Research

Fine-Grained Functional Encryption with Revocation Secures Dynamic Data Access

A novel functional encryption scheme enables precise access control and dynamic revocation over encrypted data, critical for privacy in evolving systems like healthcare.
September 20, 20253 min

The image presents an array of futuristic white and translucent blue mechanical components, appearing to connect or separate, with a vibrant blue light emanating from their central interface. These precisely engineered elements are positioned against a dark, blurred background, hinting at a complex, high-tech system in operation
A clear, geometric crystal, appearing as a nexus of light and fine wires, is centrally positioned. This structure sits atop a dark, intricate motherboard adorned with glowing blue circuit traces and binary code indicators

Briefing

Managing granular access rights and dynamic revocation in encrypted data systems, particularly for sensitive information like Electronic Health Records, remains a significant challenge for existing cryptographic schemes. This research introduces Inner-product Functional Encryption with Fine-grained Revocation (IPFE-FR), a new primitive that enables selective function computation over encrypted data while supporting precise revocation of access rights and ensuring forward security. This advancement fundamentally enhances data privacy and control for dynamic, multi-user environments, paving the way for more secure and adaptable blockchain architectures in sensitive data management.

A vibrant abstract composition showcases a central white arc and a large white sphere, surrounded by numerous smaller white and black spheres, vivid blue and clear crystalline fragments, and delicate black filaments. These elements are dynamically arranged, suggesting a complex system in motion with varying depths of field, creating a sense of depth and energetic interaction

Context

Traditional Public Key Encryption (PKE) offers all-or-nothing data access, which is too rigid for complex, multi-stakeholder systems. Attribute-Based Encryption (ABE) provides some access control but typically lacks the ability for fine-grained function-specific revocation and dynamic updates to keys or ciphertexts, leaving a critical gap in managing evolving access permissions over time.

A futuristic metallic cube showcases glowing blue internal structures and a central lens-like component with a spiraling blue core. The device features integrated translucent conduits and various metallic panels, suggesting a complex, functional mechanism

Analysis

The IPFE-FR scheme introduces a system where data is encrypted such that only specific mathematical functions can be computed on it by authorized users, without revealing the underlying data. Its core innovation lies in incorporating system version numbers into cryptographic keys and ciphertexts, enabling a group manager to revoke individual users’ function-specific access rights. When a revocation occurs, the system updates a global version number, and a cloud server, using a special update key, re-encrypts existing data to the new version. This ensures that previously issued keys for revoked users become invalid for both new and old data, providing forward security and preventing collusion by binding user and function keys.

A pristine, glossy white sphere floats centrally, surrounded by intricate, highly reflective blue and silver metallic structures. White, powdery snow-like particles are scattered across and nestled within these complex forms

Parameters

  • Core Concept → Inner-product Functional Encryption
  • New System → IPFE-FR Scheme
  • Security AssumptionLearning with Errors (LWE)
  • Key Authors → Yue Han, Jinguang Han, Liqun Chen, Chao Sun
  • Revocation Type → Fine-grained, Indirect
  • Security Properties → Forward Security, Collusion Resistance
  • Application Domain → Electronic Health Records (EHR)

The image presents a sophisticated composition featuring polished silver mechanical components, including bearings, rings, and interlocking gears, integrated with flowing and textured blue elements against a neutral grey background. A translucent blue, fluid-like form gracefully drapes over the metallic structure, culminating in a dense, granular blue mass on the right

Outlook

This IPFE-FR scheme establishes a robust foundation for secure and adaptable data sharing, particularly in regulated sectors like healthcare where stringent privacy and access control are paramount. Future research will likely focus on optimizing its efficiency by exploring alternative lattice-based assumptions, such as Ring Learning with Errors (RLWE), to reduce computational overhead. The scheme’s principles could also extend to other privacy-preserving computation paradigms, enabling dynamic access control in decentralized finance (DeFi) for confidential asset management or in supply chain logistics for selective data disclosure.

The image displays several blue and clear crystalline forms and rough blue rocks, arranged on a textured white surface resembling snow, with a white fabric draped over one rock. A reflective foreground mirrors the scene, set against a soft blue background

Verdict

The IPFE-FR scheme represents a pivotal advancement in cryptographic access control, offering unprecedented flexibility and security for dynamic data environments crucial to future decentralized applications.

Signal Acquired from → arxiv.org

Micro Crypto News Feeds

fine-grained revocation

Definition ∞ Fine-grained revocation allows for the precise removal of access rights to specific data or functionalities within a system.

access control

Definition ∞ Access control dictates who or what can view or use resources within a digital system.

forward security

Definition ∞ Forward security is a property of cryptographic systems ensuring that past session keys remain secure even if current or future long-term keys are compromised.

functional encryption

Definition ∞ Functional encryption is a cryptographic scheme that allows specific functions of encrypted data to be computed without decrypting the entire dataset.

learning with errors

Definition ∞ Learning with Errors (LWE) is a mathematical problem that forms the basis for several advanced cryptographic constructions, particularly in post-quantum cryptography.

collusion resistance

Definition ∞ Collusion Resistance is a property of a system where participants cannot conspire to achieve an outcome that benefits them unfairly at the expense of others.

dynamic access

Definition ∞ Dynamic access refers to a system where permissions to data or resources are adjusted in real-time based on changing conditions or user attributes.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

Tags:

Tags: