Data privacy is a ubiquitous concern. It is an issue that is
confronted by nearly every organization, from health care providers
and the payment card industry to web commerce sites. Protecting data
storage servers by securing the network perimeter is becoming
increasingly difficult given the number of attack vectors available
and trends toward distributed data storage. Consequently, several
enterprises are looking to realize access control by
encryption. Encrypting data reduces the problem of data privacy from
protecting all stored data to protecting small secret keys. While
current encryption systems provide a powerful security tool, there
exist fundamental limitations for realistic sharing of private
data. In particular, there is an inherent gap between how we want to
share data and our ability to express access policies in current
encryption systems.

In this talk I will present a new concept called "functional
encryption" that puts forth a new vision for how encryption systems
should work. In functional encryption, a data provider directly
expresses his data sharing policy during the encryption procedure
itself. Likewise, a recipient will be able to decrypt and access data
if and only if she possesses matching secret key credentials. By
allowing a provider to encrypt directly, and eliminating the need to
locate individual recipients, we can build much simpler systems. I
will describe the challenges in realizing functional encryption
systems as well as the techniques I have developed to overcome
them. In addition, I will discuss work in bringing these methods to
practice.