LIPIcs.ICALP.2017.36.pdf
- Filesize: 0.59 MB
- 13 pages
We provide a single-key functional encryption scheme for Deterministic Finite Automata (DFA). The secret key of our scheme is associated with a DFA M, and a ciphertext is associated with an input x of arbitrary length. The decryptor learns M(x) and nothing else. The ciphertext and key sizes achieved by our scheme are optimal – the size of the public parameters is independent of the size of the machine or data being encrypted, the secret key size depends only on the machine size and the ciphertext size depends only on the input size. Our scheme achieves full functional encryption in the “private index model”, namely the entire input x is hidden (as against x being public and a single bit b being hidden). Our single key FE scheme can be compiled with symmetric key encryption to yield reusable garbled DFAs for arbitrary size inputs, that achieves machine and input privacy along with reusability under a strong simulation based definition of security. We generalize this to a functional encryption scheme for Turing machines TMFE which has short public parameters that are independent of the size of the machine or the data being encrypted, short function keys, and input-specific decryption time. However, the ciphertext of our construction is large and depends on the worst case running time of the Turing machine (but not its description size). These provide the first FE schemes that support unbounded length inputs, allow succinct public and function keys and rely on LWE. Our construction relies on a new and arguably natural notion of decomposable functional encryption which may be of independent interest.
Feedback for Dagstuhl Publishing