# Functional encryption

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Functional_encryption
> Markdown URL: https://mediated.wiki/source/Functional_encryption.md
> Source: https://en.wikipedia.org/wiki/Functional_encryption
> Source revision: 1260397868
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{Infobox encryption method
| name          = Functional encryption
| image         = Encryption.png
| caption       = 
| designers     = [Amit Sahai](/source/Amit_Sahai), [Brent Waters](/source/Brent_Waters), [Dan Boneh](/source/Dan_Boneh), [Shafi Goldwasser](/source/Shafi_Goldwasser), [Yael Kalai](/source/Yael_Kalai)
| publish date  = 
| derived from  = [Public-key encryption](/source/Public-key_encryption)
| derived to    =  
| related to    = [Homomorphic encryption](/source/Homomorphic_encryption)
| key size      = 
| block size    = 
| structure     = 
| rounds        = 
| cryptanalysis = 
}}

'''Functional encryption''' ('''FE''') is a generalization of [public-key encryption](/source/public-key_encryption) in which possessing a secret key allows one to learn a function of what the [ciphertext](/source/ciphertext) is encrypting.

==Formal definition==
More precisely, a functional encryption scheme for a given functionality <math>f</math> consists of the following four algorithms:

*<math>(\text{pk}, \text{msk}) \leftarrow \textsf{Setup}(1^\lambda)</math>: creates a public key <math>\text{pk}</math> and a master secret key <math>\text{msk}</math>.
*<math>\text{sk} \leftarrow \textsf{Keygen}(\text{msk}, f)</math>: uses the master secret key to generate a new secret key <math>\text{sk}</math> for the function <math>f</math>.
*<math>c \leftarrow \textsf{Enc}(\text{pk}, x)</math>: uses the public key to encrypt a message <math>x</math>.
*<math>y \leftarrow \textsf{Dec}(\text{sk}, c)</math>: uses secret key to calculate <math>y = f(x)</math> where <math>x</math> is the value that <math>c</math> encrypts.

The [security](/source/Provable_security) of FE requires that any information an adversary learns from an encryption of <math>x</math> is revealed by <math>f(x)</math>. Formally, this is defined by simulation.<ref name=":0">{{Cite book|url=https://books.google.com/books?id=w-39uAEACAAJ&pg=PA555|title=Reusable garbled circuits and succinct functional encryption - Stoc 13 Proceedings of the 2013 ACM Symposium on Theory of Computing|last1=Goldwasser|first1=Shafi|last2=Kalai|first2=Yael|last3=Ada Popa|first3=Raluca|last4=Vaikuntanathan|first4=Vinod|last5=Zeldovich|first5=Nickolai|publisher=ACM|year=2013|isbn=978-1-4503-2029-0|location=New York, NY, USA|pages=555–564|language=en}}</ref>

==Applications==
Functional encryption generalizes several existing primitives including [Identity-based encryption](/source/ID-based_encryption) (IBE) and [attribute-based encryption](/source/attribute-based_encryption) (ABE). In the IBE case, define <math>F(k,x)</math> to be equal to <math>x</math> when <math>k</math> corresponds to an identity that is allowed to decrypt, and <math>\perp</math> otherwise. Similarly, in the ABE case, define <math>F(k, x) = x</math> when <math>k</math> encodes attributes with permission to decrypt and <math>\perp</math> otherwise.

==History==
Functional encryption was proposed by [Amit Sahai](/source/Amit_Sahai) and [Brent Waters](/source/Brent_Waters) in 2005<ref>{{Cite conference| url=https://books.google.com/books?id=HrCI4ZyuZL0C|pages=457–473 | author1= Amit Sahai | author2= Brent Waters | chapter= Fuzzy Identity-Based Encryption |title= Advances in Cryptology |conference= EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings|date=2005 | editor= Ronald Cramer |publisher=Springer  |isbn=978-3-540-25910-7|language=en|lccn=2005926095 }}</ref> and formalized by [Dan Boneh](/source/Dan_Boneh), [Amit Sahai](/source/Amit_Sahai) and Brent Waters in 2010.<ref>{{cite journal|last=Boneh|first=Dan |author2=Amit Sahai |author3=Brent Waters|title=Functional Encryption: Definitions and Challenges|journal=Proceedings of Theory of Cryptography Conference (TCC) 2011|year=2011|url=http://eprint.iacr.org/2010/543.pdf}}</ref> Until recently, however, most instantiations of Functional Encryption supported only limited function classes such as boolean formulae. In 2012, several researchers developed Functional Encryption schemes that support arbitrary functions.<ref name=":0" /><ref>{{cite journal|last=Gorbunov|first=Sergey |author2=Hoeteck Wee |author3=Vinod Vaikuntanathan|title=Attribute-Based Encryption for Circuits|year = 2013|journal = Proceedings of STOC}}</ref><ref>{{cite web|last=Sahai|first=Amit|author2=Brent Waters|title=Attribute-Based Encryption for Circuits from Multilinear Maps|year=2012 |arxiv=1210.5287 |url=http://eprint.iacr.org/2012/592.pdf}}</ref><ref>{{cite book|last1=Goldwasser|first1=Shafi |author2=Yael Kalai |author3=Raluca Ada Popa |author4=Vinod Vaikuntanathan |author5=Nickolai Zeldovich|title=Advances in Cryptology – CRYPTO 2013 |chapter=How to Run Turing Machines on Encrypted Data |series=Lecture Notes in Computer Science |year=2013|volume=8043 |pages=536–553 |doi=10.1007/978-3-642-40084-1_30 |isbn=978-3-642-40083-4 |chapter-url=http://eprint.iacr.org/2013/229.pdf|doi-access=free |hdl=1721.1/91472 |hdl-access=free }}</ref>

==References==
{{reflist}}

Category:Cryptographic_primitives

---
Adapted from the Wikipedia article [Functional encryption](https://en.wikipedia.org/wiki/Functional_encryption) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Functional_encryption?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
