Paper 2015/158

Multi-Input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions

Zvika Brakerski, Ilan Komargodski, and Gil Segev

Abstract

We construct a general-purpose multi-input functional encryption scheme in the private-key setting. Namely, we construct a scheme where a functional key corresponding to a function $f$ enables a user holding encryptions of $x_1, \ldots, x_t$ to compute $f(x_1, \ldots, x_t)$ but nothing else. This is achieved starting from any general-purpose private-key single-input scheme (without any additional assumptions), and is proven to be adaptively secure for any constant number of inputs $t$. Moreover, it can be extended to a super-constant number of inputs assuming that the underlying single-input scheme is sub-exponentially secure. Instantiating our construction with existing single-input schemes, we obtain multi-input schemes that are based on a variety of assumptions (such as indistinguishability obfuscation, multilinear maps, learning with errors, and even one-way functions), offering various trade-offs between security and efficiency. Previous and concurrent constructions of multi-input functional encryption schemes either rely on stronger assumptions and provided weaker security guarantees (Goldwasser et al. [EUROCRYPT '14], and Ananth and Jain [CRYPTO '15]), or relied on multilinear maps and could be proven secure only in an idealized generic model (Boneh et al. [EUROCRYPT '15]). In comparison, we present a general transformation that simultaneously relies on weaker assumptions and guarantees stronger security.