Towards Constructing Functional Encryption from Standard Assumptions

Functional Encryption (FE) is a generalisation of public key encryption where the secret key corresponds to a function f, the ciphertext corresponds to some input x, and decryption enables a user to recover f(x) and nothing more.

There has been a lot of activity in the cryptographic community for constructing FE. The two prevalent approaches are 1) Assuming the existence of indistinguishability obfuscation (iO) or multilinear maps: most known candidates have been broken, and hardness of those that survive is poorly understood. 2) Based on standard assumptions: best known constructions achieve FE for general Boolean circuits [GKPVZ13,GVW15], but with restrictions on the adversary in the security game. 

In this talk, I will discuss new approaches to constructing FE. Our focus is arithmetic circuits, general adversaries and standard assumptions, but we restrict the class of functions that is supported. I will discuss how to build FE to support bounded degree polynomials, where non-succinct ciphertext can be achieved by relying on LWE and succinct ciphertext can be achieved by additionally relying on some non-standard assumptions. I will discuss the barriers to basing the succinct ciphertext construction on standard assumptions alone.

Partly based on a joint work with Alon Rosen.