Paper 2025/836

Registered Functional Encryption for Attribute-Weighted Sums with Access Control

Abstract

In this work, we present Functional Encryption (FE) schemes for Attribute-Weighted Sums (AWS), introduced by Abdalla, Gong and Wee (Crypto 2020) in the registration-based setting (RFE). In such a setting, users sample their own public/private key pairs $({\mathsf{pk}}_i,{\mathsf{sk}}_i)$; a key curator registers user public keys along with their functions $h_i$; encryption takes as input $N$ attribute-value pairs $\{{\overrightarrow{x}}_{\ell },{\overrightarrow{z}}_{\ell }{\}}_{\ell \in [N]}$ where ${\overrightarrow{x}}_{\ell }$ is public and ${\overrightarrow{z}}_{\ell }$ is private; and decryption recovers the weighted sum $\sum _{\ell \in [N]}{h}_i({\overrightarrow{x}}_{\ell }{)}^{\mathsf{T}}{\overrightarrow{z}}_{\ell }$ while leaking no additional information about $$. Recently, Agrawal, Tomida and Yadav (Crypto 2023) studied the attribute-based case of AWS (AB-AWS) providing fine-grained access control, where the function is described by a tuple $$, the input is extended to $$ and decryption recovers the weighted sum only if $$. Our main results are the following: - We build the first RFE for (AB-)1AWS functionality, where $$, that achieves adaptive indistinguishability-based security under the (bilateral) $$-Lin assumption in prime-order pairing groups. Prior works achieve RFE for linear and quadratic functions without access control in the standard model, or for attribute-based linear functions in the generic group model. - We develop the first RFE for AB-AWS functionality, where $$ is unbounded, that achieves very selective simulation-based security under the bilateral $$-Lin assumption. Here, “very selective” means that the adversary declares challenge attribute values, all registered functions and corrupted users upfront. Previously, SIM-secure RFEs were only constructed for linear and quadratic functions without access control in the same security model. We devise a novel nested encoding mechanism that facilitates achieving attribute-based access control and unbounded inputs in the registration-based setting for AWS functionalities, proven secure in the standard model. In terms of efficiency, our constructions feature short public parameters, secret keys independent of $$, and compact ciphertexts unaffected by the length of public inputs. Moreover, as required by RFE properties, all objective sizes and algorithm costs scale poly-logarithmically with the total number of registered users in the system.