Functional encryption is a powerful paradigm for public-key encryption that allows for controlled access to encrypted data. Achieving the ideal simulation based security for this primitive is generally impossible in the plain model, so we investigate possibilities in the bounded quantum storage model (BQSM) and the bounded classical storage model (BCSM), where adversaries are limited with respect to their quantum and classical memories, respectively. The impossibility results on functional encryption do not apply to these settings which allows us to obtain positive outcomes. Firstly, in the BQSM, we construct non-interactive functional encryption satisfying information-theoretic simulation based security with ${q}=O(\sqrt{{s}/{r}})$. Here ${r}$ denotes the number of times that an adversary is restricted to ${s}$--qubits of quantum memory in the protocol and ${q}$ denotes the required quantum memory to run the protocol honestly. We then show that our scheme is optimal by proving that it is impossible to attain information-theoretically security with ${q} < \sqrt{{s}/{r}}$. However, by assuming the existence of one-way functions, we achieve (interactive) functional encryption with ${q}=0$ and ${r}=1$. Secondly, in the BCSM, we construct non-interactive functional encryption satisfying information-theoretic subexponential simulation based security assuming the existence of subexponential grey-box obfuscation. We then demonstrate that this assumption is minimal by constructing subexponential grey-box obfuscation from non-interactive functional encryption. We also consider the computational setting, obtaining (interactive) functional encryption satisfying simulation based security assuming grey-box obfuscation and one-way functions.

翻译：功能性加密是一种强大的公钥加密范式，允许对加密数据进行受控访问。在普通模型中实现该原语的理想仿真安全性通常是不可能的，因此我们研究了有界量子存储模型（BQSM）和有界经典存储模型（BCSM）中的可能性，其中对手分别受到量子存储和经典存储的限制。功能性加密的不可能性结果不适用于这些设置，从而使我们能够获得积极成果。首先，在BQSM中，我们构造了满足基于信息论仿真安全性且满足 ${q}=O(\sqrt{{s}/{r}})$ 的非交互式功能性加密。这里 ${r}$ 表示对手在协议中被限制为 ${s}$ 量子比特量子存储的次数，${q}$ 表示诚实运行协议所需的量子存储量。随后，我们通过证明当 ${q} < \sqrt{{s}/{r}}$ 时无法实现信息论安全性，表明我们的方案是最优的。然而，假设单向函数存在，我们实现了满足 ${q}=0$ 且 ${r}=1$ 的（交互式）功能性加密。其次，在BCSM中，我们构造了满足基于信息论次指数仿真安全性的非交互式功能性加密，其安全性依赖于次指数灰盒混淆的存在性。随后，我们通过从非交互式功能性加密构造次指数灰盒混淆，证明了该假设是最小化的。我们还考虑了计算设置，假设存在灰盒混淆和单向函数，得到了满足基于仿真安全性的（交互式）功能性加密。