multi-client functional encryption for controlled data sharing
Tim van de Kamp is a PhD student in the research group Services, Cybersecurity & Safety. His supervisor is prof.dr. W. Jonker from the Faculty of Electrical Engineering, Mathematics and Computer Science.
Multi-client functional encryption (MC-FE) is a powerful concept that makes it possible to compute on confidential data from multiple parties, while only revealing the computational outcome in the clear. This security guarantee makes MC-FE a prime candidate for controlled data sharing as long as it can reach practical efficiency for the functionalities needed in such a setting. General-purpose MC-FE schemes allow for arbitrary computations on encrypted data, but require non-standard security assumptions and are based on inefficient primitives. In contrast, special-purpose MC-FE schemes can be both efficient and proven secure under well-established assumptions. However, the few existing special-purpose schemes cover only a limited number of functionalities.
We propose special-purpose MC-FE schemes for two essential classes of data sharing functionalities: set operations and predicate testing. In the case of set operations, we construct schemes that can determine the set intersection or the cardinality thereof by employing a combination of pseudorandom functions (PRF), hash functions, secret sharing, and elliptic curve cryptography. For the case of predicate testing, we present a compiler that turns any predicate description into an evaluation scheme operating on inputs from various parties. As a special case, we develop a construction to test the equality of vectors from multiple parties that provides a stronger security guarantee. All our predicate testing schemes are based on a combination of PRF, hash functions, secret sharing, and bilinear maps.
We implement and evaluate several of the above schemes for sets and vectors. We see that our special-purpose schemes are at least four orders of magnitude faster than general-purpose MC-FE schemes, resulting in evaluation times of seconds on commodity hardware.