Multi-Client Functional Encryption for Linear Functions in the Standard Model from LWE

摘要

Multi-client functional encryption (MCFE) allows ℓ clients to encrypt ciphertexts (C_t,_1, C_t,_2,···, C_t._ℓ) under some label. Each client can encrypt his own data X_i for a label t using a private encryption key ek_i issued by a trusted authority in such a way that, as long as-all C_t,_i share the same label t, an evaluator endowed with a functional key dk_f can evaluate f(X_1, X_2,···, X_ℓ) without learning anything else on the underlying plaintexts Xi. Functional decryption keys can be derived by the central authority using the master secret key. Under the Decision Diffie-Hellman assumption, Chotard et al. (Asiacrypt 2018) recently described an adaptively secure MCFE scheme for the evaluation of linear functions over the integers. They also gave a decentralized variant (DMCFE) of their scheme which does not rely on a centralized authority, but rather allows encryptors to issue functional secret keys in a distributed manner. While efficient, their constructions both rely on random oracles in their security analysis. In this paper, we build a standard-model MCFE scheme for the same functionality and prove it fully secure under adaptive corruptions. Our proof relies on the Learning-With-Errors (LWE) assumption and does not require the random oracle model. We also provide a decentralized variant of our scheme, which we prove secure in the static corruption setting (but for adaptively chosen messages) under the LWE assumption.