Authors: Michel Abdalla and Florian Bourse and Hugo Marival and David Pointcheval and Azam Soleimanian and Hendrik Waldner.
Accepted paper for the 12TH CONFERENCE ON SECURITY AND CRYPTOGRAPHY FOR NETWORKS
[Abstract] Multi-client Functional Encryption (MCFE) is an extension of Functional Encryption (FE) in which the decryption procedure involves ciphertexts from multiple parties. It is particularly useful in the context of data outsourcing and cloud computing where the data may come from different sources and where some data centres or servers may need to perform different types of computation on this data. In order to protect the privacy of the encrypted data, the server, in possession of a functional decryption key, should only be able to compute the final result in the clear, but no other information regarding the encrypted data. In this paper, we consider MCFE schemes supporting encryption labels, which allow the encryptor to limit the amount of possible mix-and-match that can take place during the decryption. This is achieved by only allowing the decryption of ciphertexts that were generated with respect to the same label. This flexible form of FE was already investigated by Abdalla et al. [Asiacrypt 2019] and Chotard et al. [Asiacrypt 2018]. The former provided a general construction based on different standard assumptions, but its ciphertext size grows quadratically with the number of clients. The latter gave a MCFE based on Decisional Diffie-Hellman (DDH) assumption which requires a small inner-product space. In this work, we overcome the deficiency of these works by presenting three constructions with linear-sized ciphertexts based on the Matrix-DDH (MDDH), Decisional Composite Residuosity (DCR) and Learning with Errors (LWE) assumptions in the random-oracle model. We also implement our constructions to evaluate their concrete efficiency.