Paper 2024/1720

Pseudorandom Multi-Input Functional Encryption and Applications

Shweta Agrawal, Indian Institute of Technology Madras
Simran Kumari, Indian Institute of Technology Madras
Shota Yamada, National Institute of Advanced Industrial Science and Technology
Abstract

We construct the first multi-input functional encryption (MIFE) and indistinguishability obfuscation (iO) schemes for pseudorandom functionalities, where the output of the functionality is pseudorandom for every input seen by the adversary. Our MIFE scheme relies on LWE and evasive LWE (Wee, Eurocrypt 2022 and Tsabary, Crypto 2022) for constant arity functions, and a strengthening of evasive LWE for polynomial arity. Thus, we obtain the first MIFE and iO schemes for a nontrivial functionality from conjectured post-quantum assumptions. Along the way, we identify subtle issues in the proof of witness encryption from evasive LWE by prior work and believe that a similar strengthening of evasive LWE should also be required for their proof, for the same reasons as ours. We demonstrate the power of our new tools via the following applications: 1. Multi Input Predicate Encryption for Constant Arity. Assuming evasive LWE and LWE, we construct a multi-input predicate encryption scheme (MIPE) for P, supporting constant arity. The only prior work to support MIPE for P with constant arity by Agrawal et al. (Crypto, 2023) relies on a strengthening of Tensor LWE in addition to LWE and evasive LWE. 2. Multi Input Predicate Encryption for Polynomial Arity. Assuming a stronger variant of evasive LWE and LWE, we construct MIPE for P for polynomial arity. MIPE for polynomial arity supporting P was not known before, to the best of our knowledge. 3. Two Party ID Based Key Exchange. Assuming a stronger variant of evasive LWE and LWE, along with Decision Bilinear Diffie-Hellman, we provide the first two-party ID based Non-Interactive Key Exchange (ID-NIKE) scheme in the standard model. This leads to the first ID-NIKE in the standard model without using multilinear maps or indistinguishability obfuscation. 4. Instantiating the Random Oracle. We use our pseudorandom iO to instantiate the random oracle in several applications that previously used iO (Hohenberger, Sahai and Waters, Eurocrypt 2014) such as full-domain hash signature based on trapdoor permutations and more. Our tools of MIFE and iO for pseudorandom functionalities appear quite powerful and yield extremely simple constructions when used in applications. We believe they provide a new pathway for basing “extreme” cryptography, which has so far required full fledged iO, on the presumably weaker evasive LWE in the post quantum regime.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
multi-input functional encryptionindistinguishability obfuscationpseudorandom functionslatticesevasive LWE
Contact author(s)
shweta a @ gmail com
sim78608 @ gmail com
yamada-shota @ aist go jp
History
2024-10-21: approved
2024-10-21: received
See all versions
Short URL
https://ia.cr/2024/1720
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2024/1720,
      author = {Shweta Agrawal and Simran Kumari and Shota Yamada},
      title = {Pseudorandom Multi-Input Functional Encryption and Applications},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1720},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1720}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.