Paper 2022/1284

(Inner-Product) Functional Encryption with Updatable Ciphertexts

Valerio Cini, NTT Research
Sebastian Ramacher, AIT Austrian Institute of Technology
Daniel Slamanig, Research Institute CODE, Universität der Bundeswehr München
Christoph Striecks, AIT Austrian Institute of Technology
Erkan Tairi, TU Wien

We propose a novel variant of functional encryption which supports ciphertext updates, dubbed ciphertext-updatable functional encryption (CUFE). Such a feature further broadens the practical applicability of the functional-encryption paradigm and allows for fine-grained access control even after a ciphertext is generated. Updating ciphertexts is carried out via so-called update tokens which a dedicated party can use to convert ciphertexts. However, allowing update tokens requires some care for the security definition. Our contribution is three-fold: a) We define our new primitive with a security notion in the indistinguishability setting. Within CUFE, functional decryption keys and ciphertexts are labeled with tags such that only if the tags of the decryption key and the ciphertext match, then decryption succeeds. Furthermore, we allow ciphertexts to switch their tags to any other tag via update tokens. Such tokens are generated by the holder of the main secret key and can only be used in the desired direction. b) We present a generic construction of CUFE for any functionality as well as predicates different from equality testing on tags which relies on the existence of indistinguishability obfuscation (iO). c) We present a practical construction of CUFE for the inner-product functionality from standard assumptions (i.e., LWE) in the random-oracle model. On the technical level, we build on the recent functional-encryption schemes with fine-grained access control and linear operations on encrypted data (Abdalla et al., AC'20) and introduce an additional ciphertext-updatability feature. Proving security for such a construction turned out to be non-trivial, particularly when revealing keys for the updated challenge ciphertext is allowed. Overall, such construction enriches the set of known inner-product functional-encryption schemes with the additional updatability feature of ciphertexts.

Available format(s)
Public-key cryptography
Publication info
Published by the IACR in JOC 2023
functional encryptionupdatable cryptographyobfuscationlattices
Contact author(s)
valerio cini @ ntt-research com
sebastian ramacher @ ait ac at
daniel slamanig @ unibw de
christoph striecks @ ait ac at
erkan tairi @ tuwien ac at
2023-10-28: revised
2022-09-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Valerio Cini and Sebastian Ramacher and Daniel Slamanig and Christoph Striecks and Erkan Tairi},
      title = {(Inner-Product) Functional Encryption with Updatable Ciphertexts},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1284},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.