Paper 2020/1266

Multi-Party Functional Encryption

Shweta Agrawal, Rishab Goyal, and Junichi Tomida


We initiate the study of multi-party functional encryption (MPFE) which unifies and abstracts out various notions of functional encryption which support distributed ciphertexts or secret keys, such as multi-input FE, multi-client FE, decentralized multi-client FE, multi-authority FE, dynamic decentralized FE, adhoc multi-input FE and such others. Using our framework, we identify several gaps in the literature and provide some constructions to fill these: 1) Multi-Authority ABE with Inner Product Computation: The recent work of Abdalla et al. (ASIACRYPT'20) constructed a novel ``composition'' of Attribute Based Encryption (ABE) and Inner Product Functional Encryption (IPFE), namely functional encryption schemes that combine the access control functionality of attribute based encryption with the possibility of performing linear operations on the encrypted data. In this work, we extend the access control component to support the much more challenging multi-authority setting, i.e. ``lift'' the primitive of ABE in their construction to multi-authority ABE for the same class of access control policies (LSSS structures). This yields the first construction of a nontrivial multi-authority FE beyond ABE from simple assumptions on pairings to the best of our knowledge. Our techniques can also be used to generalize the decentralized attribute based encryption scheme of Michalevsky and Joye (ESORICS'18) to support inner product computation on the message. While this scheme only supports inner product predicates which is less general than those supported by the Lewko-Waters (EUROCRYPT'11) construction, it supports policy hiding which the latter does not. Our extension inherits these features and is secure based on the $k$-linear assumption, in the random oracle model. 2. Function Hiding DDFE: The novel primitive of dynamic decentralized functional encryption (DDFE) was recently introduced by Chotard et al. (CRYPTO'20), where they also provided the first construction for inner products. However, the primitive of DDFE does not support function hiding, which is a significant limitation for several applications. In this work, we provide a new construction for inner product DDFE which supports function hiding. To achieve our final result, we define and construct the first function hiding multi-client functional encryption (MCFE) scheme for inner products, which may be of independent interest. 3. Distributed Ciphertext-Policy ABE: We provide a distributed variant of the recent ciphertext-policy attribute based encryption scheme, constructed by Agrawal and Yamada (EUROCRYPT'20). Our construction supports $NC^1$ access policies, and is secure based on ``Learning With Errors'' and relies on the generic bilinear group model as well as the random oracle model. Our new MPFE abstraction predicts meaningful new variants of functional encryption as useful targets for future work.

Note: Full version of the TCC 2021 paper.

Available format(s)
Public-key cryptography
Publication info
Published by the IACR in TCC 2021
Functional EncryptionMulti-partyDecentralizedDistributedMulti-input
Contact author(s)
goyal @ utexas edu
shweta a @ gmail com
tomida junichi @ gmail com
2021-09-14: last of 3 revisions
2020-10-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Shweta Agrawal and Rishab Goyal and Junichi Tomida},
      title = {Multi-Party Functional Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1266},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.