TY - GEN
T1 - Multi-Client Functional Encryption with Fine-Grained Access Control
AU - Nguyen, Ky
AU - Phan, Duong Hieu
AU - Pointcheval, David
N1 - Publisher Copyright:
© 2022, International Association for Cryptologic Research.
PY - 2022/1/1
Y1 - 2022/1/1
N2 - Multi-Client Functional Encryption (MCFE ) and Multi-Input Functional Encryption (MIFE ) are very interesting extensions of Functional Encryption for practical purpose. They allow to compute joint function over data from multiple parties. Both primitives are aimed at applications in multi-user settings where decryption can be correctly output for users with appropriate functional decryption keys only. While the definitions for a single user or multiple users were quite general and can be realized for general classes of functions as expressive as Turing machines or all circuits, efficient schemes have been proposed so far for concrete classes of functions: either only for access control, i.e. the identity function under some conditions, or linear/quadratic functions under no condition. In this paper, we target classes of functions that explicitly combine some evaluation functions independent of the decrypting user under the condition of some access control. More precisely, we introduce a framework for MCFE with fine-grained access control and propose constructions for both single-client and multi-client settings, for inner-product evaluation and access control via Linear Secret Sharing Schemes (LSSS), with selective and adaptive security. The only known work that combines functional encryption in multi-user setting with access control was proposed by Abdalla et al. (Asiacrypt ’20), which relies on a generic transformation from the single-client schemes to obtain MIFE schemes that suffer a quadratic factor of n (where n denotes the number of clients) in the ciphertext size. We follow a different path, via MCFE : we present a duplicate-and-compress technique to transform the single-client scheme and obtain a MCFE with fine-grained access control scheme with only a linear factor of n in the ciphertext size. Our final scheme thus outperforms the Abdalla et al.’s scheme by a factor n, as one can obtain MIFE from MCFE by making all the labels in MCFE a fixed public constant. The concrete constructions are secure under the SXDH assumption, in the random oracle model for the MCFE scheme, but in the standard model for the MIFE improvement.
AB - Multi-Client Functional Encryption (MCFE ) and Multi-Input Functional Encryption (MIFE ) are very interesting extensions of Functional Encryption for practical purpose. They allow to compute joint function over data from multiple parties. Both primitives are aimed at applications in multi-user settings where decryption can be correctly output for users with appropriate functional decryption keys only. While the definitions for a single user or multiple users were quite general and can be realized for general classes of functions as expressive as Turing machines or all circuits, efficient schemes have been proposed so far for concrete classes of functions: either only for access control, i.e. the identity function under some conditions, or linear/quadratic functions under no condition. In this paper, we target classes of functions that explicitly combine some evaluation functions independent of the decrypting user under the condition of some access control. More precisely, we introduce a framework for MCFE with fine-grained access control and propose constructions for both single-client and multi-client settings, for inner-product evaluation and access control via Linear Secret Sharing Schemes (LSSS), with selective and adaptive security. The only known work that combines functional encryption in multi-user setting with access control was proposed by Abdalla et al. (Asiacrypt ’20), which relies on a generic transformation from the single-client schemes to obtain MIFE schemes that suffer a quadratic factor of n (where n denotes the number of clients) in the ciphertext size. We follow a different path, via MCFE : we present a duplicate-and-compress technique to transform the single-client scheme and obtain a MCFE with fine-grained access control scheme with only a linear factor of n in the ciphertext size. Our final scheme thus outperforms the Abdalla et al.’s scheme by a factor n, as one can obtain MIFE from MCFE by making all the labels in MCFE a fixed public constant. The concrete constructions are secure under the SXDH assumption, in the random oracle model for the MCFE scheme, but in the standard model for the MIFE improvement.
U2 - 10.1007/978-3-031-22963-3_4
DO - 10.1007/978-3-031-22963-3_4
M3 - Conference contribution
AN - SCOPUS:85149698223
SN - 9783031229626
T3 - Lecture Notes in Computer Science
SP - 95
EP - 125
BT - Advances in Cryptology – ASIACRYPT 2022 - 28th International Conference on the Theory and Application of Cryptology and Information Security, 2022, Proceedings
A2 - Agrawal, Shweta
A2 - Lin, Dongdai
PB - Springer Science and Business Media Deutschland GmbH
T2 - 28th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2022
Y2 - 5 December 2022 through 9 December 2022
ER -