[Resource Topic] 2023/1191: Attribute-Based Multi-Input FE (and more) for Attribute-Weighted Sums

Welcome to the resource topic for 2023/1191

Title:
Attribute-Based Multi-Input FE (and more) for Attribute-Weighted Sums

Authors: Shweta Agrawal, Junichi Tomida, Anshu Yadav

Abstract:

Recently, Abdalla, Gong and Wee (Crypto 2020) provided the first functional encryption scheme for attribute-weighted sums (AWS), where encryption takes as input N (unbounded) attribute-value pairs \{\vec{x}_i, \vec{z}_i\}_{I \in [N]} where \vec{x}_i is public and \vec{z}_i is private, the secret key is associated with an arithmetic branching programs f, and decryption returns the weighted sum {\sum}_{{i \in [N]}} f(\vec{x}_i)^\top \vec{z}_i, leaking no additional information about the \vec{z}_i's.
We extend FE for AWS to the significantly more challenging multi-party setting and provide the first construction for {\it attribute-based} multi-input FE (MIFE) supporting AWS. For i \in [n], encryptor i can choose an attribute \vec{y}_i together with AWS input \{\vec{x}_{i,j}, \vec{z}_{i,j}\} where j \in [N_i] and N_i is unbounded, the key generator can choose an access control policy g_i along with its AWS function h_i for each i \in [n], and the decryptor can compute

$$\sum_{i \in [n]}\sum_{j \in [N_{i}]}h_{i}(\vec{x}{i,j})^{\top}\vec{z}{i,j} \text{ iff } g_{i}(\vec{y}_{i}) =0 \text{ for all } i \in [n]$$

Previously, the only known attribute based MIFE was for the inner product functionality (Abdalla et al.~Asiacrypt 2020), where additionally, \vec{y}_i had to be fixed during setup and must remain the same for all ciphertexts in a given slot.
Our attribute based MIFE implies the notion of multi-input {\it attribute based encryption} (\miabe) recently studied by Agrawal, Yadav and Yamada (Crypto 2022) and Francati, Friolo, Malavolta and Venturi (Eurocrypt 2023), for a conjunction of predicates represented as arithmetic branching programs (ABP).
Along the way, we also provide the first constructions of multi-client FE (MCFE) and dynamic decentralized FE (DDFE) for the AWS functionality. Previously, the best known MCFE and DDFE schemes were for inner products (Chotard et al.~ePrint 2018, Abdalla, Benhamouda and Gay, Asiacrypt 2019, and Chotard et al.~Crypto 2020).
Our constructions are based on pairings and proven selectively secure under the matrix DDH assumption.

ePrint: https://eprint.iacr.org/2023/1191

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .