Functional encryption lies at the frontiers of the current research in cryptography; some variants have been shown sufficiently powerful to yield indistinguishability obfuscation (IO), while other variants have been constructed from standard assumptions such as LWE. Indeed, most variants have been classified as belonging to either the former or the latter category. However, one mystery that has remained is the case of secret-key functional encryption with an unbounded number of keys and ciphertexts. On the one hand, this primitive is not known to imply anything outside of minicrypt, the land of secret-key cryptography, but, on the other hand, we do no know how to construct it without the heavy hammers in obfustopia. In this work, we show that (subexponentially secure) secret-key functional encryption is powerful enough to construct indistinguishability obfuscation if we additionally assume the existence of (subexponentially secure) plain public-key encryption. In other words, secret-key functional encryption provides a bridge from cryptomania to obfustopia. On the technical side, our result relies on two main components. As our first contribution, we show how to use secret-key functional encryption to get “exponentially efficient indistinguishability obfuscation” (XIO), a notion recently introduced by Lin et al. (PKC’16) as a relaxation of IO. Lin et al. show how to use XIO and the LWE assumption to build IO. As our second contribution, we improve on this result by replacing its reliance on the LWE assumption with any plain public-key encryption scheme. Lastly, we ask whether secret-key functional encryption can be used to construct public-key encryption itself and therefore take us all the way from minicrypt to obfustopia. A result of Asharov and Segev (FOCS’15) shows that this is not the case under black-box constructions, even for exponentially secure functional encryption. We show, through a non-black-box construction, that subexponentially secure-key functional encryption indeed leads to public-key encryption. The resulting public-key encryption scheme, however, is at most quasi-polynomially secure, which is insufficient to take us to obfustopia.

中文翻译：

---

通过密钥功能加密从加密狂热到迷糊

功能加密处于当前密码学研究的前沿；一些变体已被证明足够强大以产生不可区分性混淆 (IO)，而其他变体则是根据标准假设构建的，例如 LWE。事实上，大多数变体已被归类为属于前一类或后一类。然而，仍然存在的一个谜团是具有无限数量的密钥和密文的秘密密钥功能加密的情况。一方面，不知道这个原语暗示了 minicrypt 之外的任何东西，秘密密钥密码学的土地，但另一方面，我们不知道如何在没有obfutopia 中的重锤的情况下构建它。在这项工作中，我们表明，如果我们另外假设（次指数安全的）普通公钥加密的存在，（次指数安全的）秘密密钥功能加密足够强大以构建不可区分性混淆。换句话说，秘密密钥功能加密提供了从密码狂热到迷糊的桥梁。在技​​术方面，我们的结果依赖于两个主要组成部分。作为我们的第一个贡献，我们展示了如何使用密钥功能加密来获得“指数有效的不可区分性混淆”（XIO），这是 Lin 等人最近提出的一个概念。(PKC'16) 作为 IO 的松弛。林等人。展示如何使用 XIO 和 LWE 假设来构建 IO。作为我们的第二个贡献，我们通过用任何普通的公钥加密方案取代对 LWE 假设的依赖来改进这个结果。最后，我们询问是否可以使用密钥功能加密来构建公钥加密本身，从而将我们从 minicrypt 带到 obfustopia。Asharov 和 Segev (FOCS'15) 的结果表明，在黑盒结构下情况并非如此，即使对于指数安全的功能加密也是如此。我们通过非黑盒构造表明，次指数安全密钥功能加密确实会导致公钥加密。然而，由此产生的公钥加密方案至多是准多项式安全的，这不足以让我们陷入混乱。即使是指数级安全的功能加密。我们通过非黑盒构造表明，次指数安全密钥功能加密确实会导致公钥加密。然而，由此产生的公钥加密方案至多是准多项式安全的，这不足以让我们陷入混乱。即使是指数级安全的功能加密。我们通过非黑盒构造表明，次指数安全密钥功能加密确实会导致公钥加密。然而，由此产生的公钥加密方案至多是准多项式安全的，这不足以让我们陷入混乱。