International Association for Cryptologic Research

International Association
for Cryptologic Research


Security with Functional Re-Encryption from CPA

Yevgeniy Dodis , NYU
Shai Halevi , Algorand Foundation
Daniel Wichs , Northeastern University and NTT Research
Search ePrint
Search Google
Presentation: Slides
Conference: TCC 2023
Abstract: The notion of functional re-encryption security (funcCPA) for public-key encryption schemes was recently introduced by Akavia et al. (TCC'22), in the context of homomorphic encryption. This notion lies in between CPA security and CCA security: we give the attacker a *functional re-encryption oracle* instead of the decryption oracle of CCA security. This oracle takes a ciphertext ct and a function f, and returns fresh encryption of f applied to the decryption of ct; in symbols, ct'=Enc(f(Dec(ct))). In this work we observe that funcCPA security may have applications beyond homomorphic encryption, and set out to study its properties. As our main contribution, we prove that funcCPA is "closer to CPA than to CCA"; that is, funcCPA secure encryption can be constructed in a black-box manner from CPA-secure encryption. We stress that, prior to our work, this was not known even for regular re-encryption queries corresponding to identity function f. At the core of our result is a new technique, showing how to handle *adaptive* functional re-encryption queries using tools previously developed in the context of non-malleable encryption, which roughly corresponds to a single *non-adaptive* parallel decryption query.
  title={Security with Functional Re-Encryption from CPA},
  author={Yevgeniy Dodis and Shai Halevi and Daniel Wichs},