## CryptoDB

### Paper: Adaptive Simulation Security for Inner Product Functional Encryption

Authors: Shweta Agrawal Benoît Libert Monosij Maitra Radu Titiu DOI: 10.1007/978-3-030-45374-9_2 Search ePrint Search Google Inner product functional encryption ( ${mathsf {IPFE}}$ ) [ 1 ] is a popular primitive which enables inner product computations on encrypted data. In ${mathsf {IPFE}}$ , the ciphertext is associated with a vector $varvec{x}$ , the secret key is associated with a vector $varvec{y}$ and decryption reveals the inner product $langle varvec{x},varvec{y} angle$ . Previously, it was known how to achieve adaptive indistinguishability ( $mathsf {IND}$ ) based security for ${mathsf {IPFE}}$ from the $mathsf {DDH}$ , $mathsf {DCR}$ and $mathsf {LWE}$ assumptions [ 8 ]. However, in the stronger simulation ( $mathsf {SIM}$ ) based security game, it was only known how to support a restricted adversary that makes all its key requests either before or after seeing the challenge ciphertext, but not both. In more detail, Wee [ 46 ] showed that the $mathsf {DDH}$ -based scheme of Agrawal et al. (Crypto 2016) achieves semi-adaptive simulation-based security, where the adversary must make all its key requests after seeing the challenge ciphertext. On the other hand, O’Neill showed that all $mathsf {IND}$ -secure ${mathsf {IPFE}}$ schemes (which may be based on $mathsf {DDH}$ , $mathsf {DCR}$ and $mathsf {LWE}$ ) satisfy $mathsf {SIM}$ based security in the restricted model where the adversary makes all its key requests before seeing the challenge ciphertext. In this work, we resolve the question of $mathsf {SIM}$ -based security for ${mathsf {IPFE}}$ by showing that variants of the ${mathsf {IPFE}}$ constructions by Agrawal et al. , based on $mathsf {DDH}$ , Paillier and $mathsf {LWE}$ , satisfy the strongest possible adaptive $mathsf {SIM}$ -based security where the adversary can make an unbounded number of key requests both before and after seeing the (single) challenge ciphertext. This establishes optimal security of the ${mathsf {IPFE}}$ schemes, under all hardness assumptions on which it can (presently) be based.
##### BibTeX
@article{pkc-2020-30282,
title={Adaptive Simulation Security for Inner Product Functional Encryption},
booktitle={Public-Key Cryptography – PKC 2020},
series={Public-Key Cryptography – PKC 2020},
publisher={Springer},
volume={12110},
pages={34-64},
doi={10.1007/978-3-030-45374-9_2},
author={Shweta Agrawal and Benoît Libert and Monosij Maitra and Radu Titiu},
year=2020
}