Certified Everlasting Secure Collusion-Resistant Functional Encryption, and More
Taiga Hiroka, Fuyuki Kitagawa, Tomoyuki Morimae, Ryo Nishimaki, Tapas Pal, Takashi Yamakawa
TL;DR
The paper develops certified everlasting security notions for a broad suite of cryptographic primitives centered on functional encryption, enabling deletion certificates that preserve security even after quantum-enabled adversaries gain unbounded power. It introduces adaptive and selective variants, with concrete constructions for collusion-resistant FE, compute-and-compare obfuscation, predicate encryption, secret-key and public-key encryption, receiver non-committing encryption, and garbled circuits, often from standard primitives (IO, OWFs, ABE, FHE, PKE) and sometimes under the QROM. Core technical innovations include the certified everlasting lemma, BB84-based authentication for quantum inputs, deferred evaluation with dummy locks, and a public-slot FE concept to handle two-input function outputs with public inputs, plus a shift from classical to quantum-safe proofs via teleportation-based reductions. The work also discusses concurrent results (e.g., Bartusek-Khurana) and clarifies how its approaches differ—particularly around verification visibility, certificate classicality, and the need for QROM in certain constructions. Overall, the paper pushes forward the feasibility of robust, deletion-certified cryptographic functionalities in a quantum world, providing both deep theoretical foundations and practical construction outlines for FE-related primitives.
Abstract
We study certified everlasting secure functional encryption (FE) and many other cryptographic primitives in this work. Certified everlasting security roughly means the following. A receiver possessing a quantum cryptographic object can issue a certificate showing that the receiver has deleted the cryptographic object and information included in the object was lost. If the certificate is valid, the security is guaranteed even if the receiver becomes computationally unbounded after the deletion. Many cryptographic primitives are known to be impossible (or unlikely) to have information-theoretical security even in the quantum world. Hence, certified everlasting security is a nice compromise (intrinsic to quantum). In this work, we define certified everlasting secure versions of FE, compute-and-compare obfuscation, predicate encryption (PE), secret-key encryption (SKE), public-key encryption (PKE), receiver non-committing encryption (RNCE), and garbled circuits. We also present the following constructions: - Adaptively certified everlasting secure collusion-resistant public-key FE for all polynomial-size circuits from indistinguishability obfuscation and one-way functions. - Adaptively certified everlasting secure bounded collusion-resistant public-key FE for NC1 circuits from standard PKE. - Certified everlasting secure compute-and-compare obfuscation from standard fully homomorphic encryption and standard compute-and-compare obfuscation - Adaptively (resp., selectively) certified everlasting secure PE from standard adaptively (resp., selectively) secure attribute-based encryption and certified everlasting secure compute-and-compare obfuscation. - Certified everlasting secure SKE and PKE from standard SKE and PKE, respectively. - Certified everlasting secure RNCE from standard PKE. - Certified everlasting secure garbled circuits from standard SKE.