At the beginning of the FAFC project, the cryptography community was still rather far from realizing the functional cryptography vision. We argued that the landscape of our current knowledge in this area must urgently change. During the lifetime of the FAFC project, we gained substantial progress toward each of our three main objectives, enabling the cryptographic community to better understand functional cryptography. Our results have been published in top conferences and journals (most notably, in the flagship conferences of the International Association for Cryptologic Research), and have already led to follow-up work by leading researchers in the cryptography community.
In particular, we view our work on the Minicrypt vs. Obfustopia problem, our work on out-of-band authentication, and our work on tight tradeoffs in searchable symmetric encryption, to be the most significant achievements in this project (covering each of the project’s three main objectives). The following paragraphs exemplify the flavor of our research within this project by providing a high-level overview of our achievements in each of these research directions.
From Minicrypt to Obfustopia via Private-Key Functional Encryption:
Private-key functional encryption enables fine-grained access to symmetrically-encrypted data. Although private-key functional encryption (supporting an unbounded number of keys and ciphertexts) seems significantly weaker than its public-key variant, its known realizations all rely on public-key functional encryption. At the same time, however, up until recently it was not known to imply any public-key primitive, demonstrating our poor understanding of this primitive. We show that quasi-polynomially secure private-key functional encryption bridges from sub-exponential security in Minicrypt all the way to Cryptomania, settling one of the main open problems in this line of research.
Out-of-Band Authenticated Group Key Exchange:
Detecting man-in-the-middle attacks during the initial generation of shared secrets is a major challenge that arises in many communication platforms offering end-to-end encrypted messaging, audio or video calls. Given the inherent ad-hoc nature of many of these popular platforms, out-of-band authenticated key-exchange protocols are widely deployed in the user-to-user setting. Such protocols enable two users to establish shared secrets while detecting man-in-the-middle attacks by employing an external channel through which users can manually authenticate one short value.
We initiate the study of out-of-band authentication in the group setting, and establish a tight tradeoff between the length of the out-of-band value (which is a crucial bottleneck, as the out-of-band channel is of low bandwidth) and the probability that a man-in-the-middle attack is undetected. We present both computationally and statistically secure protocols together with matching lower bounds. Moreover, the length of the out-of-band value in our computationally-secure protocol is nearly independent of the group size, and instantiating it in the random-oracle model yields a practically-relevant protocol.
Tight Tradeoffs in Searchable Symmetric Encryption:
We establish tight bounds on the tradeoff between the space overhead, locality, and read efficiency of Searchable Symmetric Encryption (SSE) schemes within two general frameworks that capture the memory access pattern underlying all existing schemes. First, we introduce the “pad-and-split” framework, refining that of Cash and Tessaro while still capturing the same existing schemes. Within our framework, we significantly strengthen their lower bound to match the tradeoff provided by the scheme of Demertzis and Papamanthou (SIGMOD '17) which is captured by our pad-and-split framework. Then, within the “statistical-independence” framework of Asharov et al., we show that their lower bound is essentially tight, settling a fundamental open problem in this area.