controlled functional encryption
DESCRIPTION
Controlled Functional Encryption. Muhammad Naveed , Shashank Agrawal , Manoj Prabhakaran , Xiaofeng Wang, Erman Ayday , Jean-Pierre Hubaux , Carl A. Gunter. Overview. Describe the problem we want to solve. Why existing tools like SMPC and FE are not quite right. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/1.jpg)
Controlled Functional EncryptionMuhammad Naveed, Shashank Agrawal, Manoj Prabhakaran, Xiaofeng Wang, Erman Ayday, Jean-Pierre Hubaux, Carl A. Gunter
![Page 2: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/2.jpg)
Overview
Describe the problem we want to solve.Why existing tools like SMPC and FE are not quite right.Define Controlled Functional Encryption (CFE).Discuss applications and constructions.
![Page 3: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/3.jpg)
Goal
To come up with a new model of Functional Encryption which is simple, realistic, and allows the design of very efficient protocols.
![Page 4: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/4.jpg)
Motivation
Havasupai tribe and the lawsuit settlement aftermath
In 1989, researchers from ASU partnered with the Havasupai Tribe, a community with high rates of Type II Diabetes, to study links between genes and diabetes risk. When the researchers were not successful in finding a genetic link, they used the DNA from blood samples for other unrelated studies such as schizophrenia, migration, and inbreeding, all of which are tabootopics for the Havasupai.
Source: http://genetics.ncai.org/case-study/havasupai-Tribe.cfm
![Page 5: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/5.jpg)
Volunteer
Contribute to scientific research by providing my genomic data.
Doesn’t trust anyone with my entire data.
Enforce policies like: Only certain kinds of
experiments can be run. My data should be available
only for an year. Any researcher is allowed to
run only 5 experiments.
![Page 6: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/6.jpg)
Scientist
I would like to conduct experiments, but with appropriate consent.
I do not want to reveal the design of my experiments.
Could be malicious!
![Page 7: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/7.jpg)
Two-party Computation
When a scientist wants to conduct an experiment, he contacts the volunteer, and they engage in 2-party secure computation.
Good Does handle privacy concerns of both volunteers and scientists. Efficient methods now known (using Garbled circuits, for e.g.)
Bad Many scientists in the world, conduct experiments at different times. Inconvenient for scientists if a small time-frame is provided.
![Page 8: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/8.jpg)
Functional Encryption
MSK, MPK
Alice
MPK MPK
ENC (m)
Bob
𝑓 ∈𝐹
𝑆𝐾 𝑓
DEC ( ENC(m) ) = f(m)
𝑚∈𝑀
Trusted Authority
![Page 9: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/9.jpg)
Functional Encryption
How it would work? Authority generates (MPK, MSK). Volunteer encrypts her data under MPK, provides it to a scientist. Authority issues keys corresponding to the function scientist would like to evaluate.
Good Scientists can only evaluate the function for which a key is given. Volunteer’s burden reduced substantially.
Bad No efficient schemes for computing functions of interest (e.g. actual value of inner
product). Enforcing policies like bounded usage.
![Page 10: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/10.jpg)
Controlled Functional Encryption
![Page 11: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/11.jpg)
Controlled Functional Encryption
![Page 12: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/12.jpg)
Security
Malicious scientist, semi-honest central authority.
Assumption: Scientists and authority don’t collude.
Ideal-real world simulation based security definition.
Function hiding and function revealing.
![Page 13: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/13.jpg)
Applications
![Page 14: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/14.jpg)
Actual value of Inner-product
Think of a genome as a huge vector of small numbers X.
Let V be another vector of the same length.
Computing <V, X> allows us to check for disease susceptibility, patient similarity, etc.
![Page 15: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/15.jpg)
Protocol
MPK, MSKX+R, Enc (R, Pol, MPK)
V, Enc (R, Pol, MPK)
<V, R>
<V, X+R> - <V, R>
X
V
![Page 16: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/16.jpg)
General Construction
Input of scientist: f – any function Input of volunteer: xOutput: F (f, x) = f (x)Two party computation using Garbled circuits:
Authority has input MSK Client has input f, y = Enc(x) Compute F ( f, Dec (y) ) – circuit becomes big
A new method that avoids decryption. Authority and client together compute F ( f, x ) only
![Page 17: Controlled Functional Encryption](https://reader038.vdocuments.us/reader038/viewer/2022103007/568143a6550346895db02c68/html5/thumbnails/17.jpg)
Thank you.