Advertisement

Multi-Client Functional Encryption for Linear Functions in the Standard Model from LWE

  • Benoît LibertEmail author
  • Radu Ţiţiu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11923)

Abstract

Multi-client functional encryption (MCFE) allows \(\ell \) clients to encrypt ciphertexts \((\mathbf {C}_{t,1},\mathbf {C}_{t,2},\ldots ,\mathbf {C}_{t,\ell })\) under some label. Each client can encrypt his own data \(X_i\) for a label t using a private encryption key \(\mathsf {ek}_i\) issued by a trusted authority in such a way that, as long as all \(\mathbf {C}_{t,i}\) share the same label t, an evaluator endowed with a functional key \(\mathsf {dk}_f\) can evaluate \(f(X_1,X_2,\ldots ,X_\ell )\) without learning anything else on the underlying plaintexts \(X_i\). Functional decryption keys can be derived by the central authority using the master secret key. Under the Decision Diffie-Hellman assumption, Chotard et al. (Asiacrypt 2018) recently described an adaptively secure MCFE scheme for the evaluation of linear functions over the integers. They also gave a decentralized variant (DMCFE) of their scheme which does not rely on a centralized authority, but rather allows encryptors to issue functional secret keys in a distributed manner. While efficient, their constructions both rely on random oracles in their security analysis. In this paper, we build a standard-model MCFE scheme for the same functionality and prove it fully secure under adaptive corruptions. Our proof relies on the Learning-With-Errors (\(\mathsf {LWE}\)) assumption and does not require the random oracle model. We also provide a decentralized variant of our scheme, which we prove secure in the static corruption setting (but for adaptively chosen messages) under the \(\mathsf {LWE}\) assumption.

Keywords

Multi-client functional encryption Inner product evaluation \(\mathsf {LWE}\) Standard model Decentralization 

Notes

Acknowledgements

Part of this work was funded by the French ANR ALAMBIC project (ANR-16-CE39-0006) and by BPI-France in the context of the national project RISQ (P141580). This work was also supported by the European Union PROMETHEUS project (Horizon 2020 Research and Innovation Program, grant 780701).

