Ad Hoc Multi-Input Functional Encryption

Consider sources that supply sensitive data to an aggregator. Standard encryption only hides the data from eavesdroppers, but using specialized encryption one can hope to hide the data (to the extent possible) from the aggregator itself. For flexibility and security, we envision schemes that allow sources to supply encrypted data, such that at any point a dynamically-chosen subset of sources can allow an agreed-upon joint function of their data to be computed by the aggregator. A primitive called multi-input functional encryption (MIFE), due to Goldwasser et al. (EUROCRYPT 2014), comes close, but has two main limitations: – it requires trust in a third party, who is able to decrypt all the data, and – it requires function arity to be fixed at setup time and to be equal to the number of parties. To drop these limitations, we introduce a new notion of ad hoc MIFE. In our setting, each source generates its own public key and issues individual, function-specific secret keys to an aggregator. For successful decryption, an aggregator must obtain a separate key from each source whose ciphertext is being computed upon. The aggregator could obtain multiple such secret-keys from a user corresponding to functions of varying arity. For this primitive, we obtain the following results: – We show that standard MIFE for general functions can be bootstrapped to ad hoc MIFE for free, i.e. without making any additional assumption. – We provide a direct construction of ad hoc MIFE for the inner product functionality based on the Learning with Errors (LWE) assumption. This yields the first construction of this natural primitive based on a standard assumption. At a technical level, our results are obtained by combining standard MIFE schemes and two-round secure multiparty computation (MPC) protocols in novel ways highlighting an interesting interplay between MIFE and two-round MPC in the construction of non interactive primitives. ? Dept. of Computer Science and Engineering, IIT Madras. Email: shweta@iitm.ac.in ?? Dept. of Computer Science, Georgetown University. Email: mc2212@georgetown.edu ? ? ? Dept. of Computer Science, Georgetown University. Email: ophir@ir.cs.georgetown.edu † Dept. of EECS, University of California at Berkeley. Email: sanjamg@berkeley.edu ‡ Dept. of Computer Science, University of Massachusetts, Amherst. Email: amoneill@gmail.com § Dept. of Computer Science, Georgetown University. Email: Justin.Thaler@georgetown.edu 2 Authors Suppressed Due to Excessive Length

[1]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Sanjam Garg,et al.  The Exact Round Complexity of Secure Computation , 2016, EUROCRYPT.

[4]  Michael Clear,et al.  Multi-identity and Multi-key Leveled FHE from Learning with Errors , 2015, CRYPTO.

[5]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[6]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[7]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[8]  Zvika Brakerski,et al.  Perfect Secure Computation in Two Rounds , 2018, IACR Cryptol. ePrint Arch..

[9]  Nico Döttling,et al.  Identity-Based Encryption from the Diffie-Hellman Assumption , 2017, CRYPTO.

[10]  Phillip Rogaway,et al.  The Moral Character of Cryptographic Work , 2015, IACR Cryptol. ePrint Arch..

[11]  Yuval Ishai,et al.  Non-Interactive Multiparty Computation Without Correlated Randomness , 2017, ASIACRYPT.

[12]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[13]  Craig Gentry,et al.  Two-Round Secure MPC from Indistinguishability Obfuscation , 2014, TCC.

[14]  Ilan Komargodski,et al.  Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions , 2016, Journal of Cryptology.

[15]  Chris Peikert,et al.  Multi-key FHE from LWE, Revisited , 2016, TCC.

[16]  Brent Waters,et al.  Attribute-Based Encryption for Circuits from Multilinear Maps , 2012, CRYPTO.

[17]  Yuval Ishai,et al.  Secure Multiparty Computation with General Interaction Patterns , 2016, IACR Cryptol. ePrint Arch..

[18]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[19]  Sanjam Garg,et al.  Two-Round Multiparty Secure Computation Minimizing Public Key Operations , 2018, IACR Cryptol. ePrint Arch..

