cryptographic function that changes with time?

Question

Is it possible to create a function that varies with time but is also useful when encrypting information that is meant to later be decrypted?

Or in other words, we have the function $T(t)$ where $t$ is the input and the output is a function $f(x)$ where $f$ is an encrypting function that takes $x$ as input, $x$ is the information we want to encrypt and the output of $f(x)$ is the encrypted information.

Is it possible to decrypt the output of $f(x)$ knowing function $T$ but not the input $t$ and $f(x)$?

By the way if it wasn't obvious already I’m far from knowledgeable about cryptography.

Answer 1

Normally we don't keep functions secret (Kerckhoffs principle). But let's assume that $T$ depends on a secret key $s$ and that we keep that secret. See $s$ as a rather large constant within $T$ if you must.

In that case we can use $T_s(t) = \operatorname{KDF}(s, t)$ to derive a secret $k$ that depends on the time. We can use $k$ as input of a key pair generation function $\operatorname{Gen}(k)$ that outputs a private key $sk$ and public key $pk$. If we choose Elliptic Curve cryptography we could just use $sk = k$ and then calculate $pk$ by multiplication with base point $g$, an efficient calculation.

So now the function $f(p)$ could simply be $\operatorname{Enc}_{pk}(p)$, giving $c$. The function $f'(c)$ would be $\operatorname{Dec}_{sk}(c)$. Here $p = x$ is the plaintext message and $c$ is of course the ciphertext. For Elliptic Curves the $\operatorname{Enc}$ and $\operatorname{Dec}$ functions would be provided by the ECIES encryption / decryption scheme.

---

So we now have an $sk$ that can only be created if $s$ and $t$ are known. The function $f(x)$ is simply encryption with a public key that can be published - you don't even need $t$. And you can only decrypt if you know $s$ and $t$: otherwise you would not be able to calculate $sk$ required for decryption.

Of course having $T$ both create $f$ and perform the decryption is not really possible. You need a function $T$ to create the key pair and a function $f'$ to decrypt.

Answer 2

If values of $t$ are never repeated for multiple encryptions, then the already standard concepts of nonce-based encryption and pseudorandom function family (PRF) can be used to construct such an encryption function, by:

1. Apply the PRF $F$ to compute a pseudorandom nonce $N = F_{K_1}(t)$. Because $F$ is a PRF, as long as the key $K_1$ is secret and chosen randomly, the output doesn't reveal $t$.
2. Apply the nonce-based encryption to the plaintext $P$ to compute $C = E^N_{K_2}(P)$. (Note that $K_2$ is a second secret random key, and independent from $K_1$.)
3. Output $(N, C)$ as the ciphertext. (Or some injective function of $N$ and $C$.)

To decrypt $(N, C)$, the recipient simply computes:

$$ P = D^N_{K_2}(C) $$

But note that the decryption doesn't need to know the value of the PRF key $K_1$. This is a hint that there's something subtly off with your idea: the output of the encryption is supposed to functionally depend on $t$ and yet not reveal its value. But this means we could in fact replace the computed nonce $N = F_{K_1}(t)$ with a randomly selected $N$ (chosen independently at random for each encryption call) and achieve the same effect—an encryption whose ciphertext depends on the time it was encrypted, but doesn't literally depend on the value $t$ of that time. We don't need to know the time, we just need to be able to generate random numbers (which was already a requirement for choosing the keys $K_1$ and $K_2$.)

See also: "What is the main difference between a key, an IV and a nonce?"