Paper 2022/1532

Dynamic Decentralized Functional Encryption with Strong Security

Abstract

Decentralized Multi-Client Functional Encryption (DMCFE) extends the basic functional encryption to multiple clients that do not trust each other. They can independently encrypt the multiple inputs to be given for evaluation to the function embedded in the functional decryption key. And they keep control on these functions as they all have to contribute to the generation of the functional decryption keys. Dynamic Decentralized Functional Encryption (DDFE) is the ultimate extension where one can dynamically join the system and the keys and ciphertexts can be built by dynamic subsets of clients. As any encryption scheme, all the FE schemes provide privacy of the plaintexts. But the functions associated to the functional decryption keys might be sensitive too (e.g. a model in machine learning). The function-hiding property has thus been introduced to additionally protect the function evaluated during the decryption process. In this paper, we first provide a generic conversion from DMCFE to DDFE, that preserves the security properties, in both the standard and the function-hiding setting. Then, new proof techniques allow us to analyze a new concrete construction of function-hiding DMCFE for inner products, that can thereafter be converted into a DDFE, with strong security guarantees: the adversary can adaptively query multiple challenge ciphertexts and multiple challenge keys. Previous constructions were proven secure in the selective setting only.

Note: The old title was "Function-Hiding Dynamic Decentralized Functional Encryption for Inner Products". We extended our transformation (Section 4) from the function-hiding regime to be applicable to standard schemes and attain IP-DDFE constructions with stronger security from existing (non-FH) IP-DMCFE in the literature. Please refer to Section 1.1 and Table 1 for more details.