We study certified everlasting secure functional encryption (FE) and many other cryptographic primitives in this work. Certified everlasting security roughly means the following. A receiver possessing a quantum cryptographic object can issue a certificate showing that the receiver has deleted the cryptographic object and information included in the object was lost. If the certificate is valid, the security is guaranteed even if the receiver becomes computationally unbounded after the deletion. Many cryptographic primitives are known to be impossible (or unlikely) to have information-theoretical security even in the quantum world. Hence, certified everlasting security is a nice compromise (intrinsic to quantum). In this work, we define certified everlasting secure versions of FE, compute-and-compare obfuscation, predicate encryption (PE), secret-key encryption (SKE), public-key encryption (PKE), receiver non-committing encryption (RNCE), and garbled circuits. We also present the following constructions: - Adaptively certified everlasting secure collusion-resistant public-key FE for all polynomial-size circuits from indistinguishability obfuscation and one-way functions. - Adaptively certified everlasting secure bounded collusion-resistant public-key FE for NC1 circuits from standard PKE. - Certified everlasting secure compute-and-compare obfuscation from standard fully homomorphic encryption and standard compute-and-compare obfuscation - Adaptively (resp., selectively) certified everlasting secure PE from standard adaptively (resp., selectively) secure attribute-based encryption and certified everlasting secure compute-and-compare obfuscation. - Certified everlasting secure SKE and PKE from standard SKE and PKE, respectively. - Certified everlasting secure RNCE from standard PKE. - Certified everlasting secure garbled circuits from standard SKE.
翻译:在这项工作中, 拥有量子加密对象的接收器可以发布证书, 显示接收器删除了该对象所含的加密对象和信息。 如果证书有效, 即使接收器在删除后没有计算限制, 也保证了安全。 许多加密原始器即使在数量世界中也不可能( 不太可能) 拥有信息理论安全。 因此, 认证永久安全是一种很好的折中( 与量值相当 ) 。 在这项工作中, 我们定义了认证的永久安全版本, 显示接收器删除了该对象中包含的加密对象和信息。 如果证书有效, 即便接收器在删除后没有计算限制。 许多加密原始器在安全标准( RNCE ) 中无法( 甚至不可能) 即使在数量世界中也不可能拥有信息理论安全。 因此, 认证的永久安全协作- 公钥永久稳定( 等) 用于所有多货币规模电路段( E、 compaute- deliver E