*12:17* [Pub][ePrint]
Functional Signatures and Pseudorandom Functions, by Elette Boyle and Shafi Goldwasser and Ioana Ivan
In this paper, we introduce \\emph{functional digital signatures}, \\emph{functional pseudorandom functions} and \\emph{pseudorandom functions with selective access}. In a functional signature scheme, in addition to a master signing key that can be used to sign any message, there are \\emph{signing keys for a function} $f$, which allow one to sign any message in the range of $f$. An immediate application of functional signature schemes is delegation of the ability to sign a restricted set of messages by a master authority to a third party. We also show applications of functional signatures in constructing succinct non-interactive arguments and delegation schemes. We give several general constructions for this primitive based on different computational hardness assumptions, and describe the trade-offs between them in terms of the assumptions they require and the size of the signatures.

In a functional pseudorandom function, in addition to a master secret key that can be used to evaluate the pseudorandom function $F$ on any point in the domain, there are additional \\emph{secret keys for a function} $f$, which allow one to evaluate $F$ on any $y$ for which there exists an $x$ such that $f(x)=y$. This implies the ability to delegate keys per function $f$ for computing a pseudorandom function $F$ on points $y$ for which $f(y)=1$. Such functions imply {\\it pseudo random functions with selective access} -- pseudorandom function families F for which one may delegate keys per function f for computing F on points y for which f(y) = 1. We provide an example of a construction of a functional pseudorandom function for prefix fixing functions.

*12:17* [Pub][ePrint]
Function-Private Subspace-Membership Encryption and Its Applications, by Dan Boneh and Ananth Raghunathan and Gil Segev
Boneh, Raghunathan, and Segev (CRYPTO \'13) have recently put forward the notion of function privacy and applied it to identity-based encryption, motivated by the need for providing predicate privacy in public-key searchable encryption. Intuitively, their notion asks that decryption keys reveal essentially no information on their corresponding identities, beyond the absolute minimum necessary. While Boneh et al. showed how to construct function-private identity-based encryption (which implies predicate-private encrypted keyword search), searchable encryption typically requires a richer set of predicates.In this paper we significantly extend the function privacy framework. First, we introduce the new notion of subspace-membership encryption, a generalization of inner-product encryption, and formalize a meaningful and realistic notion for capturing its function privacy. Then, we present a generic construction of a function-private subspace-membership encryption scheme based on any inner-product encryption scheme. This is the first generic construction that yields a function-private encryption scheme based on a non-function-private one.

Finally, we present various applications of function-private subspace-membership encryption. Among our applications, we significantly improve the function privacy of the identity-based encryption schemes of Boneh et al.: whereas their schemes are function private only for identities that are highly unpredictable (with min-entropy of at least

$\\lambda + \\omega(\\log \\lambda)$ bits, where $\\lambda$ is the security parameter), we obtain function-private schemes assuming only the minimal required unpredictability (i.e., min-entropy of only $\\omega(\\log \\lambda)$ bits). This improvement offers a much more realistic function privacy guarantee.