Functional encryption (FE) enables sophisticated control over decryption rights in a
multi-user scenario, while functional signature (FS) allows to enforce complex constraints on signing
capabilities. This paper introduces the concept of functional signcryption (FSC) that aims to
provide the functionalities of both FE and FS in an unified cost-effective primitive. FSC provides
a solution to the problem of achieving confidentiality and authenticity simultaneously in digital
communication and storage systems involving multiple users with better efficiency compared to a
sequential implementation of FE and FS. We begin by providing formal definition of FSC and formulating
its security requirements. Next, we present a generic construction of this challenging primitive
that supports arbitrary polynomial-size signing and decryption functions from known cryptographic
building blocks, namely, indistinguishability obfuscation (IO) and statistically simulation-sound noninteractive
zero-knowledge proof of knowledge (SSS-NIZKPoK). Finally, we exhibit a number of representative
applications of FSC: (I) We develop the first construction of attribute-based signcryption
(ABSC) supporting signing and decryption policies representable by general polynomial-size circuits
from FSC. (II) We show how FSC can serve as a tool for building SSS-NIZKPoK system and IO, a
result which in conjunction with our generic FSC construction can also be interpreted as establishing
an equivalence between FSC and the other two fundamental cryptographic primitives.
↧