Researchers are touting an innovative cryptography method they've developed called "functional encryption," which though largely untested in the real world, one day could have an impact on how enterprise data is encrypted, stored and decrypted.
UCLA associate professor Amit Sahai, who has worked with UCLA computer-science alumnus Brent Waters on functional encryption for three years, says the technology lets an individual encrypt data in a way that lets people decrypt it only if they have the right "attributes."
"The mathematical system will produce an encrypted record that only people matching the criteria can decrypt," says Sahai, who recently published a paper on functional encryption with Waters that was presented at last week's Eurocrypt Conference. "To do this, you get a personalized key that expresses your attributes bound up in one key."
In an enterprise environment, the attributes bound up in users' encryption keys might be associated with just a name or also with the jobs they do that require restricted access to scrambled data in business, government or a university. "There could be a one-way decryption function used in many ways in both custom or Web applications, for example," Sahai says Each personalized key, expressing the security attributes of what that person is permitted to view, would unlock only the appropriate encrypted data and nothing else.
A user's key would be able to decrypt scrambled data because the data, always stored in encrypted form, would recognize through a mathematical process the people holding the right key with the appropriate attribute associated with that data. "It's through all this math packed into the message that the reader is recognized," says Sahai, who says functional encryption makes use of elliptic-curve encryption, which is seen as computationally efficient.
Sahai says the hope is that the work he and his colleagues have done will one day improve server-based security. "We really want to make it so the server has no idea what it's holding," he says. "Instead, we want to make sure the right people get the data, and this is through the mathematics itself."
Although Sahai says his technology can't properly be called digital-rights management, he says it could be viewed as a type of "privacy-rights management" based on the concept of a system public key. The challenge of devising a tool for functional encryption is not just the complex math but also making sure the system can withstand so-called "collusion attacks" to undermine its integrity, Sahai says.
Earlier versions of a functional-encryption software tool were made public in the past at UCLA, and Sahai says he will soon make available a new version of the functional encryption tool for review so experts can test its efficacy.
The paper will also be published in a forthcoming edition of the Journal of Cryptography. UCLA says the research into functional encryption has been funded in part by the National Science Foundation, the US Army Research Office and the US Dept of Homeland Security.