functional Encryption: Constructions and Lower Bounds Sergey Gorbunov Master of Science Graduate Department of Computer Science University of Toronto 2012 Functional encryption is an emerging paradigm for public-key encryption that enables finegrained control of access to encrypted data. Given a secret key for a circuit C and an encryption of an input message x, a user should be able to learn the output C(x), but nothing else about the input x. Moreover, security should hold against collusions amongst “key holders”, namely, a collusion of users that hold secret keys for circuits C1, . . . , Cq and an encryption of x should be able to learn C1(x), . . . , Cq(x), but nothing else about x. In this work, we address the question of constructing functional encryption for all polynomial-size circuits. Our main contributions are as follows: • We show that a general functional encryption for all circuits for unbounded collusions is impossible, under a weak simulation-based security definition. Furthermore, we show that the size of the ciphertext in a functional encryption scheme must grow with the number of collusions. • We construct a functional encryption scheme secure against an a-priori bounded polynomial number of collusions for all polynomial-size circuits. Our constructions require only semantically secure public-key encryption schemes and pseudorandom generators computable by small-depth circuits. The constructions are secure under a strong adaptive simulation-based security notion.