**Traceable Inner Product Functional Encryption**

*Xuan Thanh Do and Duong Hieu Phan and David Pointcheval*

**Abstract: **Functional Encryption (FE) has been widely studied in the last decade, as it provides a very useful tool for restricted access to sensitive data: from a ciphertext, it allows specific users to learn a function of the underlying plaintext. In practice, many users may be interested in the same function on the data, say the mean value of the inputs, for example. The conventional definition of FE associates each function to a secret decryption functional key and therefore all the users get the same secret key for the same function. This induces an important problem: if one of these users (called a traitor) leaks or sells the decryption functional key to be included in a pirate decryption tool, then there is no way to trace back its identity. Our objective is to solve this issue by introducing a new primitive, called Traceable Functional Encryption: the functional decryption key will not only be specific to a function, but to a user too, in such a way that if some users collude to produce a pirate decoder that successfully evaluates a function on the plaintext, from the ciphertext only, one can trace back at least one of them.
We propose a concrete solution for Inner Product Functional Encryption (IPFE). We first remark that the ElGamal-based IPFE from Abdalla et. al. in PKC '15 shares many similarities with the Boneh-Franklin traitor tracing from CRYPTO '99. Then, we can combine these two schemes in a very efficient way, with the help of pairings, to obtain a Traceable IPFE with black-box confirmation.

**Category / Keywords: **cryptographic protocols / Functional Encryption, IPFE, Traceability

**Original Publication**** (with minor differences): **CT-RSA 2020

**Date: **received 25 Nov 2019

**Contact author: **thanhkhtn at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20191127:081426 (All versions of this report)

**Short URL: **ia.cr/2019/1358

[ Cryptology ePrint archive ]