More precisely, a functional encryption scheme for a given functionality consists of the following four algorithms:
- : creates a public key and a master secret key .
- : uses the master secret key to generate a new secret key for the function .
- : uses the public key to encrypt a message .
- : uses secret key to calculate where is the value that encrypts.
Functional encryption generalizes several existing primitives including Identity-based encryption (IBE) and Attribute-based encryption (ABE). In the IBE case, define to be equal to when corresponds to an identity that is allowed to decrypt, and otherwise. Similarly, in the ABE case, define when encodes attributes with permission to decrypt and otherwise.
Functional encryption was proposed by Amit Sahai and Brent Waters in 2005 and formalized by Dan Boneh, Amit Sahai and Brent Waters in 2010. Until recently, however, most instantiations of Functional Encryption supported only limited function classes such as boolean formulae. In 2012, several researchers developed Functional Encryption schemes that support arbitrary functions.
- Goldwasser, Shafi; Yael Kalai; Raluca Ada Popa; Vinod Vaikuntanathan; Nickolai Zeldovich (2013). "Reusable Garbled Circuits and Succinct Functional Encryption" (PDF). Proceedings of STOC 2013.
- Sahai, Amit; Brent Waters (2005). "Fuzzy Identity-Based Encryption" (PDF). Proceedings of Eurocrypt 2005.
- Boneh, Dan; Amit Sahai; Brent Waters (2011). "Functional Encryption: Definitions and Challenges" (PDF). Proceedings of Theory of Cryptography Conference (TCC) 2011.
- Gorbunov, Serge; Hoeteck Wee; Vinod Vaikuntanathan (2013). "Attribute-Based Encryption for Circuits". Proceedings of STOC.
- Sahai, Amit; Brent Waters. "Attribute-Based Encryption for Circuits from Multilinear Maps" (PDF). Cite journal requires
- Goldwasser, Shafi; Yael Kalai; Raluca Ada Popa; Vinod Vaikuntanathan; Nickolai Zeldovich (2013). "How to Run Turing Machines on Encrypted Data" (PDF). CRYPTO 2013.