Cryptology ePrint Archive: Report 2017/989

Decentralized Multi-Client Functional Encryption for Inner Product

Jérémy Chotard and Edouard Dufour Sans and Duong Hieu Phan and David Pointcheval

Abstract: Multi-input functional encryption is a very useful generalization of Functional Encryption, which has been motivated by Goldwasser et al. from Eurocrypt ’14. All the constructions, however, rely on non-standard assumptions. Very recently, at Eurocrypt ’17, Abdalla et al. considered a restricted case and proposed an efficient multi-input inner-product functional encryption scheme. In this paper, regarding the case of inner product, we argue that the multi-client setting (MCFE, for Multi-Client Functional Encryption), which borrows techniques from both Functional Encryption and Private Stream Aggregation, is better suited to real-life applications because of the strong restrictions implied by linear relations. We then propose a practical solution for Multi-Client Inner-Product Functional Encryption (IP-MCFE) which relies on the sole DDH assumption and supports adaptive corruptions. In MCFE schemes, each data input is encrypted by a different client, and the clients might not trust anybody for the functional decryption keys. It thus seems quite important to remove any authority, while allowing corruptions of the clients by the adversary. We thus propose the notion of Decentralized Multi-Client Functional Encryption (DMCFE) and provide a generic construction from two MCFE schemes with particular properties. More concretely, combining two instantiations of our previous IP-MCFE, we can build an efficient and non-interactive decentralized scheme for inner product. Our construction relies on the SXDH assumption, and supports adaptive corruptions in the random oracle model.

Category / Keywords: cryptographic protocols / Functional Encryption, Inner Product, Private Stream Aggregation, Multi-Client, Decentralized

Date: received 8 Oct 2017

Contact author: david pointcheval at ens fr

Available format(s): PDF | BibTeX Citation

Version: 20171011:141222 (All versions of this report)

Short URL: ia.cr/2017/989

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]