Functional encryption using Intel SGX
Dhinakaran Vinayagamurthy came to MIT to discuss Iron, a system that does functional encryption using Intel SGX. I’ll give you an overview of their work, but for more details, I refer you to their paper.
The main application of their work is to do secure computation on genomics data. More specifically, they want to answer to questions. First, how do we decide whether a function f should be permitted to operate on the data? Second, how do we ensure “with minimal effort” that only f(data) is released? This is a classic scenario to use functional encryption.
Functional encryption is a generalization of public-key encryption where a decryptor, possessing a secret key, learns only a function of the encrypted data. Currently, there are many specific protocols for special functions, but a general purpose pure cryptographic solution has too much overhead.
Can we build an efficient and general-purpose FE from a plausible assumption?
Their contributions are the following:
- Design a functional encryption construction in a secure hardware model.
- Build the system Iron instantiated using Intel SGX & evaluate Iron.
- Provide two security models for SIM secure FE-using-HW.
The protocol is pretty involved, but here I will give you a high-level overview of the most important function, decryption.
They evaluated their system, and single decryptions for various functions, such as IBE and simple linear regression, take between 18–190 ms. These functions amortized over 1000 runs take between 0.39-140 ms per decryption. For a more detailed evaluation, I refer you to the paper.
This is an interesting piece of work on trying to make functional encryption more practical. Of course, we need to trust the CPU (Intel SGX) in order to achieve these performance improvements, which might be a reasonable tradeoff to have practical functional encryption.
