Research

Fine-Grained Functional Encryption with Revocation Secures Dynamic Data Access

A novel functional encryption scheme enables precise access control and dynamic revocation over encrypted data, critical for privacy in evolving systems like healthcare.
September 20, 20253 min

The image displays granular blue and white material flowing through transparent, curved channels, interacting with metallic components and a clear sphere. A mechanical claw-like structure holds a white disc, while a thin rod with a small sphere extends over the white granular substance
A close-up view reveals a highly detailed, translucent blue structure with a dynamic, fluid-like appearance, intricately surrounding and interacting with polished silver-toned metallic components. One prominent cylindrical metallic part features fine grooves and a central aperture, suggesting a precision-engineered mechanism

Briefing

Managing granular access rights and dynamic revocation in encrypted data systems, particularly for sensitive information like Electronic Health Records, remains a significant challenge for existing cryptographic schemes. This research introduces Inner-product Functional Encryption with Fine-grained Revocation (IPFE-FR), a new primitive that enables selective function computation over encrypted data while supporting precise revocation of access rights and ensuring forward security. This advancement fundamentally enhances data privacy and control for dynamic, multi-user environments, paving the way for more secure and adaptable blockchain architectures in sensitive data management.

The central focus is a gleaming white sphere enclosed by a segmented, transparent and metallic framework, all set against a backdrop of complex, dark blue circuitry. This structure evokes a sophisticated data processing hub or a secure cryptographic enclave

Context

Traditional Public Key Encryption (PKE) offers all-or-nothing data access, which is too rigid for complex, multi-stakeholder systems. Attribute-Based Encryption (ABE) provides some access control but typically lacks the ability for fine-grained function-specific revocation and dynamic updates to keys or ciphertexts, leaving a critical gap in managing evolving access permissions over time.

A sleek, transparent blue device, resembling a sophisticated blockchain node or secure enclave, is partially obscured by soft, white, cloud-like formations. Interspersed within these formations are sharp, geometric blue fragments, suggesting dynamic data processing

Analysis

The IPFE-FR scheme introduces a system where data is encrypted such that only specific mathematical functions can be computed on it by authorized users, without revealing the underlying data. Its core innovation lies in incorporating system version numbers into cryptographic keys and ciphertexts, enabling a group manager to revoke individual users’ function-specific access rights. When a revocation occurs, the system updates a global version number, and a cloud server, using a special update key, re-encrypts existing data to the new version. This ensures that previously issued keys for revoked users become invalid for both new and old data, providing forward security and preventing collusion by binding user and function keys.

The image presents a detailed close-up of a translucent, frosted enclosure, featuring visible water droplets on its surface and intricate blue internal components. A prominent grey circular button and another control element are embedded, suggesting user interaction or diagnostic functions

Parameters

  • Core Concept → Inner-product Functional Encryption
  • New System → IPFE-FR Scheme
  • Security AssumptionLearning with Errors (LWE)
  • Key Authors → Yue Han, Jinguang Han, Liqun Chen, Chao Sun
  • Revocation Type → Fine-grained, Indirect
  • Security Properties → Forward Security, Collusion Resistance
  • Application Domain → Electronic Health Records (EHR)

The detailed composition showcases an open mechanical watch movement, its metallic components and precise gear train clearly visible. A substantial blue structure, adorned with intricate circuit-like patterns, connects to the watch, with a metallic arm extending into its core

Outlook

This IPFE-FR scheme establishes a robust foundation for secure and adaptable data sharing, particularly in regulated sectors like healthcare where stringent privacy and access control are paramount. Future research will likely focus on optimizing its efficiency by exploring alternative lattice-based assumptions, such as Ring Learning with Errors (RLWE), to reduce computational overhead. The scheme’s principles could also extend to other privacy-preserving computation paradigms, enabling dynamic access control in decentralized finance (DeFi) for confidential asset management or in supply chain logistics for selective data disclosure.

A large, reflective silver Bitcoin coin with a prominent black 'B' logo is positioned atop an intricate blue circuit board. Numerous metallic silver and blue cables and conduits are intricately woven around the coin and connected to the underlying electronic components

Verdict

The IPFE-FR scheme represents a pivotal advancement in cryptographic access control, offering unprecedented flexibility and security for dynamic data environments crucial to future decentralized applications.

Signal Acquired from → arxiv.org

Micro Crypto News Feeds

fine-grained revocation

Definition ∞ Fine-grained revocation allows for the precise removal of access rights to specific data or functionalities within a system.

access control

Definition ∞ Access control dictates who or what can view or use resources within a digital system.

forward security

Definition ∞ Forward security is a property of cryptographic systems ensuring that past session keys remain secure even if current or future long-term keys are compromised.

functional encryption

Definition ∞ Functional encryption is a cryptographic scheme that allows specific functions of encrypted data to be computed without decrypting the entire dataset.

learning with errors

Definition ∞ Learning with Errors (LWE) is a mathematical problem that forms the basis for several advanced cryptographic constructions, particularly in post-quantum cryptography.

collusion resistance

Definition ∞ Collusion Resistance is a property of a system where participants cannot conspire to achieve an outcome that benefits them unfairly at the expense of others.

dynamic access

Definition ∞ Dynamic access refers to a system where permissions to data or resources are adjusted in real-time based on changing conditions or user attributes.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

Tags:

Tags: