NSF Award
2318702
Public-key encryption is the basis for secure communication on the Internet. In a public-key encryption scheme, anyone can encrypt a message using a user's public key with the assurance that only the designated recipient can decrypt the message. In the last 25 years, functional encryption has emerged as a generalization of public-key encryption to provide fine-grained control to encrypted data. For instance, one can encrypt a message such that only users possessing a certain credential can decrypt. While functional encryption has enabled new capabilities, it does so at the cost of introducing a new trust model. In public-key encryption, individual users generate their own secret keys, whereas in functional encryption, the power is vested in a central trusted authority. If compromised, the attacker gains the ability to decrypt every ciphertext in the system. The central goal of this project is to develop new cryptographic mechanisms to reduce the trust assumptions needed to realize the expressive capabilities of functional encryption. Additionally, this project seeks to strengthen the network of cryptography researchers in Texas through semi-annual workshops for researchers and graduate students as well as providing mentoring and educational opportunities for undergraduates and high-school students.<br/><br/>The goal of this project is to develop new techniques to reduce the amount of trust needed in advanced encryption schemes. The primary focus will be on two different models: (1) a registration-based model; and (2) a multi-authority model. In the registration-based model for functional encryption, the trusted key issuer is replaced with an untrusted key aggregator. To join the system, users register their public key with the key aggregator. The key aggregator is a deterministic, transparent algorithm whose sole responsibility is aggregating public keys into a single short public key. This aggregated key then functions as the public key for the encryption scheme. This project will explore new avenues for constructing different notions of functional encryption (e.g., attribute-based encryption and broadcast encryption) in the registration-based model. The second main approach for reducing trust is the multi-authority model where instead of a single trusted authority, there are many independent key-issuing authorities. In this setting, a single compromised authority no longer jeopardizes security of the entire system. This project will explore new approaches for realizing multi-authority encryption schemes.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
