Functional encryption

More precisely, a functional encryption scheme for a given functionality ${\displaystyle f}$ consists of the following four algorithms:

• ${\displaystyle ({\text{pk}},{\text{msk}})\leftarrow {\textsf {Setup}}(1^{\lambda })}$: creates a public key ${\displaystyle {\text{pk}}}$ and a master secret key ${\displaystyle {\text{msk}}}$.
• ${\displaystyle {\text{sk}}\leftarrow {\textsf {Keygen}}({\text{msk}},f)}$: uses the master secret key to generate a new secret key ${\displaystyle {\text{sk}}}$ for the function ${\displaystyle f}$.
• ${\displaystyle c\leftarrow {\textsf {Enc}}({\text{pk}},x)}$: uses the public key to encrypt a message ${\displaystyle x}$.
• ${\displaystyle y\leftarrow {\textsf {Dec}}({\text{sk}},c)}$: uses secret key to calculate ${\displaystyle y=f(x)}$ where ${\displaystyle x}$ is the value that ${\displaystyle c}$ encrypts.

The security of FE requires that any information an adversary learns from an encryption of ${\displaystyle x}$ is revealed by ${\displaystyle f(x)}$. Formally, this is defined by simulation.^[1]