References

  1. 1.
    Abdalla, M., Benhamouda, F., Gay, R.: From single-input to multi-client inner product functional encryption. In: Galbraith, S., Moriai, S. (eds.) ASIACRYPT 2019, LNCS, vol. 11923, pp. 552–582. Springer, Heidelberg (2019)Google Scholar
  2. 2.
    Abdalla, M., Benhamouda, F., Kohlweiss, M., Waldner, H.: Decentralizing inner-product functional encryption. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 128–157. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-17259-6_5CrossRefGoogle Scholar
  3. 3.
    Abdalla, M., Bourse, F., De Caro, A., Pointcheval, D.: Simple functional encryption schemes for inner products. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 733–751. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_33CrossRefGoogle Scholar
  4. 4.
    Abdalla, M., Catalano, D., Fiore, D., Gay, R., Ursu, B.: Multi-input functional encryption for inner products: function-hiding realizations and constructions without pairings. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 597–627. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96884-1_20CrossRefGoogle Scholar
  5. 5.
    Abdalla, M., Gay, R., Raykova, M., Wee, H.: Multi-input inner-product functional encryption from pairings. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 601–626. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_21CrossRefGoogle Scholar
  6. 6.
    Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_28CrossRefzbMATHGoogle Scholar
  7. 7.
    Agrawal, S., Freeman, D.M., Vaikuntanathan, V.: Functional encryption for inner product predicates from learning with errors. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 21–40. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_2CrossRefGoogle Scholar
  8. 8.
    Agrawal, S., Libert, B., Stehlé, D.: Fully secure functional encryption for inner products, from standard assumptions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 333–362. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53015-3_12CrossRefGoogle Scholar
  9. 9.
    Agrawal, S., Rosen, A.: Functional encryption for bounded collusions, revisited. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 173–205. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70500-2_7CrossRefGoogle Scholar
  10. 10.
    Baltico, C., Catalano, D., Fiore, D., Gay, R.: Practical functional encryption for quadratic functions with applications to predicate encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 67–98. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_3CrossRefGoogle Scholar
  11. 11.
    Banerjee, A., Peikert, C.: New and improved key-homomorphic pseudorandom functions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 353–370. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_20CrossRefGoogle Scholar
  12. 12.
    Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_42CrossRefGoogle Scholar
  13. 13.
    Benhamouda, F., Bourse, F., Lipmaa, H.: CCA-secure inner-product functional encryption from projective hash functions. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 36–66. Springer, Heidelberg (2017).  https://doi.org/10.1007/978-3-662-54388-7_2CrossRefGoogle Scholar
  14. 14.
    Benhamouda, F., Joye, M., Libert, B.: A framework for privacy-preserving aggregation of time-series data. ACM Trans. Inf. Syst. Secur. (ACM-TISSEC) 18(3), 10:1–10:21 (2016)Google Scholar
  15. 15.
    Boneh, D., Boyen, X.: Secure identity based encryption without random oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_27CrossRefGoogle Scholar
  16. 16.
    Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_30CrossRefGoogle Scholar
  17. 17.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_13CrossRefGoogle Scholar
  18. 18.
    Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_23CrossRefGoogle Scholar
  19. 19.
    Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19571-6_16CrossRefGoogle Scholar
  20. 20.
    Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-70936-7_29CrossRefGoogle Scholar
  21. 21.
    Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 480–499. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_27CrossRefGoogle Scholar
  22. 22.
    Brakerski, Z., Komargodski, I., Segev, G.: Multi-input functional encryption in the private-key setting: stronger security from weaker assumptions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 852–880. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_30CrossRefzbMATHGoogle Scholar
  23. 23.
    Chan, T., Shi, E., Song, D.: Privacy-preserving stream aggregation with fault tolerance. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 200–214. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32946-3_15CrossRefGoogle Scholar
  24. 24.
    Chandran, N., Goyal, V., Jain, A., Sahai, A.: Functional encryption: decentralised and delegatable. Cryptology ePrint Archive: Report 2015/1017Google Scholar
  25. 25.
    Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-70936-7_28CrossRefGoogle Scholar
  26. 26.
    Chase, M., Chow, S.: Improving privacy and security in multi-authority attribute-based encryption. In: ACM-CCS (2009)Google Scholar
  27. 27.
    Chotard, J., Dufour Sans, E., Gay, R., Phan, D.-H., Pointcheval, D.: Decentralized multi-client functional encryption for inner product. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 703–732. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-03329-3_24CrossRefGoogle Scholar
  28. 28.
    Chotard, J., Dufour Sans, E., Gay, R., Phan, D.-H., Pointcheval, D.: Multi-client functional encryption with repetition for inner product. Cryptology ePrint Archive: Report 2018/1021 (2018)Google Scholar
  29. 29.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45325-3_32CrossRefGoogle Scholar
  30. 30.
    Datta, P., Okamoto, T., Tomida, J.: Full-hiding (Unbounded) multi-input inner product functional encryption from the k-linear assumption. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10770, pp. 245–277. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-76581-5_9CrossRefGoogle Scholar
  31. 31.
    Dodis, Y.: Exposure-resilient cryptography. Ph.D. thesis, MIT (2000)Google Scholar
  32. 32.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_40CrossRefGoogle Scholar
  33. 33.
    Freire, E., Hofheinz, D., Paterson, K., Striecks, C.: Programmable hash functions in the multilinear setting. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 513–530. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_28CrossRefzbMATHGoogle Scholar
  34. 34.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS (2013)Google Scholar
  35. 35.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC (2008)Google Scholar
  36. 36.
    Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_5CrossRefGoogle Scholar
  37. 37.
    Goldwasser, S., et al.: Multi-input functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_32CrossRefGoogle Scholar
  38. 38.
    Goldwasser, S., Goyal, V., Jain, A., Sahai, A.: Multi-input functional encryption. Cryptology ePrint Archive: Report 2013/727 (2013)Google Scholar
  39. 39.
    Goldwasser, S., Kalai, Y., Peikert, C., Vaikuntanathan, V.: Robustness of the learning with errors assumption. In: ICS (2010)Google Scholar
  40. 40.
    Goldwasser, S., Tauman Kalai, Y., Popa, R., Vaikuntanathan, V., Zeldovich, N.: How to run turing machines on encrypted data. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 536–553. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_30CrossRefGoogle Scholar
  41. 41.
    Goldwasser, S., Tauman Kalai, Y., Popa, R., Vaikuntanathan, V., Zeldovich, N.: Reusable garbled circuits and succinct functional encryption. In: STOC (2013)Google Scholar
  42. 42.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multi-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_11CrossRefGoogle Scholar
  43. 43.
    Gordon, S., Katz, J., Liu, F.-H., Shi, E., Zhou, H.-S.: Multi-input functional encryption. Cryptology ePrint Archive: Report 2013/774 (2014)Google Scholar
  44. 44.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: ACM-CCS (2006)Google Scholar
  45. 45.
    Hanaoka, G., Matsuda, T., Schuldt, J.: On the impossibility of constructing efficient key encapsulation and programmable hash functions in prime order groups. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 812–831. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_47CrossRefzbMATHGoogle Scholar
  46. 46.
    Hofheinz, D., Kiltz, E.: Programmable hash functions and their applications. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 21–38. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_2CrossRefGoogle Scholar
  47. 47.
    Jager, T.: Verifiable random functions from weaker assumptions. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 121–143. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_5CrossRefGoogle Scholar
  48. 48.
    Joye, M., Libert, B.: A scalable scheme for privacy-preserving aggregation of time-series data. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 111–125. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39884-1_10CrossRefzbMATHGoogle Scholar
  49. 49.
    Katsumata, S., Yamada, S.: Partitioning via non-linear polynomial functions: more compact IBEs from ideal lattices and bilinear maps. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 682–712. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_23CrossRefGoogle Scholar
  50. 50.
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_9CrossRefGoogle Scholar
  51. 51.
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_4CrossRefGoogle Scholar
  52. 52.
    Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 568–588. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_31CrossRefGoogle Scholar
  53. 53.
    Lewko, A., Waters, B.: New proof methods for attribute-based encryption: achieving full security through selective techniques. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 180–198. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_12CrossRefGoogle Scholar
  54. 54.
    Libert, B., Sakzad, A., Stehlé, D., Steinfeld, R.: All-but-many lossy trapdoor functions and selective opening chosen-ciphertext security from LWE. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 332–364. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_12CrossRefGoogle Scholar
  55. 55.
    Libert, B., Stehlé, D., Titiu, R.: Adaptively secure distributed PRFs from \(\sf LWE\). In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 391–421. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-03810-6_15CrossRefGoogle Scholar
  56. 56.
    Lin, H.: Indistinguishability obfuscation from SXDH on 5-linear maps and locality-5 PRGs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 599–629. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_20CrossRefGoogle Scholar
  57. 57.
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_41CrossRefGoogle Scholar
  58. 58.
    Naor, M., Pinkas, B., Reingold, O.: Distributed pseudo-random functions and KDCs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 327–346. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_23CrossRefGoogle Scholar
  59. 59.
    Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14623-7_11CrossRefGoogle Scholar
  60. 60.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC (2005)Google Scholar
  61. 61.
    Sahai, A., Seyalioglu, H.: Worry-free encryption: functional encryption with public keys. In: ACM-CCS (2010)Google Scholar
  62. 62.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_27CrossRefGoogle Scholar
  63. 63.
    Schnorr, C.P.: A hierarchy of polynomial time lattice basis reduction algorithms. Theor. Comput. Sci. 53(2–3), 201–224 (1987)MathSciNetCrossRefGoogle Scholar
  64. 64.
    Shi, E., Chan, T., Rieffel, E., Chow, R., Song, D.: Privacy-preserving aggregation of time-series data. In: NDSS (2011)Google Scholar
  65. 65.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19379-8_4CrossRefGoogle Scholar
  66. 66.
    Waters, B.: Functional encryption for regular languages. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 218–235. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_14CrossRefGoogle Scholar
  67. 67.
    Wee, H.: Dual system encryption via predicate encodings. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 616–637. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54242-8_26CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.CNRS, Laboratoire LIPLyonFrance
  2. 2.ENS de Lyon, Laboratoire LIP (U. Lyon, CNRS, ENSL, INRIA, UCBL)LyonFrance
  3. 3.BitdefenderBucharestRomania

Personalised recommendations