Paper 2025/330

(Multi-Input) FE for Randomized Functionalities, Revisited

Pratish Datta, NTT Research
Jiaxin Guan, New York University
Alexis Korb, University of California, Los Angeles
Amit Sahai, University of California, Los Angeles
Abstract

Randomized functional encryption (rFE) generalizes functional encryption (FE) by incorporating randomized functionalities. Randomized multi-input functional encryption (rMIFE) extends rFE to accommodate multi-input randomized functionalities. In this paper, we reassess the framework of rFE/rMIFE enhancing our understanding of this primitive and laying the groundwork for more secure and flexible constructions in this field. Specifically, we make three key contributions: - New definition: We identify critical gap in the existing indistinguishability-based (IND) security definition for rFE/rMIFE. Notably, current definition fails to adequately address security against malicious encryptors—a crucial requirement for rFE/rMIFE since their introduction. We propose a novel, robust IND security definition that not only addresses threats from malicious decryptors but also quantifies the security against malicious encryptors effectively. - Counterexample: To illustrate the importance of this definitional gap, we provide a counterexample of an insecure rFE scheme that meets IND security under the previous definition but explicitly fails in a natural setting (and where this failure would be precluded by our enhanced definition). Our counterexample scheme is non-trivial and meticulously designed using standard cryptographic tools, namely FE for deterministic functions, pseudorandom function (PRF), public key encryption (PKE), and simulation-sound non-interactive zero-knowledge (NIZK) proof systems. - Adaptive unbounded-message secure construction: The only viable prior construction of rMIFE by Goldwasser et al. [EUROCRYPT 2014] (which uses indistinguishability obfuscation (iO) and other standard assumptions) has significant limitations: it permits only a pre-defined number of messages per encryption slot and operates under selective-security constraints, requiring adversaries to declare challenge ciphertext queries and "corrupted" encryption keys in advance. We address these shortcomings by employing sub-exponentially secure iO. Technically, we build on and adapt methods developed by Goyal et al. [ASIACRYPT 2016] for deterministic MIFE.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Functional EncryptionRandomized FunctionalitiesMulti-InputSIM-based SecurityIND-based Security
Contact author(s)
pratish datta @ ntt-research com
jiaxin @ guan io
alexiskorb @ cs ucla edu
sahai @ cs ucla edu
History
2025-02-25: approved
2025-02-23: received
See all versions
Short URL
https://ia.cr/2025/330
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/330,
      author = {Pratish Datta and Jiaxin Guan and Alexis Korb and Amit Sahai},
      title = {(Multi-Input) {FE} for Randomized Functionalities, Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/330},
      year = {2025},
      url = {https://eprint.iacr.org/2025/330}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.