1 / 17

Controlled Functional Encryption

Controlled Functional Encryption. Muhammad Naveed , Shashank Agrawal , Manoj Prabhakaran , Xiaofeng Wang, Erman Ayday , Jean-Pierre Hubaux , Carl A. Gunter. Overview. Describe the problem we want to solve. Why existing tools like SMPC and FE are not quite right.

mervyn
Télécharger la présentation

Controlled Functional Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Controlled Functional Encryption Muhammad Naveed, Shashank Agrawal, ManojPrabhakaran, Xiaofeng Wang, ErmanAyday, Jean-Pierre Hubaux, Carl A. Gunter

  2. Overview • Describe the problem we want to solve. • Why existing tools like SMPC and FE are not quite right. • Define Controlled Functional Encryption (CFE). • Discuss applications and constructions.

  3. Goal To come up with a new model of Functional Encryption which is simple, realistic, and allows the design of very efficient protocols.

  4. Motivation Havasupai tribe and the lawsuit settlement aftermath In 1989, researchers from ASU partnered with the Havasupai Tribe, a community with high rates of Type II Diabetes, to study links between genes and diabetes risk. When the researchers were not successful in finding a genetic link, they used the DNA from blood samples for other unrelated studiessuch as schizophrenia, migration, and inbreeding, all of which are taboo topics for the Havasupai. Source: http://genetics.ncai.org/case-study/havasupai-Tribe.cfm

  5. Volunteer • Contribute to scientific research by providing my genomic data. • Doesn’t trust anyone with my entire data. • Enforce policies like: • Only certain kinds of experiments can be run. • My data should be available only for an year. • Any researcher is allowed to run only 5 experiments.

  6. Scientist • I would like to conduct experiments, but with appropriate consent. • I do not want to reveal the design of my experiments. • Could be malicious!

  7. Two-party Computation • When a scientist wants to conduct an experiment, he contacts the volunteer, and they engage in 2-party secure computation. • Good • Does handle privacy concerns of both volunteers and scientists. • Efficient methods now known (using Garbled circuits, for e.g.) • Bad • Many scientists in the world, conduct experiments at different times. • Inconvenient for scientists if a small time-frame is provided.

  8. Functional Encryption MPK MSK, MPK MPK ENC (m) Alice Bob Trusted Authority DEC ( ENC(m) ) = f(m)

  9. Functional Encryption • How it would work? • Authority generates (MPK, MSK). • Volunteer encrypts her data under MPK, provides it to a scientist. • Authority issues keys corresponding to the function scientist would like to evaluate. • Good • Scientists can only evaluate the function for which a key is given. • Volunteer’s burden reduced substantially. • Bad • No efficient schemes for computing functions of interest (e.g. actual value of inner product). • Enforcing policies like bounded usage.

  10. Controlled Functional Encryption

  11. Controlled Functional Encryption

  12. Security • Malicious scientist, semi-honest central authority. • Assumption: Scientists and authority don’t collude. • Ideal-real world simulation based security definition. • Function hiding and function revealing.

  13. Applications

  14. Actual value of Inner-product • Think of a genome as a huge vector of small numbers X. • Let V be another vector of the same length. • Computing <V, X> allows us to check for disease susceptibility, patient similarity, etc.

  15. Protocol X+R, Enc (R, Pol, MPK) MPK, MSK X V, Enc (R, Pol, MPK) V <V, R> <V, X+R> - <V, R>

  16. General Construction • Input of scientist: f – any function • Input of volunteer: x • Output: F (f, x) = f (x) • Two party computation using Garbled circuits: • Authority has input MSK • Client has input f, y = Enc(x) • Compute F ( f, Dec (y) ) – circuit becomes big • A new method that avoids decryption. • Authority and client together compute F ( f, x ) only

  17. Thank you.

More Related