Abstract
Functional Encryption (FE) is the most recent cryptographic primitive proposed by the cryptographic community to meet the need for confidentiality when computing sensitive data. In contrast to Fully Homomorphic Encryption (FHE ), FE allows the calculator on encrypted inputs to directly obtain the evaluation of a function in the clear, and accessible functions remain under the control of the data owner(s). Unlike secure multiparty computation, no interaction is required between the different parties, enabling totally asynchronous computations.
In this talk, we will first present the origin of this primitive, with "single-user" functional encryption, where the data of a single entity is encrypted. A few examples will illustrate the interests of FE, but also its limitations, as well as the inherent limits of secure computations in general. Next, we'll look at a number of extensions, including multi-client functional encryption, which enables several entities, who do not trust each other in any way, to pool sensitive data to authorize aggregations (and in particular partial sums or weighted averages).
We conclude with applications to machine learning, and in particular to confidential classification. We'll then see how important it is to identify precisely what we expect as the result of a confidential calculation, but above all what we wish to protect.
