Towards Unified, Achievable, Simulation Based Function and Data Privacy in Functional Encryption

As the area of Functional Encryption (FE) has grown in importance, the landscape of its security definitions has become increasingly cluttered. Currently prevalent definitions are largely restricted to data privacy, and are broadly categorized as indistinguishability (IND) style or simulation (SIM) style, where the former are known to be insufficient and the latter are known to be unachievable even for simple functionalities like point functions (IBE) and inner products. Recently, Boneh et al. [BRS13a] introduced a new security definition to study the complementary aspect of function privacy in FE, but it is unclear how this definition relates to data privacy definitions. In this work, we attempt to clean up this state of affairs and present a unified treatment of data and function hiding definitions. We propose a new simulation based definition for function privacy in addition to data privacy, which we call Relax-AD-SIM, and study its achievability. We show that Relax-AD-SIM interpolates simulation based (SIM) and indistinguishability based (IND) definitions for data privacy, and implies the function privacy definition of [BRS13a]. Our definition relaxes the requirements on the simulator to bypass impossibility of SIM in the standard model. We show that the inner product FE scheme of [LOS10] enjoys Relax-AD-SIM security for data hiding while the weaker, selectively secure inner product FE scheme of [KSW08] suffices to achieve function hiding. Our definition provides the first unified simulation based definition that supports function hiding as well as data hiding. We emphasize that Relax-AD-SIM security is the strongest simulation based security definition known to be achievable by inner product FE to the best of our knowledge. This is because Relax-AD-SIM is an adaptive notion of simulation security, which, in its most general form (AD-SIM) is known to be impossible to achieve for inner product FE. ∗I.I.T, Delhi. Email: [email protected]. †UCLA Email: [email protected]. ‡UCLA Email: [email protected]. i.e. it supports post challenge key queries