[Resource Topic] 2022/441: Two-Client Inner-Product Functional Encryption, with an Application to Money-Laundering Detection

Resource Public-key cryptography
#1

Welcome to the resource topic for 2022/441

Title:
Two-Client Inner-Product Functional Encryption, with an Application to Money-Laundering Detection

Authors: Paola de Perthuis and David Pointcheval

Abstract:

In this paper, we extend Inner-Product Functional Encryption (IPFE), where there is just a vector in the key and a vector in the single sender’s ciphertext, to two-client ciphertexts. More precisely, in our two-client functional encryption scheme, there are two data providers who can independently encrypt vectors \mathbf{x} and \mathbf{y} for a data consumer who can, from a functional decryption key associated to a vector \mathbf{\alpha}, compute \sum \alpha_i x_i y_i = \mathbf{x} \cdot \mathsf{Diag}(\mathbf{\alpha}) \cdot \mathbf{y}^\top. Ciphertexts are linear in the dimension of the vectors, whereas the functional decryption keys are of constant size. We study two interesting particular cases: - 2-party Inner-Product Functional Encryption, with \mathbf{\alpha}= (1,\ldots,1). There is a unique functional decryption key, which enables the computation of \mathbf{x}\cdot \mathbf{y}^\top by a third party, where \mathbf{x} and \mathbf{y} are provided by two independent clients; - Inner-Product Functional Encryption with a Selector, with \mathbf{x}= \mathbf{x}_0 \| \mathbf{x}_1 and \mathbf{y}= \bar{b}^n \| b^n \in \{ 1^n \| 0^n, 0^n \| 1^n \}, for some bit b, on the public coefficients \mathbf{\alpha} = \mathbf{\alpha}_0 \| \mathbf{\alpha}_1, in the functional decryption key, so that one gets \mathbf{x}_b \cdot \mathbf{\alpha}_b^\top, where \mathbf{x} and b are provided by two independent clients. This result is based on the fundamental Product-Preserving Lemma, which is of independent interest. It exploits Dual Pairing Vector Spaces (DPVS), with security proofs under the \mathsf{SXDH} assumption. We provide two practical applications: to medical diagnosis for the latter IPFE with Selector, and to money-laundering detection for the former 2-party IPFE, both with strong privacy properties, with adaptative security and the use of labels granting a Multi-Client Functional Encryption (MCFE) security for the scheme, thus enabling its use in practical situations.

ePrint: https://eprint.iacr.org/2022/441

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .