Functional encryption from LWE


March 27, 2014


Shweta Agrawal


Indian Institute of Technology, Delhi


Recent times have seen fantastic advances in the general area of “computing on encrypted data”. Of particular importance, is the fast-growing area of functional encryption (FE). Functional encryption is a generalization of public key encryption which allows tremendous flexibility and control in learning information from encrypted data. In functional encryption, a user’s secret key corresponds to some function f, denoted by SKf. The ciphertext corresponds to some input x chosen from the domain of f. Given SKf and ciphertext CTx, the user may run the decryption procedure to learn f(x). Security of the system guarantees that nothing beyond f(x) can be learned from CTx and SKf. We will study how lattices can be used for the construction of functional encryption schemes. Of special interest to us will be the “learning with errors” (LWE) assumption, which enjoys strong worst case guarantees that makes it very desirable for the construction of cryptographic primitives. We will review known constructions of functional encryption from LWE, including FE for point functions or “identity based encryption”, FE for linear functions or “inner product” encryption” and FE for more general circuits or “attribute based encryption for circuits”. We will also discuss some open problems in this fast growing area.


Shweta Agrawal

Dr. Shweta Agrawal received her Ph.D. from the University of Texas at Austin, in 2011. Subsequently she spent two years as a postdoc at UCLA. She has also been a visiting researcher at various other institutes such as Microsoft Research (Redmond), Stanford University, University of California, San Diego and IBM Research (New York). Her area of research is Cryptography. She was recently awarded the INSPIRE faculty fellowship by the government of India and has taken this fellowship to IIT Delhi as an INSPIRE assistant professor.