Functional Encryption
Why we need it?

With the shift of mentality to outsourcing data storage on external cloud infrastructures, the need has emerged for privacy preserving computations and fine-grained access control. Functional encryption offers an attractive alternative to traditional public key encryption techniques that lack the expressiveness to address either of these issues, as the decryption keys provide full visibility of the encrypted data to the users who own the key. Over the last few years, functional encryption has therefore attracted the attention of the scientific community.

The ASCLEPIOS FE-enabled analytics solution leverages functional encryption to offer commonly used functions on healthcare data. Its focus lies in providing mechanisms for healthcare providers to perform common computations over available data to support real-world needs, e.g. computations over the medical examinations of a specific patient over time and computation of aggregate information regarding patients that share a condition or some characteristics. The ASCLEPIOS FE services provide statistical computations adaptable to the data and operations of healthcare providers but do so in a way that allows users to learn the result of a function over encrypted data, without learning anything else about the data, thus without revealing any additional information.

How does it work?

In ASCLEPIOS we use a symmetric multi-input functional encryption scheme that allows the computation of functions over encrypted data coming from different stakeholders, i.e. encrypted also with different keys. To give a more high-level view of the way the services operate, it is useful to think first of the entities that interact during the application of functional encryption computations:

  • Data owners, i.e. stakeholders that provide the data on which the functions are applied. Depending on the nature of the data, where they reside and who performs their encryption (and upload), the data owner may be a healthcare organisation, a physician, a patient or any other ASCLEPIOS user.
  • Analysts, i.e. ASCLEPIOS users who need to obtain a computation on the data provided by other users, but without accessing the actual data.

These are the human actors whose interactions invoke, explicitly or implicitly, requests and interactions of the underlying FE services:

  • The Trusted Authority, i.e. a software responsible for the generation and retrieval of the keys
  • The Evaluator, i.e. a software responsible for calculating the function result using the ciphertext(s) and the functional encryption key.
  • The API Server, i.e. a software responsible for handling the requests through which encrypted data are uploaded and functional encryption services are invoked.

The encryption, decryption and key generation functionalities are implemented in C++. Flask, a lightweight Python web application framework, is used to implement the RESTful API.

Photo by Markus Spiske on Unsplash