TY - GEN
T1 - Security with Functional Re-encryption from CPA
AU - Dodis, Yevgeniy
AU - Halevi, Shai
AU - Wichs, Daniel
N1 - Publisher Copyright:
© 2023, International Association for Cryptologic Research.
PY - 2023
Y1 - 2023
N2 - The notion of functional re-encryption security (funcCPA) for public-key encryption schemes was recently introduced by Akavia et al. (TCC’22), in the context of homomorphic encryption. This notion lies in between CPA security and CCA security: we give the attacker a functional re-encryption oracle instead of the decryption oracle of CCA security. This oracle takes a ciphertext ct and a function f, and returns fresh encryption of the output of f applied to the decryption of ct ; in symbols, ct′= Enc (f(Dec (ct) ) ). More generally, we even allow for a multi-input version, where the oracle takes an arbitrary number of ciphertexts ct1, … ctℓ and outputs ct′= Enc (f(Dec (ct1), …, Dec (ctℓ) ) ). In this work we observe that funcCPA security may have applications beyond homomorphic encryption, and set out to study its properties. As our main contribution, we prove that funcCPA is “closer to CPA than to CCA”; that is, funcCPA secure encryption can be constructed in a black-box manner from CPA-secure encryption. We stress that, prior to our work, this was not known even for basic re-encryption queries corresponding to the identity function f. At the core of our result is a new technique, showing how to handle adaptive functional re-encryption queries using tools previously developed in the context of non-malleable encryption, which roughly corresponds to a single non-adaptive parallel decryption query.
AB - The notion of functional re-encryption security (funcCPA) for public-key encryption schemes was recently introduced by Akavia et al. (TCC’22), in the context of homomorphic encryption. This notion lies in between CPA security and CCA security: we give the attacker a functional re-encryption oracle instead of the decryption oracle of CCA security. This oracle takes a ciphertext ct and a function f, and returns fresh encryption of the output of f applied to the decryption of ct ; in symbols, ct′= Enc (f(Dec (ct) ) ). More generally, we even allow for a multi-input version, where the oracle takes an arbitrary number of ciphertexts ct1, … ctℓ and outputs ct′= Enc (f(Dec (ct1), …, Dec (ctℓ) ) ). In this work we observe that funcCPA security may have applications beyond homomorphic encryption, and set out to study its properties. As our main contribution, we prove that funcCPA is “closer to CPA than to CCA”; that is, funcCPA secure encryption can be constructed in a black-box manner from CPA-secure encryption. We stress that, prior to our work, this was not known even for basic re-encryption queries corresponding to the identity function f. At the core of our result is a new technique, showing how to handle adaptive functional re-encryption queries using tools previously developed in the context of non-malleable encryption, which roughly corresponds to a single non-adaptive parallel decryption query.
UR - http://www.scopus.com/inward/record.url?scp=85178581772&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85178581772&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-48618-0_10
DO - 10.1007/978-3-031-48618-0_10
M3 - Conference contribution
AN - SCOPUS:85178581772
SN - 9783031486173
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 279
EP - 305
BT - Theory of Cryptography - 21st International Conference, TCC 2023, Proceedings
A2 - Rothblum, Guy
A2 - Wee, Hoeteck
PB - Springer Science and Business Media Deutschland GmbH
T2 - 21st International conference on Theory of Cryptography Conference, TCC 2023
Y2 - 29 November 2023 through 2 December 2023
ER -