Functional encryption is a powerful paradigm for public-key encryption that allows for controlled access to encrypted data. Achieving the ideal simulation based security for this primitive is generally impossible in the plain model, so we investigate possibilities in the bounded quantum storage model (BQSM) and the bounded classical storage model (BCSM), where adversaries are limited with respect to their quantum and classical memories, respectively. The impossibility results on functional encryption do not apply to these settings which allows us to obtain positive outcomes. Firstly, in the BQSM, we construct non-interactive functional encryption satisfying information-theoretic simulation based security with ${q}=O(\sqrt{{s}/{r}})$. Here ${r}$ denotes the number of times that an adversary is restricted to ${s}$--qubits of quantum memory in the protocol and ${q}$ denotes the required quantum memory to run the protocol honestly. We then show that our scheme is optimal by proving that it is impossible to attain information-theoretically security with ${q} < \sqrt{{s}/{r}}$. However, by assuming the existence of one-way functions, we achieve (interactive) functional encryption with ${q}=0$ and ${r}=1$. Secondly, in the BCSM, we construct non-interactive functional encryption satisfying information-theoretic subexponential simulation based security assuming the existence of subexponential grey-box obfuscation. We then demonstrate that this assumption is minimal by constructing subexponential grey-box obfuscation from non-interactive functional encryption. We also consider the computational setting, obtaining (interactive) functional encryption satisfying simulation based security assuming grey-box obfuscation and one-way functions.

翻译：函数加密是公钥加密的一种强大范式，允许对加密数据进行受控访问。在普通模型中，实现该原语的理想模拟安全性通常是不可能的，因此我们研究了有界量子存储模型（BQSM）和有界经典存储模型（BCSM）中的可能性，其中对手分别受限于其量子存储和经典存储容量。函数加密的不可能性结果不适用于这些设置，从而使我们能够获得积极结果。首先，在BQSM中，我们构建了满足信息论模拟安全性的非交互式函数加密，其中 ${q}=O(\sqrt{{s}/{r}})$。此处 ${r}$ 表示对手在协议中受限于 ${s}$ 量子比特量子存储的次数，而 ${q}$ 表示诚实运行协议所需的量子存储量。我们进一步证明，当 ${q} < \sqrt{{s}/{r}}$ 时，无法实现信息论安全性，从而表明我们的方案是最优的。然而，通过假设单向函数的存在，我们实现了 ${q}=0$ 且 ${r}=1$ 的（交互式）函数加密。其次，在BCSM中，我们假设存在亚指数灰盒混淆，构建了满足信息论亚指数模拟安全性的非交互式函数加密。我们随后通过从非交互式函数加密构造亚指数灰盒混淆，证明了该假设是最小化的。我们还考虑了计算设置，在假设灰盒混淆和单向函数存在的前提下，获得了满足模拟安全性的（交互式）函数加密。