Functional Encryption: Making It Hard for Intruders, Easy for Programmers

What's the biggest problem in data security these days? Would you believe it's the widespread use of "trusted servers" to store and secure data, at least according to Amit Sahai, Brent Waters, and Jonathan Katz.

"The 'trusted server' model is a simple model," explains Sahai, an associate professor of computer science at the UCLA. "It's easy to implement. It's easy to put into practice. Information is placed in the server at face value and the server itself is simply given the task of deciding who to give the data to. Because of the simplicity in programming, these servers have become ubiquitous and are prime targets -- everyone wants to attack them."

Moreover replicating data on a wide scale has added to the problem. "To create robustness and availability, data is stored on several trusted servers as backups," adds Waters, a computer scientist at SRI. "If one server goes down, another can be accessed. There is a trade-off between data availability and security. The more replicated servers there are, the more targets there are for hackers."

"Imagine current encryption technology as a lock and key -- the data is locked, and to allow different people access, many copies of the key need to be made," Sahai goes on to say. "One record might need to be accessed by 10,000 people, so you make 10,000 copies of that key. With millions of documents and thousands of keys per document, you can imagine how very, very complicated it gets. It becomes much too complicated to manage. So even though we've had very strong encryption technology now for decades, it's just not used, or it is used incorrectly."

Which is the reason why Sahai, Waters, and Katz developed the idea of "functional encryption" to simplify the encryption of data in servers and allow access to the data in an intuitive way, with the goal of making it much harder for intruders to gain access to sensitive information, but easier for programmers to secure it.

In their paper Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products, the research team explain that functional encryption lets programmers simply plug in their criteria for the information. The system then produces an encrypted record that only people matching the criteria can decrypt. The complex system of managing many keys is simplified, and servers hold encrypted data that the servers themselves can't read.

In addition, functional encyption allows for keys to be personalized -- only one key is needed to unlock all the information that is available to that person. "This is the key innovation in our system," explains Sahai. "We have this mathematical method for randomization of personalizing keys so that your key doesn't just depend on what attributes you have, like what your name is. Further, there is some mathematical hardening that is personalized to you, so that you can't combine it with anyone else's keys to do anything meaningful."

"Our goal is to rethink what encryption is," Waters said. "Over the years, people have taken on a somewhat rigid view of what encryption is. What we're hoping to do is show that we can build simpler and more powerful systems by changing the way we think. Eventually, we hope to get rid of complex infrastructures and do things in a simpler manner that is also more secure and cost-effective."