International Association for Cryptologic Research

International Association
for Cryptologic Research


Multi-Client Inner Product Encryption: Function-Hiding Instantiations Without Random Oracles

Elaine Shi , Carnegie Mellon University
Nikhil Vanjani , Carnegie Mellon University
DOI: 10.1007/978-3-031-31368-4_22
Search ePrint
Search Google
Presentation: Slides
Conference: PKC 2023
Abstract: In a Multi-Client Functional Encryption (MCFE) scheme, n clients each obtain a secret encryption key from a trusted authority. During each time step t, each client i can encrypt its data using its secret key. The authority can use its master secret key to compute a functional key given a function f, and the functional key can be applied to a collection of n clients’ ciphertexts encrypted to the same time step, resulting in the outcome of f on the clients’ data. In this paper, we focus on MCFE for inner-product computations. If an MCFE scheme hides not only the clients’ data, but also the function f, we say it is function hiding. Although MCFE for inner-product computation has been extensively studied, how to achieve function privacy is still poorly understood. The very recent work of Agrawal et al. showed how to construct a function-hiding MCFE scheme for inner-product assuming standard bilinear group assumptions; however, they assume the existence of a random oracle and prove only a relaxed, selective security notion. An intriguing open question is whether we can achieve function-hiding MCFE for inner-product without random oracles. In this work, we are the first to show a function-hiding MCFE scheme for inner products, relying on standard bilinear group assumptions. Further, we prove adaptive security without the use of a random oracle. Our scheme also achieves succinct ciphertexts, that is, each coordinate in the plaintext vector encrypts to only O(1) group elements. Our main technical contribution is a new upgrade from single-input functional encryption for inner-products to a multi-client one. Our upgrade preserves function privacy, that is, if the original single-input scheme is function-hiding, so is the resulting multi-client construction. Further, this new upgrade allows us to obtain a conceptually simple construction.
  title={Multi-Client Inner Product Encryption: Function-Hiding Instantiations Without Random Oracles},
  author={Elaine Shi and Nikhil Vanjani},