TY - GEN
T1 - Optimal Security Notion for Decentralized Multi-Client Functional Encryption
AU - Nguyen, Ky
AU - Phan, Duong Hieu
AU - Pointcheval, David
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023/1/1
Y1 - 2023/1/1
N2 - Research on (Decentralized) Multi-Client Functional Encryption (or (D)MCFE) is very active, with interesting constructions, especially for the class of inner products. However, the security notions have been evolving over the time. While the target of the adversary in distinguishing ciphertexts is clear, legitimate scenarios that do not consist of trivial attacks on the functionality are less obvious. In this paper, we wonder whether only trivial attacks are excluded from previous security games. And, unfortunately, this was not the case. We then propose a stronger security notion, with a large definition of admissible attacks, and prove it is optimal: any extension of the set of admissible attacks is actually a trivial attack on the functionality, and not against the specific scheme. In addition, we show that all the previous constructions are insecure w.r.t. this new security notion. Eventually, we propose new DMCFE schemes for the class of inner products that provide the new features and achieve this stronger security notion.
AB - Research on (Decentralized) Multi-Client Functional Encryption (or (D)MCFE) is very active, with interesting constructions, especially for the class of inner products. However, the security notions have been evolving over the time. While the target of the adversary in distinguishing ciphertexts is clear, legitimate scenarios that do not consist of trivial attacks on the functionality are less obvious. In this paper, we wonder whether only trivial attacks are excluded from previous security games. And, unfortunately, this was not the case. We then propose a stronger security notion, with a large definition of admissible attacks, and prove it is optimal: any extension of the set of admissible attacks is actually a trivial attack on the functionality, and not against the specific scheme. In addition, we show that all the previous constructions are insecure w.r.t. this new security notion. Eventually, we propose new DMCFE schemes for the class of inner products that provide the new features and achieve this stronger security notion.
KW - Corruptions
KW - Functional Encryption
KW - Security Notions
U2 - 10.1007/978-3-031-33491-7_13
DO - 10.1007/978-3-031-33491-7_13
M3 - Conference contribution
AN - SCOPUS:85179753202
SN - 9783031334900
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 336
EP - 365
BT - Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Proceedings
A2 - Tibouchi, Mehdi
A2 - Wang, XiaoFeng
PB - Springer Science and Business Media Deutschland GmbH
T2 - 21st International Conference on Applied Cryptography and Network Security, ACNS 2023
Y2 - 19 June 2023 through 22 June 2023
ER -