Skip to main content
SpringerLink
Log in

Multi-Party Functional Encryption

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13043))

Included in the following conference series:

Abstract

We initiate the study of multi-party functional encryption (\(\mathsf {MPFE})\) which unifies and abstracts out various notions of functional encryption which support distributed ciphertexts or secret keys, such as multi-input FE, multi-client FE, decentralized multi-client FE, multi-authority FE, dynamic decentralized FE, adhoc multi-input FE and such others. Using our framework, we identify several gaps in the literature and provide some constructions to fill these:

1. Multi-Authority \({\mathsf {ABE}}\) with Inner Product Computation. The recent work of Abdalla et al. (ASIACRYPT’20) constructed a novel “composition” of Attribute Based Encryption (\({\mathsf {ABE}}\)) and Inner Product Functional Encryption (\({\mathsf { IPFE}}\)), namely functional encryption schemes that combine the access control functionality of attribute based encryption with the possibility of performing linear operations on the encrypted data. In this work, we extend the access control component to support the much more challenging multi-authority setting, i.e. “lift” the primitive of \({\mathsf {ABE}}\) in their construction to multi-authority \({\mathsf {ABE}}\) for the same class of access control policies (LSSS structures). This yields the first construction of a nontrivial multi-authority \(\mathsf {FE}\) beyond \({\mathsf {ABE}}\) from simple assumptions on pairings to the best of our knowledge.

Our techniques can also be used to generalize the decentralized attribute based encryption scheme of Michalevsky and Joye (ESORICS’18) to support inner product computation on the message. While this scheme only supports inner product predicates which is less general than those supported by the Lewko-Waters (EUROCRYPT’11) construction, it supports policy hiding which the latter does not. Our extension inherits these features and is secure based on the k-linear assumption, in the random oracle model.

2. Function Hiding \(\mathsf {DDFE} \). The novel primitive of dynamic decentralized functional encryption (\(\mathsf {DDFE} \)) was recently introduced by Chotard et al. (CRYPTO’20), where they also provided the first construction for inner products. However, the primitive of \(\mathsf {DDFE} \) does not support function hiding, which is a significant limitation for several applications. In this work, we provide a new construction for inner product \(\mathsf {DDFE} \) which supports function hiding. To achieve our final result, we define and construct the first function hiding multi-client functional encryption (\(\mathsf{MCFE}\)) scheme for inner products, which may be of independent interest.

3. Distributed Ciphertext-Policy \({\mathsf {ABE}}\). We provide a distributed variant of the recent ciphertext-policy attribute based encryption scheme, constructed by Agrawal and Yamada (EUROCRYPT’20). Our construction supports \(\mathbf{NC}^1\) access policies, and is secure based on “Learning With Errors” and relies on the generic bilinear group model as well as the random oracle model.

Our new \(\mathsf {MPFE} \) abstraction predicts meaningful new variants of functional encryption as useful targets for future work.

S. Agrawal—Research supported by the DST “Swarnajayanti” fellowship, an Indo-French CEFIPRA project and the CCD Centre of Excellence.

R. Goyal—Research supported in part by NSF CNS Award #1718161, an IBM-MIT grant, and by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR00112020023. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Government or DARPA. Work done in part while at the Simons Institute for the Theory of Computing, supported by Simons-Berkeley research fellowship.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    If the setup mode is decentralized/interactive, then the description of setup could correspond to an interactive multi-round protocol instead of an algorithm. However, for ease of exposition we abuse the notation and use setup algorithm to refer to the corresponding protocol description.

  2. 2.

    We caution the reader that the notation \({\mathsf {ABE}}\circ {\mathsf { IPFE}}\) is for readability and does not denote a formal composition.

  3. 3.

    As in prior ABE schemes based on bilinear maps, the key is empty when \(x_i = 0\).

  4. 4.

    We omit specifying the mode in the syntax for notational brevity.

  5. 5.

    Note that in case \(\mathsf {EK}_i\) is completely contained in some \(\mathsf {PK}_j\) then make a master secret corruption query for j will also add the corresponding index i to \(\mathcal {S}_x\), and vice versa. At a very high level, although having separate aggregation functions for partial secret key and ciphertexts as part of the framework allows us to capture a highly expressive class of encryption scheme; defining the most general notion of security for MPFE that captures all different types of setup and key distribution settings could be very dense. To that end, here we provide a clean security game which captures the existing encryption primitives. Capturing security for each setup mode and corruption model individually would be more precise in certain settings.

  6. 6.

    In this work, we only focus on standard semantic security, but one could also amplify to its CCA counterpart by relying on the generic CPA-to-CCA amplification techniques [28].

  7. 7.

    Note that in general this could be a non-falsifiable condition to check if \(S^{*}\) is \(\omega (\log \lambda )\) and the predicate class contains general non-monotonic functions.

  8. 8.

    The leakage function captures information that \(\mathsf {EK}_{i}\) reveals from \({\mathsf {SK}}\).

  9. 9.

    In [22], some definitions have ambiguity that seems to stem from the indexing by \(\mathsf {pk}\). For instance, correctness of DDFE in Definition 1 implicitly assumes that \(\mathsf {sk}_{\mathsf {pk}}\) is uniquely decided by \(\mathsf {pk}\), while the syntax does not require such a condition. Another example is the IP-DDFE construction in [22, § 7.2].

  10. 10.

    Concretely, when \(\mathcal {U}_{K}\) is a multiset, and \(i' \in \mathcal {U}_{K}\) has multiplicity 2, how to treat \(k_{i'} \in \{k_{i}\}_{i \in \mathcal {U}_{K}}\) is unclear.

