Skip to main content
Springer Nature Link
Log in

Function-Hiding Inner Product Encryption Is Practical

  • Conference paper
  • First Online:
Security and Cryptography for Networks (SCN 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11035))

Included in the following conference series:

Abstract

In a functional encryption scheme, secret keys are associated with functions and ciphertexts are associated with messages. Given a secret key for a function f, and a ciphertext for a message x, a decryptor learns f(x) and nothing else about x. Inner product encryption is a special case of functional encryption where both secret keys and ciphertext are associated with vectors. The combination of a secret key for a vector \({\mathbf {x}}\) and a ciphertext for a vector \(\mathbf {y}\) reveal \(\langle {\mathbf {x}}, \mathbf {y}\rangle \) and nothing more about \(\mathbf {y}\). An inner product encryption scheme is function-hiding if the keys and ciphertexts reveal no additional information about both \({\mathbf {x}}\) and \(\mathbf {y}\) beyond their inner product.

In the last few years, there has been a flurry of works on the construction of function-hiding inner product encryption, starting with the work of Bishop, Jain, and Kowalczyk (Asiacrypt 2015) to the more recent work of Tomida, Abe, and Okamoto (ISC 2016). In this work, we focus on the practical applications of this primitive. First, we show that the parameter sizes and the run-time complexity of the state-of-the-art construction can be further reduced by another factor of 2, though we compromise by proving security in the generic group model. We then show that function privacy enables a number of applications in biometric authentication, nearest-neighbor search on encrypted data, and single-key two-input functional encryption for functions over small message spaces. Finally, we evaluate the practicality of our encryption scheme by implementing our function-hiding inner product encryption scheme. Using our construction, encryption and decryption operations for vectors of length 50 complete in a tenth of a second in a standard desktop environment.

The full version of this paper is available at https://eprint.iacr.org/2016/440.pdf.

K. Lewi—Work done while at Stanford University.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Lin and Vaikuntanathan [47] subsequently showed how to generically boost function-hiding IPE schemes that satisfy this weaker notion of security to one that satisfies the full notion of security. Their generic transformation introduces a factor of 2 overhead in the length of the secret keys and ciphertexts.

  2. 2.

    This setting where the functionality f is fixed in advance is referred to as the single-key setting.

  3. 3.

    This limitation arises because the underlying FE scheme is only secure against “bounded collusions,” i.e., secure if the adversary makes a bounded number of key generation queries. After applying the single-input-to-multi-input transformation, this translates into an additional restriction on the number of ciphertexts the adversary can request.

  4. 4.

    Recently, Lewi and Wu [46] along with Joye and Passelègue [40] independently gave constructions of order-revealing encryption from one-way functions in the small-message-space setting. While the techniques of [46] can be further extended to work for any two-input functionalities, their construction necessarily reveals whether two ciphertexts encrypt the same underlying value. The construction we propose applies more generally to arbitrary two-input functionality without this limitation.

  5. 5.

    On certain classes of pairing curves, there are indeed non-generic attacks [44]. Nonetheless, there still remains a large class of pairing curves where there are no known non-generic attacks that perform significantly better than the generic ones.

  6. 6.

    Our open-source implementation is available at https://github.com/kevinlewi/fhipe.

  7. 7.

    There are many lower bounds [5, 21] for the types of functional encryption that can be achieved under a simulation-based definition in the standard model. These lower bounds do not apply in idealized models such as the generic group model. See Remark 6 for additional details.

References

  1. Abdalla, M., Bourse, F., De Caro, A., Pointcheval, D.: Simple functional encryption schemes for inner products. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 733–751. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46447-2_33

    Chapter  Google Scholar 

  2. Abdalla, M., Raykova, M., Wee, H.: Multi-input inner-product functional encryption from pairings. Cryptology ePrint Archive, Report 2016/425 (2016). http://eprint.iacr.org/

  3. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: ACM SIGMOD (2004)

    Google Scholar 

  4. Agrawal, S., Agrawal, S., Badrinarayanan, S., Kumarasubramanian, A., Prabhakaran, M., Sahai, A.: On the practical security of inner product functional encryption. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 777–798. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46447-2_35

    Chapter  Google Scholar 

  5. Agrawal, S., Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption: new perspectives and lower bounds. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 500–518. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_28

    Chapter  Google Scholar 

  6. Agrawal, S., Libert, B., Stehlé, D.: Fully secure functional encryption for inner products, from standard assumptions. IACR Cryptology ePrint Archive, 2015 (2015)

