Functional Encryption in the Bounded Storage Models

Functional encryption is a powerful paradigm for public-key encryption that allows for controlled access to encrypted data. Achieving the ideal simulation based security for this primitive is generally impossible in the plain model, so we investigate possibilities in the bounded quantum storage model (BQSM) and the bounded classical storage model (BCSM), where adversaries are limited with respect to their quantum and classical memories, respectively. The impossibility results on functional encryption do not apply to these settings which allows us to obtain positive outcomes. Firstly, in the BQSM, we construct non-interactive functional encryption satisfying information-theoretic simulation based security with ${q}=O(\sqrt{{s}/{r}})$. Here ${r}$ denotes the number of times that an adversary is restricted to ${s}$--qubits of quantum memory in the protocol and ${q}$ denotes the required quantum memory to run the protocol honestly. We then show that our scheme is optimal by proving that it is impossible to attain information-theoretically security with ${q} < \sqrt{{s}/{r}}$. However, by assuming the existence of one-way functions, we achieve (interactive) functional encryption with ${q}=0$ and ${r}=1$. Secondly, in the BCSM, we construct non-interactive functional encryption satisfying information-theoretic subexponential simulation based security assuming the existence of subexponential grey-box obfuscation. We then demonstrate that this assumption is minimal by constructing subexponential grey-box obfuscation from non-interactive functional encryption. We also consider the computational setting, obtaining (interactive) functional encryption satisfying simulation based security assuming grey-box obfuscation and one-way functions.