Increasingly, both personal and enterprise data are being stored at third-party locations, outside of the data owner's control. A company might directly outsource its data storage by using a backup service such as Amazon's S3 application. In other cases, outsourcing is a by-product of a larger service; for example, several corporations use Salesforce to manage their customer relations and sales data. Outsourcing data storage offers several benefits: storage costs can be amortized by a third-party over several customers, a third party can store data at different geographic locations for robustness, and integration with larger application services becomes easier. One can imagine a not too distant future where most computation and storage is realized in a network "cloud". In order to protect data stored at third party services we will need to encrypt it.
Unfortunately, traditional encryption systems are insufficient for these applications. Solving this problem requires an entirely new way of encrypting data. To see this, recall that in traditional public key encryption a party encrypts data to a single known user. While this functionality is useful for applications such as encrypted email and establishing secure web sessions, it lacks the expressiveness needed for more advanced data sharing. In enterprise settings, a party will want to share data with groups of users based on their credentials. Often a party sharing data will not know which individual users will need to have access to it; moreover, some users will not even exist in the system at the time the data is encrypted. For example, a traveling sales representative might want to encrypt records so that any current or future manager in the personal electronics division can access them.
The proposed research is laying the foundations for an entirely different vision for encryption called Functional Encryption. Instead of encrypting to individual users, in a functional encryption system, one can embed any access predicate f() into the ciphertext itself. Functional encryption simultaneously renders completely general functionality and its data access is self-enforcing --- requiring no trusted mediator. The PI aims to create a system where the encrypting party can specify any access predicate over a recipient's credentials (i.e. f can be any Turing Machine). Functional encryption for any predicate opens up a world of possibilities for data sharing; one could encrypt an image such that the access function f encoded an image recognition program allowing only people in the picture to view it.
In addition to broadening our view of public key cryptography, the PI will explore fundamental problems in public key encryption. One direction is to attempt to build chosen ciphertext secure encryption from standard public key encryption. Finally, the PI will explore the foundations of building public key cryptography.
