From Single-Input to Multi-client Inner-Product Functional Encryption

Abdalla, Michel; Benhamouda, Fabrice; Gay, Romain

doi:10.1007/978-3-030-34618-8_19

Cited by 43 publications

(72 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Appendix A, we show that a variant of the compiler of [2, Section 4.2] is secure in the standard model. Recently, Abdalla et al [1] independently obtained a similar result. While their PRF-based compiler [1] can rely on any PRF, we obtain a tighter reduction using a specific PRF described in [56].…”

Section: We Say That An Mcfe Scheme Provides 1ch-ind Security If Formentioning

confidence: 66%

“…Recently, Abdalla et al [1] independently obtained a similar result. While their PRF-based compiler [1] can rely on any PRF, we obtain a tighter reduction using a specific PRF described in [56]. Chotard et al [29] additionally show how to enable repetitions by allowing multiple encryption queries for the same pair (i, t).…”

Section: We Say That An Mcfe Scheme Provides 1ch-ind Security If Formentioning

confidence: 66%

“…Our compiler relies on pseudorandom functions satisfying a specific security definition in the multi-instance setting. The concurrent work of Abdalla et al [1] achieves a similar result using any PRF satisfying a standard security definition.…”

Section: Decentralized Functional Encryptionmentioning

confidence: 80%

“…As it turns out, neither [2,29] implies MCFE with labels in the standard model from LWE (nor any standard assumption), even for the security definition of [28]. In a concurrent and independent work [1], Abdalla et al provide a solution to this problem via a generic construction of labeled MCFE from single-input IPFE schemes evaluating modular inner products. While their construction satisfies a stronger security notion than ours (which allows multiple encryption queries for the same slot-label pair), their scheme of [1,Section 3] requires longer ciphertext than ours as each slot takes a full IPFE ciphertext of linear size in if is the number of slots.…”

Section: Decentralized Functional Encryptionmentioning

confidence: 99%

“…Game 0 : This is the real security game. We denote by t the tag of the challenge phase while t (1) , . .…”

Section: Securitymentioning

confidence: 99%

See 4 more Smart Citations

Multi-Client Functional Encryption for Linear Functions in the Standard Model from LWE

Libert

Titiu

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Multi-client functional encryption (MCFE) allows clients to encrypt ciphertexts (Ct,1, Ct,2, . . . , C t, ) under some label. Each client can encrypt his own data Xi for a label t using a private encryption key eki issued by a trusted authority in such a way that, as long as all Ct,i share the same label t, an evaluator endowed with a functional key dk f can evaluate f (X1, X2, . . . , X ) without learning anything else on the underlying plaintexts Xi. Functional decryption keys can be derived by the central authority using the master secret key. Under the Decision Diffie-Hellman assumption, Chotard et al. (Asiacrypt 2018) recently described an adaptively secure MCFE scheme for the evaluation of linear functions over the integers. They also gave a decentralized variant (DMCFE) of their scheme which does not rely on a centralized authority, but rather allows encryptors to issue functional secret keys in a distributed manner. While efficient, their constructions both rely on random oracles in their security analysis. In this paper, we build a standard-model MCFE scheme for the same functionality and prove it fully secure under adaptive corruptions. Our proof relies on the Learning-With-Errors (LWE) assumption and does not require the random oracle model. We also provide a decentralized variant of our scheme, which we prove secure in the static corruption setting (but for adaptively chosen messages) under the LWE assumption.

show abstract

Section: We Say That An Mcfe Scheme Provides 1ch-ind Security If Formentioning

confidence: 66%

Section: We Say That An Mcfe Scheme Provides 1ch-ind Security If Formentioning

confidence: 66%

Section: Decentralized Functional Encryptionmentioning

confidence: 80%

Section: Decentralized Functional Encryptionmentioning

confidence: 99%

“…Game 0 : This is the real security game. We denote by t the tag of the challenge phase while t (1) , . .…”

Section: Securitymentioning

confidence: 99%

See 3 more Smart Citations

Multi-Client Functional Encryption for Linear Functions in the Standard Model from LWE

Libert

Titiu

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Functional Encryption for Attribute-Weighted Sums from k-Lin

Abdalla¹,

Gong

Wee

2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We present functional encryption schemes for attribute-weighted sums, where encryption takes as input N attribute-value pairs (x i , z i ) where x i is public and z i is private; secret keys are associated with arithmetic branching programs f , and decryption returns the weighted sum N i =1 f (x i )z i while leaking no additional information about the z i 's. Our main construction achieves (1) compact public parameters and key sizes that are independent of N and the secret key can decrypt a ciphertext for any a-priori unbounded N ;(2) short ciphertexts that grow with N and the size of z i but not x i ;(3) simulation-based security against unbounded collusions; (4) relies on the standard k-linear assumption in prime-order bilinear groups.

show abstract

Dynamic Decentralized Functional Encryption

Chotard

Dufour-Sans

Gay

et al. 2020

Advances in Cryptology – CRYPTO 2020

Self Cite

View full text Add to dashboard Cite

We introduce Dynamic Decentralized Functional Encryption (DDFE), a generalization of Functional Encryption which allows multiple users to join the system dynamically, without relying on a trusted third party or on expensive and interactive Multi-Party Computation protocols. This notion subsumes existing multi-user extensions of Functional Encryption, such as Multi-Input, Multi-Client, and Ad Hoc Multi-Input Functional Encryption. We define and construct schemes for various functionalities which serve as building-blocks for latter primitives and may be useful in their own right, such as a scheme for dynamically computing sums in any Abelian group. These constructions build upon simple primitives in a modular way, and have instantiations from well-studied assumptions, such as DDH or LWE. Our constructions culminate in an Inner-Product scheme for computing weighted sums on aggregated encrypted data, from standard assumptions in prime-order groups in the Random Oracle Model.

show abstract

From Single-Input to Multi-client Inner-Product Functional Encryption

Cited by 43 publications

References 14 publications

Multi-Client Functional Encryption for Linear Functions in the Standard Model from LWE

Multi-Client Functional Encryption for Linear Functions in the Standard Model from LWE

Functional Encryption for Attribute-Weighted Sums from k-Lin

Dynamic Decentralized Functional Encryption

Contact Info

Product

Resources

About