Paper 2022/441

Two-Client Inner-Product Functional Encryption, with an Application to Money-Laundering Detection

Abstract

In this paper, we extend Inner-Product Functional Encryption (IPFE), where there is just a vector in the key and a vector in the single sender's ciphertext, to two-client ciphertexts. More precisely, in our two-client functional encryption scheme, there are two data providers who can independently encrypt vectors $\mathbf{x}$ and $\mathbf{y}$ for a data consumer who can, from a functional decryption key associated to a vector $\alpha$, compute $\sum {\alpha }_i{x}_i{y}_i=\mathbf{x}\cdot \mathsf{Diag}(\alpha )\cdot {\mathbf{y}}^{\mathrm{\top }}$. Ciphertexts are linear in the dimension of the vectors, whereas the functional decryption keys are of constant size. We study two interesting particular cases: - 2-party Inner-Product Functional Encryption, with $$. There is a unique functional decryption key, which enables the computation of $$ by a third party, where $$ and $$ are provided by two independent clients; - Inner-Product Functional Encryption with a Selector, with $$ and $$, for some bit $$, on the public coefficients $$, in the functional decryption key, so that one gets $$, where $$ and $$ are provided by two independent clients. This result is based on the fundamental Product-Preserving Lemma, which is of independent interest. It exploits Dual Pairing Vector Spaces (DPVS), with security proofs under the $$ assumption. We provide two practical applications: to medical diagnosis for the latter IPFE with Selector, and to money-laundering detection for the former 2-party IPFE, both with strong privacy properties, with adaptative security and the use of labels granting a Multi-Client Functional Encryption (MCFE) security for the scheme, thus enabling its use in practical situations.

Note: This is the full version of the CCS 2022 paper.