[20]  Hoeteck Wee,et al.  Multi-input Inner-Product Functional Encryption from Pairings , 2017, EUROCRYPT.

[21]  Sanjam Garg,et al.  When Does Functional Encryption Imply Obfuscation? , 2017, TCC.

[22]  Adam O'Neill,et al.  Definitional Issues in Functional Encryption , 2010, IACR Cryptol. ePrint Arch..

[23]  Sanjam Garg,et al.  Two-round Multiparty Secure Computation from Minimal Assumptions , 2018, IACR Cryptol. ePrint Arch..

[24]  Fabrice Benhamouda,et al.  k-Round Multiparty Computation from k-Round Oblivious Transfer via Garbled Interactive Circuits , 2018, EUROCRYPT.

[25]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[26]  David Pointcheval,et al.  Decentralized Multi-Client Functional Encryption for Inner Product , 2018, IACR Cryptol. ePrint Arch..

[27]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[28]  Elaine Shi,et al.  Constant-Round MPC with Fairness and Guarantee of Output Delivery , 2015, CRYPTO.

[29]  Daniel Wichs,et al.  Two Round Multiparty Computation via Multi-key FHE , 2016, EUROCRYPT.

[30]  Vinod Vaikuntanathan,et al.  Functional Encryption: New Perspectives and Lower Bounds , 2013, IACR Cryptol. ePrint Arch..

[31]  Damien Stehlé,et al.  Fully Secure Functional Encryption for Inner Products, from Standard Assumptions , 2016, CRYPTO.

[32]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[33]  Nir Bitansky,et al.  Indistinguishability Obfuscation from Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[34]  Amit Sahai,et al.  Functional Encryption: Decentralised and Delegatable , 2015, IACR Cryptol. ePrint Arch..

[35]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[36]  Abhishek Jain,et al.  Indistinguishability Obfuscation from Compact Functional Encryption , 2015, CRYPTO.

[37]  Sanjam Garg,et al.  Registration-Based Encryption: Removing Private-Key Generator from IBE , 2018, IACR Cryptol. ePrint Arch..

[38]  Sanjam Garg,et al.  Garbled Protocols and Two-Round MPC from Bilinear Maps , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[39]  Huijia Lin,et al.  Indistinguishability Obfuscation from SXDH on 5-Linear Maps and Locality-5 PRGs , 2017, CRYPTO.

[40]  Yuval Ishai,et al.  Two-Round MPC: Information-Theoretic and Black-Box , 2018, IACR Cryptol. ePrint Arch..

[41]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[42]  Anat Paskin-Cherniavsky,et al.  Non-Interactive Secure Multiparty Computation , 2014, IACR Cryptol. ePrint Arch..

[43]  Zvika Brakerski,et al.  Lattice-Based Fully Dynamic Multi-key FHE with Short Ciphertexts , 2016, CRYPTO.

[44]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[45]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[46]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[47]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[48]  Dario Fiore,et al.  Multi-Input Functional Encryption for Inner Products: Function-Hiding Realizations and Constructions without Pairings , 2018, IACR Cryptol. ePrint Arch..

[49]  Amit Sahai,et al.  Multi-input Functional Encryption for Unbounded Arity Functions , 2015, ASIACRYPT.

[50]  Angelo De Caro,et al.  Simple Functional Encryption Schemes for Inner Products , 2015, IACR Cryptol. ePrint Arch..

[51]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[52]  Vinod Vaikuntanathan,et al.  Functional Encryption for Inner Product Predicates from Learning with Errors , 2011, IACR Cryptol. ePrint Arch..

[53]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[54]  Sanjam Garg,et al.  Lower Bounds on Obfuscation from All-or-Nothing Encryption Primitives , 2017, CRYPTO.

[55]  Dario Fiore,et al.  Practical Functional Encryption for Quadratic Functions with Applications to Predicate Encryption , 2017, CRYPTO.

[56]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[57]  Brent Waters,et al.  Functional Encryption for Regular Languages , 2012, CRYPTO.