Deniable Functional Encryption

Caro, Angelo; Iovino, Vincenzo; O’Neill, Adam

doi:10.1007/978-3-662-49384-7_8

Cited by 9 publications

(8 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then, Trap i,j will contain the images under the one-way function f of all z i 's. The proof is given in [21].…”

Section: Multi-distributional Receiver Deniable Fe From Diomentioning

confidence: 99%

“…In Section 2.2 we introduced the publicly deniable functional encryption primitive and we now show how to modify the receiver deniable scheme of the conference version [21] to add sender deniability.…”

Section: Sender Deniability Via Indistinguishability Obfuscationmentioning

confidence: 99%

“…Security: The proof that

monospaceR monospacee monospacec monospaceD monospacee monospacen monospaceF monospaceE

is a (1, 1)‐receiver‐deniable FE scheme for Boolean formulae is essentially that for general functionalities of the conference version [12] and we omit further details. In fact, observe that Boolean formulae are a very special case of general circuits and as such the proof follows the same structure.…”

Section: Receiver‐deniable Fe For Boolean Formulaementioning

confidence: 99%

“…A trivial fix is to put in the ciphertexts as many different s's as the number of secret keys to be faked but this will create an unnecessary dependence that can be removed by using a PRF as a compact source of randomness. In the conference version [21] we presented the result in full details. Efficient Receiver Deniable FE for Boolean Formulae.…”

Section: Introductionmentioning

confidence: 99%

“…To formalise it, recall from [11] that

false(q_{1}, ℓ, q_{2} false)

‐SIM security denotes SIM‐security where the adversary is allowed to make at most

q_{1}

non‐adaptive key queries,

ℓ

encryption queries (challenge ciphertexts), and

q_{2}

adaptive key queries. We show that an

false(n_{c}, n_{k} false)

‐receiver‐deniable FE scheme is also

false(0, n_{c}, n_{k} false)

‐SIM‐secure (see the conference version [12] for a formal theorem and proof). On the other hand, we stress deniability is stronger in the respect that equivocable ciphertexts and keys must decrypt correctly in the real system.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Receiver‐ and sender‐deniable functional encryption

Iovino

O’Neill

2018

IET Information Security

Self Cite

View full text Add to dashboard Cite

Deniable encryption, first introduced by Canetti et al. (CRYPTO 1997), allows equivocation of encrypted communication. In this work we generalize its study to functional encryption (FE). Our results are summarized as follows:We first put forward and motivate the concept of receiver deniable FE, for which we consider two models. In the first model, as previously considered by O'Neill et al. (CRYPTO 2011) in the case of identity-based encryption, a receiver gets assistance from the master authority to generate a fake secret key. In the second model, there are "normal" and "deniable" secret keys, and a receiver in possession of a deniable secret key can produce a fake but authentic-looking normal key on its own.In the first model, we show a compiler from any FE scheme for the general circuit functionality to a FE scheme having receiver deniability. In addition we show an efficient receiver deniable FE scheme for Boolean Formulae from bilinear maps. In the second (multi-distributional) model, we present a specific FE scheme for the general circuit functionality having receiver deniability. To our knowledge, a scheme in the multi-distributional model was not previously known even for the special case of identity-based encryption.Finally, we construct the first sender (non-multi-distributional) deniable FE scheme.

show abstract

“…Then, Trap i,j will contain the images under the one-way function f of all z i 's. The proof is given in [21].…”

Section: Multi-distributional Receiver Deniable Fe From Diomentioning

confidence: 99%

Section: Sender Deniability Via Indistinguishability Obfuscationmentioning

confidence: 99%

“…Security: The proof that