    Google Scholar 

  7. Akinyele, J.A., et al.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. 3(2), 111–128 (2013)

    Article  Google Scholar 

  8. Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 308–326. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_15

    Chapter  Google Scholar 

  9. Aranha, D.F., Fuentes-Castañeda, L., Knapp, E., Menezes, A., Rodríguez-Henríquez, F.: Implementing pairings at the 192-bit security level. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 177–195. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36334-4_11

    Chapter  Google Scholar 

  10. Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_30

    Chapter  Google Scholar 

  11. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE S&P (2007)

    Google Scholar 

  12. Bishop, A., Jain, A., Kowalczyk, L.: Function-hiding inner product encryption. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 470–491. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_20

    Chapter  Google Scholar 

  13. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13

    Chapter  Google Scholar 

  14. Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_33

    Chapter  Google Scholar 

  15. Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26

    Chapter  Google Scholar 

  16. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_3

    Chapter  Google Scholar 

  17. Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  18. Boneh, D., Lewi, K., Raykova, M., Sahai, A., Zhandry, M., Zimmerman, J.: Semantically secure order-revealing encryption: multi-input functional encryption without obfuscation. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 563–594. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_19

    Chapter  Google Scholar 

  19. Boneh, D., Raghunathan, A., Segev, G.: Function-private identity-based encryption: hiding the function in functional encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 461–478. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_26

    Chapter  MATH  Google Scholar 

  20. Boneh, D., Raghunathan, A., Segev, G.: Function-private subspace-membership encryption and its applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 255–275. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_14

    Chapter  Google Scholar 

  21. Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16

    Chapter  Google Scholar 

  22. Brakerski, Z., Komargodski, I., Segev, G.: From single-input to multi-input functional encryption in the private-key setting. IACR Cryptology ePrint Archive, 2015 (2015)

    Google Scholar 

  23. Brakerski, Z., Segev, G.: Function-private functional encryption in the private-key setting. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 306–324. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_12

    Chapter  Google Scholar 

  24. Chenette, N., Lewi, K., Weis, S.A., Wu, D.J.: Practical order-revealing encryption with limited leakage. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 474–493. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_24

    Chapter  MATH  Google Scholar 

  25. Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45325-3_32

    Chapter  Google Scholar 

  26. Costello, C.: Particularly friendly members of family trees. IACR Cryptology ePrint Archive, 2012 (2012)

    Google Scholar 

  27. Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM CCS (2006)

    Google Scholar 

  28. Datta, P., Dutta, R., Mukhopadhyay, S.: Functional encryption for inner product with full function privacy. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 164–195. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49384-7_7

    Chapter  Google Scholar 

  29. Freeman, D., Scott, M., Teske, E.: A taxonomy of pairing-friendly elliptic curves. J. Cryptol. 23(2), 224–280 (2010)

    Article  MathSciNet  Google Scholar 

  30. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS (2013)

    Google Scholar 

  31. Garg, S., Gentry, C., Halevi, S., Zhandry, M.: Functional encryption without obfuscation. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 480–511. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_18

    Chapter  Google Scholar 

  32. Goh, E.: Secure indexes. IACR Cryptology ePrint Archive, 2003 (2003)

    Google Scholar 

  33. Goldwasser, S., et al.: Multi-input functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_32

    Chapter  Google Scholar 

  34. Goldwasser, S., Kalai, Y.T., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: STOC (2013)

    Google Scholar 

  35. Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multi-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_11

    Chapter  Google Scholar 

  36. Gorbunov, S., Vaikuntanathan, V., Wee, H.: Attribute-based encryption for circuits. In: STOC (2013)

    Google Scholar 

  37. Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 503–523. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_25

    Chapter  Google Scholar 

  38. Hart, W., Johansson, F., Pancratz, S.: FLINT: fast Library for Number Theory (2013). Version 2.4.0: http://flintlib.org

  39. Joux, A.: A one round protocol for tripartite Diffie–Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–393. Springer, Heidelberg (2000). https://doi.org/10.1007/10722028_23

    Chapter  Google Scholar 

  40. Joye, M., Passelègue, A.: Practical trade-offs for multi-input functional encryption. IACR Cryptology ePrint Archive, 2016 (2016)

    Google Scholar 

  41. Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_9

    Chapter  Google Scholar 

  42. Kim, S., Kim, J., Seo, J.H.: A new approach for practical function-private inner product encryption. IACR Cryptology ePrint Archive 2017:4 (2017)

    Google Scholar 

  43. Kim, S., Lewi, K., Mandal, A., Montgomery, H.W., Roy, A., Wu, D.J.: Function-hiding inner product encryption is practical. IACR Cryptology ePrint Archive 2016:440 (2016)