  11. 11.

    The symmetric setting captures the case where \(\mathsf {PK}_{i}\) can be used to not only encrypt/key generation but also decryption/decoding of \(\mathsf {CT}_{i}\)/\({\mathsf {SK}}_{i}\).

  12. 12.

    In AoNE, there are no secret keys and thus the IND-security defined in [22] is exactly the same as function-hiding security in our paper.

References

  1. Abdalla, M., Benhamouda, F., Gay, R.: From single-input to multi-client inner-product functional encryption. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 552–582. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_19

    Chapter  Google Scholar 

  2. Abdalla, M., Benhamouda, F., Kohlweiss, M., Waldner, H.: Decentralizing inner-product functional encryption. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 128–157. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_5

    Chapter  Google Scholar 

  3. Abdalla, M., Bourse, F., De Caro, A., Pointcheval, D.: Simple functional encryption schemes for inner products. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 733–751. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46447-2_33

    Chapter  Google Scholar 

  4. Abdalla, M., Catalano, D., Gay, R., Ursu, B.: Inner-product functional encryption with fine-grained access control. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 467–497. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_16

    Chapter  Google Scholar 

  5. Agrawal, S., Clear, M., Frieder, O., Garg, S., O’Neill, A., Thaler, J.: Ad hoc multi-input functional encryption. In: ITCS 2020 (2020)

    Google Scholar 

  6. Agrawal, S., Goyal, R., Tomida, J.: Multi-party functional encryption. Cryptology ePrint Archive, Report 2020/1266 (2020). https://ia.cr/2020/1266

  7. Agrawal, S., Libert, B., Stehle, D.: Fully secure functional encryption for linear functions from standard assumptions, and applications. In: Crypto (2016)

    Google Scholar 

  8. Agrawal, S., Yamada., S.: Optimal broadcast encryption from pairings and LWE. In: Proceedings of EUROCRYPT (2020)

    Google Scholar 

  9. Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 308–326. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_15

    Chapter  Google Scholar 

  10. Bishop, A., Jain, A., Kowalczyk, L.: Function-hiding inner product encryption. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 470–491. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_20

    Chapter  Google Scholar 

  11. Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation from functional encryption. FOCS 2015, 163 (2015). http://eprint.iacr.org/2015/163

  12. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  13. Boneh, D., et al.: Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 533–556. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_30

    Chapter  Google Scholar 

  14. Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16

    Chapter  Google Scholar 

  15. Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_29

    Chapter  Google Scholar 

  16. Brakerski, Z., Chandran, N., Goyal, V., Jain, A., Sahai, A., Segev, G.: Hierarchical functional encryption. In: ITCS 2017 (2017)

    Google Scholar 

  17. Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28

    Chapter  Google Scholar 

  18. Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: ACM CCS 2009 (2009)

    Google Scholar 

  19. Chen, Y., Zhang, L., Yiu, S.M.: Practical attribute based inner product functional encryption from simple assumptions. Cryptology ePrint Archive (2019)

    Google Scholar 

  20. Chotard, J., Dufour Sans, E., Gay, R., Phan, D.H., Pointcheval, D.: Decentralized multi-client functional encryption for inner product. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 703–732. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_24

    Chapter  Google Scholar 

  21. Chotard, J., Dufour-Sans, E., Gay, R., Phan, D.H., Pointcheval, D.: Multi-client functional encryption with repetition for inner product. Cryptology ePrint Archive, Report 2018/1021 (2018)

    Google Scholar 

  22. Chotard, J., Dufour-Sans, E., Gay, R., Phan, D.H., Pointcheval, D.: Dynamic decentralized functional encryption. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 747–775. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_25

    Chapter  Google Scholar 

  23. Datta, P., Okamoto, T., Tomida, J.: Full-hiding (unbounded) multi-input inner product functional encryption from the k-linear assumption. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10770, pp. 245–277. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76581-5_9

    Chapter  Google Scholar 

  24. Goldwasser, S., et al.: Multi-input functional encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 578–602. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_32

    Chapter  Google Scholar 

  25. Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 503–523. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_25

    Chapter  Google Scholar 

  26. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: CCS (2006)

    Google Scholar 

  27. Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_9

    Chapter  Google Scholar 

  28. Koppula, V., Waters, B.: Realizing chosen ciphertext security generically in attribute-based encryption and predicate encryption. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 671–700. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_23

    Chapter  MATH  Google Scholar 

  29. Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 568–588. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_31

    Chapter  Google Scholar 

  30. Libert, B., Ţiţiu, R.: Multi-client functional encryption for linear functions in the standard model from LWE. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 520–551. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_18

    Chapter  MATH  Google Scholar 

  31. Michalevsky, Y., Joye, M.: Decentralized policy-hiding ABE with receiver privacy. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 548–567. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_27

    Chapter  Google Scholar 

  32. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27

    Chapter  Google Scholar 

  33. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5

    Chapter  Google Scholar 

  34. Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_36

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IIT Madras, Chennai, India

    Shweta Agrawal

  2. MIT, Cambridge, MA, USA

    Rishab Goyal

  3. NTT Corporation, Tokyo, Japan

    Junichi Tomida

Authors
  1. Shweta Agrawal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rishab Goyal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Junichi Tomida
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shweta Agrawal .

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, WA, USA

    Kobbi Nissim

  2. The University of Texas at Austin, Austin, TX, USA

    Brent Waters

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Agrawal, S., Goyal, R., Tomida, J. (2021). Multi-Party Functional Encryption. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13043. Springer, Cham. https://doi.org/10.1007/978-3-030-90453-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90453-1_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90452-4

  • Online ISBN: 978-3-030-90453-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation