Multi-Client Functional Encryption for Linear Functions in the Standard Model from LWE

Multi-client functional encryption (MCFE) allows \(\ell \) clients to encrypt ciphertexts \((\mathbf {C}_{t,1},\mathbf {C}_{t,2},\ldots ,\mathbf {C}_{t,\ell })\) under some label. Each client can encrypt his own data \(X_i\) for a label t using a private encryption key \(\mathsf {ek}_i\) issued by a trusted authority in such a way that, as long as all \(\mathbf {C}_{t,i}\) share the same label t, an evaluator endowed with a functional key \(\mathsf {dk}_f\) can evaluate \(f(X_1,X_2,\ldots ,X_\ell )\) without learning anything else on the underlying plaintexts \(X_i\). Functional decryption keys can be derived by the central authority using the master secret key. Under the Decision Diffie-Hellman assumption, Chotard et al. (Asiacrypt 2018) recently described an adaptively secure MCFE scheme for the evaluation of linear functions over the integers. They also gave a decentralized variant (DMCFE) of their scheme which does not rely on a centralized authority, but rather allows encryptors to issue functional secret keys in a distributed manner. While efficient, their constructions both rely on random oracles in their security analysis. In this paper, we build a standard-model MCFE scheme for the same functionality and prove it fully secure under adaptive corruptions. Our proof relies on the Learning-With-Errors (\(\mathsf {LWE}\)) assumption and does not require the random oracle model. We also provide a decentralized variant of our scheme, which we prove secure in the static corruption setting (but for adaptively chosen messages) under the \(\mathsf {LWE}\) assumption.

[1]  Tatsuaki Okamoto,et al.  Full-Hiding (Unbounded) Multi-Input Inner Product Functional Encryption from the k-Linear Assumption , 2018, IACR Cryptol. ePrint Arch..

[2]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[3]  Yael Tauman Kalai,et al.  Robustness of the Learning with Errors Assumption , 2010, ICS.

[4]  Yevgeniy Dodis,et al.  Exposure-resilient cryptography , 2000 .

[5]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[6]  Vinod Vaikuntanathan,et al.  Functional Encryption with Bounded Collusions via Multi-party Computation , 2012, CRYPTO.

[7]  Damien Stehlé,et al.  Fully Secure Functional Encryption for Inner Products, from Standard Assumptions , 2016, CRYPTO.

[8]  Abhishek Banerjee,et al.  Pseudorandom Functions and Lattices , 2012, EUROCRYPT.

[9]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[10]  Vinod Vaikuntanathan,et al.  Functional Encryption for Inner Product Predicates from Learning with Errors , 2011, IACR Cryptol. ePrint Arch..

[11]  Tibor Jager,et al.  Verifiable Random Functions from Weaker Assumptions , 2015, TCC.

[12]  Elaine Shi,et al.  Privacy-Preserving Stream Aggregation with Fault Tolerance , 2012, Financial Cryptography.

[13]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[14]  Yael Tauman Kalai,et al.  How to Run Turing Machines on Encrypted Data , 2013, CRYPTO.

[15]  Hoeteck Wee,et al.  Multi-input Inner-Product Functional Encryption from Pairings , 2017, EUROCRYPT.

[16]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[17]  Ilan Komargodski,et al.  Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions , 2016, Journal of Cryptology.

[18]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[19]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[20]  Dan Boneh,et al.  Key Homomorphic PRFs and Their Applications , 2013, CRYPTO.

[21]  Huijia Lin,et al.  Indistinguishability Obfuscation from SXDH on 5-Linear Maps and Locality-5 PRGs , 2017, CRYPTO.

[22]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[23]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[24]  David Pointcheval,et al.  Multi-Client Functional Encryption with Repetition for Inner Product , 2018, IACR Cryptol. ePrint Arch..

[25]  Stephan Krenn,et al.  Learning with Rounding, Revisited: New Reduction, Properties and Applications , 2013, IACR Cryptol. ePrint Arch..

[26]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[27]  Marc Joye,et al.  A Scalable Scheme for Privacy-Preserving Aggregation of Time-Series Data , 2013, Financial Cryptography.

[28]  Angelo De Caro,et al.  Simple Functional Encryption Schemes for Inner Products , 2015, IACR Cryptol. ePrint Arch..

[29]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[30]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[31]  Ron Steinfeld,et al.  All-But-Many Lossy Trapdoor Functions and Selective Opening Chosen-Ciphertext Security from LWE , 2017, CRYPTO.

[32]  Hoeteck Wee,et al.  Dual System Encryption via Predicate Encodings , 2014, TCC.

[33]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[34]  Abhishek Banerjee,et al.  New and Improved Key-Homomorphic Pseudorandom Functions , 2014, CRYPTO.

[35]  David Pointcheval,et al.  Decentralized Multi-Client Functional Encryption for Inner Product , 2018, IACR Cryptol. ePrint Arch..

[36]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[37]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[38]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[39]  Marc Joye,et al.  A New Framework for Privacy-Preserving Aggregation of Time-Series Data , 2016, TSEC.

[40]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[41]  Amit Sahai,et al.  Worry-free encryption: functional encryption with public keys , 2010, CCS '10.

[42]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[43]  Brent Waters,et al.  Functional Encryption for Regular Languages , 2012, CRYPTO.

[44]  Damien Stehlé,et al.  Adaptively Secure Distributed PRFs from LWE\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\textsf {LWE}$$\end{documen , 2018, Journal of Cryptology.

[45]  Alon Rosen,et al.  Functional Encryption for Bounded Collusions, Revisited , 2017, TCC.

[46]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[47]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[48]  Fabrice Benhamouda,et al.  CCA-Secure Inner-Product Functional Encryption from Projective Hash Functions , 2017, IACR Cryptol. ePrint Arch..

[49]  Fabrice Benhamouda,et al.  From Single-Input to Multi-Client Inner-Product Functional Encryption , 2019, IACR Cryptol. ePrint Arch..

[50]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[51]  Dario Fiore,et al.  Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings , 2018, IACR Cryptol. ePrint Arch..

[52]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[53]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[54]  Jacob C. N. Schuldt,et al.  On the Impossibility of Constructing Efficient Key Encapsulation and Programmable Hash Functions in Prime Order Groups , 2012, CRYPTO.

[55]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[56]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[57]  Kenneth G. Paterson,et al.  Programmable Hash Functions in the Multilinear Setting , 2013, CRYPTO.

[58]  Shota Yamada,et al.  Asymptotically Compact Adaptively Secure Lattice IBEs and Verifiable Random Functions via Generalized Partitioning Techniques , 2017, CRYPTO.

[59]  Dario Fiore,et al.  Practical Functional Encryption for Quadratic Functions with Applications to Predicate Encryption , 2017, CRYPTO.

[60]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[61]  Damien Stehlé,et al.  Adaptively Secure Distributed PRFs from \mathsf LWE , 2018, TCC.

[62]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[63]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[64]  Markulf Kohlweiss,et al.  Decentralizing Inner-Product Functional Encryption , 2019, IACR Cryptol. ePrint Arch..

[65]  Amit Sahai,et al.  Functional Encryption: Decentralised and Delegatable , 2015, IACR Cryptol. ePrint Arch..

[66]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[67]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.