Private Functional Signatures: Definition and Construction

Abstract

In this paper, we introduce a new cryptographic primitive: private functional signatures, where functional signing keys skf for functions f derived from master signing key msk which can be used to sign any message, allow one to sign any message in the range of the underlying function f. Besides, there is an encryption algorithm which takes as input the master secret key msk to produce a ciphertext cx for message x. And the signing algorithm applies a signing key skf on the ciphertext cx to produce a signature σf(x) on the result f(x). We also formalize the security notions of private functional signatures. Furthermore, we provide a general compiler from any (single-key) symmetric-key predicate encryption scheme into a single-key private functional signature scheme. By instantiating our construction with schemes for symmetric-key predicate encryption, we obtain private functional signature schemes based on a variety of assumptions (including the LWE assumption, simple multilinear-maps assumptions, obfuscation assumptions, and even the existence of any one-way function) offering various trade-offs between security and efficiency.