| Title | : | Quadratic Functional Encryption with Identities for Privacy Preserving Machine Learning |
| Speaker | : | Anuja Modi (IITM) |
| Details | : | Tue, 5 Mar, 2024 4:00 PM @ SSB-334 |
| Abstract: | : | Multi-Input Functional Encryption (MIFE) has emerged as a powerful tool for encrypted computation, most notably enabling new approaches to privacy preserving machine learning. Unfortunately, existing designs suffer from one of two limitations-- either they are incredibly inefficient for practical deployment, or provide weak security insufficient for most applications. We introduce a generalization of MIFE, called Identity-Based MIFE. It enables fine-grained 'identity-based' access control within the system. Each secret key and ciphertext is (additionally) associated with an identity, such that a successful MIFE-style decryption is contingent on the identities associated with the key and ciphertexts matching. Our central goal is to remove undesirable leakage encountered in MIFE systems due to "mix and match'' attacks. We design the first Identity-Based MIFE for degree-2 functions, secure under standard pairing-based assumptions. Our system can be directly used in any vertical federated learning application, leading to improved efficiency, round complexity, and security compared to prior solutions. This merely serves as an example highlighting utility of our system in privacy privacy machine learning. We believe Identity-Based MIFE will likely find more applications and be a valuable addition to the cryptographic toolbox for encrypted computation. Further, we demonstrate practicality of our Identity-Based MIFE system in the form of a proof-of-concept implementation. Our experiments establish that our system is reasonably efficient, even without exploiting standard software optimization techniques. For example, a system supporting up-to 4 users encrypting vectors in Z_q^6 where q is 256-bit prime, the encryption and key generation algorithms take about a minute, while the size of the ciphertexts and secret keys are approximately 200 kB with about 128-bit security. |