    Google Scholar 

  44. Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543–571. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_20

    Chapter  Google Scholar 

  45. Lee, K., Lee, D.H.: Two-input functional encryption for inner products from bilinear maps. IEICE Trans. 101–A(6), 915–928 (2018)

    Article  Google Scholar 

  46. Lewi, K., Wu, D.J.: Order-revealing encryption: new constructions, applications, and lower bounds. In: ACM CCS (2016, to appear)

    Google Scholar 

  47. Lin, H., Vaikuntanathan, V.: Indistinguishability obfuscation from DDH-like assumptions on constant-degree graded encodings. In: FOCS, pp. 11–20 (2016)

    Google Scholar 

  48. Lynn, B.: The pairing-based cryptography library. Internet: crypto. stanford. edu/pbc/[Mar. 27, 2013] (2006)

    Google Scholar 

  49. Miller, V.S.: The weil pairing, and its efficient calculation. J. Cryptol. 17(4), 235–261 (2004)

    Article  MathSciNet  Google Scholar 

  50. Nechaev, V.: Complexity of a determinate algorithm for the discrete logarithm. Math. Notes 55, 165–172 (1994)

    Article  MathSciNet  Google Scholar 

  51. Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_8

    Chapter  Google Scholar 

  52. Okamoto, T., Takashima, K.: Homomorphic encryption and signatures from vector decomposition. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 57–74. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85538-5_4

    Chapter  Google Scholar 

  53. Okamoto, T., Takashima, K.: Hierarchical predicate encryption for inner-products. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 214–231. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_13

    Chapter  Google Scholar 

  54. Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_11

    Chapter  Google Scholar 

  55. Okamoto, T., Takashima, K.: Fully secure unbounded inner-product and attribute-based encryption. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 349–366. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_22

    Chapter  Google Scholar 

  56. O’Neill, A.: Definitional issues in functional encryption. IACR Cryptology ePrint Archive, 2010 (2010)

    Google Scholar 

  57. Pandey, O., Rouselakis, Y.: Property preserving symmetric encryption. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 375–391. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_23

    Chapter  Google Scholar 

  58. Ramanna, S.C.: More efficient constructions for inner-product encryption. IACR Cryptology ePrint Archive, 2016 (2016)

    Google Scholar 

  59. Sahai, A., Seyalioglu, H.: Worry-free encryption: functional encryption with public keys. In: ACM CCS (2010)

    Google Scholar 

  60. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    Chapter  Google Scholar 

  61. Shanks, D.: Class number, a theory of factorization, and genera. In: Proceedings of Symposium in Pure Mathematics (1971)

    Google Scholar 

  62. Shen, E., Shi, E., Waters, B.: Predicate privacy in encryption systems. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 457–473. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_27

    Chapter  Google Scholar 

  63. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_18

    Chapter  Google Scholar 

  64. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE S&P (2000)

    Google Scholar 

  65. Tomida, J., Abe, M., Okamoto, T.: Efficient functional encryption for inner-product values with full-hiding security. In: Bishop, M., Nascimento, A.C.A. (eds.) ISC 2016. LNCS, vol. 9866, pp. 408–425. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45871-7_24

    Chapter  Google Scholar 

  66. Waters, B.: A punctured programming approach to adaptively secure functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 678–697. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_33

    Chapter  Google Scholar 

Download references

Acknowledgments

This work was supported by NSF, DARPA, the Simons foundation, a grant from ONR, and an NSF Graduate Research Fellowship. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA.

Author information

Authors and Affiliations

  1. Stanford University, Stanford, USA

    Sam Kim & David J. Wu

  2. Facebook, Menlo Park, USA

    Kevin Lewi

  3. Fujitsu Laboratories of America, Sunnyvale, USA

    Avradip Mandal, Hart Montgomery & Arnab Roy

Authors
  1. Sam Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kevin Lewi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Avradip Mandal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hart Montgomery
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Arnab Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. David J. Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David J. Wu .

Editor information

Editors and Affiliations

  1. University of Catania, Catania, Italy

    Dario Catalano

  2. University of Salerno, Fisciano, Italy

    Roberto De Prisco

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kim, S., Lewi, K., Mandal, A., Montgomery, H., Roy, A., Wu, D.J. (2018). Function-Hiding Inner Product Encryption Is Practical. In: Catalano, D., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2018. Lecture Notes in Computer Science(), vol 11035. Springer, Cham. https://doi.org/10.1007/978-3-319-98113-0_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98113-0_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98112-3

  • Online ISBN: 978-3-319-98113-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics