Controlled Functional Encryption

Question

1. What are the contributions mentioned in the paper "Controlled functional encryption" ?

2. What are the main features of functional encryption schemes?

3. How many SNPs are needed for a disease susceptibility test?

4. How can the authority recover a key request?

Accepted Answer

Motivated by privacy and usability requirements in various scenarios where existing cryptographic tools ( like secure multi-party computation and functional encryption ) are not adequate, the authors introduce a new cryptographic tool called Controlled Functional Encryption ( C-FE ).. However, the authors allow ( and require ) the client to send a fresh key request to the authority every time it wants to evaluate a function on a ciphertext.. Their main contributions in this work include developing and formally defining the notion of C-FE ; designing theoretical and practical constructions of C-FE schemes achieving these definitions for specific and general classes of functions ; and evaluating the performance of their constructions on various application scenarios.

Accepted Answer

they rely on computationally intensive operations (fully homomorphic encryption schemes) as well as a powerful tamper proof token carrying out significant computation (signature, noninteractive zero knowledge proofs (NIZK) and succinct non-interactive arguments (SNARGs) verification).

Accepted Answer

The maximum number of disease markers for a disease susceptibility test are no more than 50 Single Nucleotide Polymorphisms (single nucleotide variation between two species) (SNPs) [6].

Accepted Answer

The authority can recover λ by decrypting σ; it can also update the pattern information, if necessary, by comparing λ with previous key requests it received.

Accepted Answer

The encryption algorithm used by the data owner takes (x, λ) and creates two ciphertexts (α, σ), obtained by encrypting (x, λ) respectively, under PK.

Accepted Answer

In particular, the non-interactive nature (encryptions instead of protocols) and the offline nature of data owners make a C-FE scheme much easier to deploy in these applications than a solution relying on, say, secure multi-party computation.

Accepted Answer

Their plaintext has millions of elements, so, very small random function vectors (e.g., with 1000 elements) would result in number of public key decryptions same as the size of the function vector.

Accepted Answer

One approach to solving this problem would be to use secure two-party computation, given the recent advances in practical implementations of this tool [48, 36, 46, 45, 38, 47, 37, 61].

Accepted Answer

Finding a similar genome in a collection of 100,000 genomes would cost only $1414 when comparing all 4 million SNPs, while it would cost only $140 when comparing any random 20,000 SNPs.

Accepted Answer

the authors pack several secret shares in each public key encryption by concatenating them in a single block, sequential function vectors would result in a very small number of public key decryptions at the authority for key generation.

Accepted Answer

the authors conducted experiments with 1.5 million bits and their results shows that it requires less than 8 minutes and 135MB network communication to find similarity between two SNP profiles of 0.5 million SNPs each (using their encoding scheme).

Accepted Answer

Hospitals are typically reluctant to share data with each other without proper security protection, due to concerns about privacy and liability.

Accepted Answer

Their approach can support paternity and kinship inference using human SNP profile that can be obtained for less than $100 (e.g., from 23andme).

Accepted Answer

In this section, the authors talk about the work most closely related to ours, namely functional encryption schemes that support any polynomialtime computation.

Accepted Answer

It has the following useful non-malleability property: given an encryption of a message m, it is infeasible for a computationally bounded adversary to create an encryption of a message related tom.

Accepted Answer

The authors show that their Superfast C-FE scheme can efficiently support complete human SNP profile comparison and is highly scalable to be used for comparison with a very large population.

Accepted Answer

Per block padding size is same for different key sizes, but, as larger keys have larger block sizes, the ciphertext size decreases as the key size increases, as shown in Table 1.7The number is based on the fact that each human has 4,000,000 variants.84 million variants in each individual can appear at 40 million different locations.

Controlled Functional Encryption

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What are the contributions mentioned in the paper "Controlled functional encryption" ?

2. What are the main features of functional encryption schemes?

3. How many SNPs are needed for a disease susceptibility test?

4. How can the authority recover a key request?

5. What is the encryption algorithm used by the data owner?

6. What makes a C-FE scheme much easier to deploy in these applications?

7. How many public key decryptions would be generated?

8. What is the approach to solving this problem?

9. How much would it cost to compare a genome in a collection of 100,000?

10. What is the way to pack secret shares in a single block?

11. How many bits does it take to find similarity between two SNP profiles?

12. Why are hospitals reluctant to share data with each other?

13. How much does it cost to compare a human SNP profile?

14. What is the closely related work to ours?

15. What is the non-malleability property of IND-CCA2?

16. How can the authors compare the SNPs of Alice's patients?

17. How many variants can appear at 40 million different locations?

Figures

Citations

Privacy in the Genomic Era

IRON: Functional Encryption using Intel SGX

Privacy in the Genomic Era

Sociotechnical safeguards for genomic data privacy

An Inference Attack on Genomic Data Using Kinship, Complex Correlations, and Phenotype Information

References

Attribute-based encryption for fine-grained access control of encrypted data

Ciphertext-Policy Attribute-Based Encryption

Fuzzy identity-based encryption

How to generate and exchange secrets

Universally composable security: a new paradigm for cryptographic protocols

Related Papers (5)

Functional encryption: definitions and challenges

Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays.

Privacy preserving error resilient dna searching through oblivious automata

Identifying personal genomes by surname inference.

Routes for breaching and protecting genetic privacy.