Forget homomorphic encryption, here comes functional encryption

Date: 
Wednesday, December 11, 2019

Extended version in Kudelski Security

Author: Yolan Romailler (Kudelski Security)

Have you ever heard of Functional Encryption (FE)? If so, you may be associating it with some sort of homomorphic encryption, which is not wrong, but not exactly right neither.

Let us see today what FE is along with a few examples, roughly how it differs from Fully Homomorphic Encryption, and how the FENTEC project is working on it!

Now, let us define what we mean when we are talking about FE. It is only recently, in 2010, that  Dan Boneh, Amit Sahai and Brent Waters formalized the notion of functional encryption. We can roughly describe FE by saying it is a public-key encryption scheme with different decryption keys allowing a user to learn specific functions of the encrypted data.

So, in an FE scheme for function , an authority holding a master key generates a key  that enables the computation of the function  on encrypted data, so that an evaluator knowing a ciphertext  of the data  and the key  is able to compute , but without being able to learn anything more than the result of the function evaluation about.

(...)

The FENTEC project

Now, you may wonder: what is this FENTEC project he’s talking about? Well, it is a project that received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 780108, and whose goal is to further develop Functional Encryption Technologies as an  alternative to the all-or-nothing approach of traditional encryption systems. (That is: either you have encryption, or you don’t, there were no middle ground until Functional Encryption.)

The project brings together multiple universities and industrial partners in order to design and implement efficient, innovative FE systems which are application oriented and can be used in a wide range of scenarios. Kudelski Security’s research team is glad to be one of the industrial partners taking part in the FENTEC project, which will last 36 months. The project officially started in January 2018 and will thus end in December 2020.

Back to FE

Due to its generality, functional encryption encompasses and unifies many other advanced encryption schemes that used to be studied independently, such as identity-based encryptionsearchable public-key encryptionhidden-vector encryptionidentity-based encryption with wildcardsattribute-based encryption, and inner-product functional encryption.

While FE schemes are still very young, a lot of things happened since 2010 and there are now quite a few interesting schemes allowing for functionalities that seemed hard to achieve 8 years ago. It has now come to a point where certain cryptography conferences even have a session named “Functional Encryption”!

Let us take a look at several different types of functional encryption schemes. For example:

  • Inner product functional encryption (IPFE) schemes, where the plaintext is a vector and the encrypted data can be used along with an evaluation key to compute the inner product of the said vector with another vector. There are multiple variants of IPFE actually: multi-clients, multi-inputs, decentralized, function hiding, etc.
  • Attribute-based encryption (ABE) schemes, where the encrypted data is linked with a set of attributes and secret keys along with certain policies that allow to control which ciphertexts can be decrypted depending on the attributes we possess.
  • “General-purpose” FE schemes, that allow to evaluate any kind of function  (or circuit, depending on the scheme) on the encrypted data . (I wish we’d call these “Fully Functional Encryption schemes”, even if they don’t really work in practice)

However, it is also important to notice here that while there has been a lot of work focused on the theoretical aspects of FE in order to go as far as we can, all the general-purpose FE schemes are currently too inefficient for practical usages. This is also one of the focuses of the FENTEC project: making FE usable in practice by designing and implementing practical schemes that can be used in industrial use-cases. This objective is supported by the design and implementation of new schemes, allowing for richer functionalities and practical instantiations, but also by designing dedicated co-processors that can further accelerate the required computations, in order to be able to bridge the theory with the practice. You can read more about the hardware components of the project in this FENTEC blog post.

Wanna use FE today? Please, do.

(...)