Functional encryption is a powerful paradigm for public-key encryption which allows for controlled access to encrypted data. This primitive is generally impossible in the standard setting so we investigate possibilities in the bounded quantum storage model (BQSM) and the bounded classical storage model (BCSM). In these models, ciphertexts potentially disappear which nullifies impossibility results and allows us to obtain positive outcomes. Firstly, in the BQSM, we construct information-theoretically secure functional encryption with $\texttt{q}=O(\sqrt{\texttt{s}/\texttt{r}})$ where $\texttt{r}$ can be set to any value less than $\texttt{s}$. Here $\texttt{r}$ denotes the number of times that an adversary is restricted to $\texttt{s}$--qubits of quantum memory in the protocol and $\texttt{q}$ denotes the required quantum memory to run the protocol honestly. We then show that our scheme is optimal by proving that it is impossible to attain information-theoretically secure functional encryption with $\texttt{q} < \sqrt{\texttt{s}/\texttt{r}}$. However, by assuming the existence of post-quantum one-way functions, we can do far better and achieve functional encryption with classical keys and with $\texttt{q}=0$ and $\texttt{r}=1$. Secondly, in the BCSM, we construct $(O(\texttt{n}),\texttt{n}^2)$ functional encryption assuming the existence of $(\texttt{n},\texttt{n}^2)$ virtual weak grey-box obfuscation. Here, the pair $(\texttt{n},\texttt{n}^2)$ indicates the required memory to run honestly and the needed memory to break security, respectively. This memory gap is optimal and the assumption is minimal. In particular, we also construct $(O(\texttt{n}),\texttt{n}^2)$ virtual weak grey-box obfuscation assuming $(\texttt{n},\texttt{n}^2)$ functional encryption.

翻译：函数加密是公钥加密中一种强大的范式，它允许对加密数据进行受控访问。由于这一原语在标准设定下通常不可实现，我们研究了有界量子存储模型（BQSM）和有界经典存储模型（BCSM）中的可能性。在这些模型中，密文可能消失，从而消除了不可实现的结果，并使我们能够获得正面结论。首先，在BQSM中，我们构造了信息论安全的函数加密，其中$\texttt{q}=O(\sqrt{\texttt{s}/\texttt{r}})$，且$\texttt{r}$可设置为小于$\texttt{s}$的任意值。这里$\texttt{r}$表示协议中攻击者被限制为$\texttt{s}$量子比特量子存储的次数，$\texttt{q}$表示诚实运行协议所需的量子存储。随后，我们证明该方案是最优的，因为若$\texttt{q} < \sqrt{\texttt{s}/\texttt{r}}$，则无法实现信息论安全的函数加密。然而，若假设存在后量子单向函数，我们可以做得更好，实现使用经典密钥且$\texttt{q}=0$、$\texttt{r}=1$的函数加密。其次，在BCSM中，我们假设存在$(\texttt{n},\texttt{n}^2)$虚拟弱灰盒混淆，构造了$(O(\texttt{n}),\texttt{n}^2)$函数加密。这里，配对$(\texttt{n},\texttt{n}^2)$分别表示诚实运行所需存储和破坏安全所需存储。这一存储差距是最优的，且该假设是最小的。特别地，我们还假设存在$(\texttt{n},\texttt{n}^2)$函数加密，构造了$(O(\texttt{n}),\texttt{n}^2)$虚拟弱灰盒混淆。