Article,
Multi-key and Multi-input Predicate Encryption (for Conjunctions) from Learning with Errors
Affiliations
- [1] Aarhus Univ, Aarhus, Denmark [NORA names: AU Aarhus University; University; Denmark; Europe, EU; Nordic; OECD];
- [2] Sapienza Univ Rome, Rome, Italy [NORA names: Italy; Europe, EU; OECD];
- [3] Bocconi Univ, Milan, Italy [NORA names: Italy; Europe, EU; OECD]
Abstract
We put forward two natural generalizations of predicate encryption (PE), dubbed multi-key and multi-input PE. More in details, our contributions are threefold. Definitions. We formalize security of multi-key PE and multi-input PE following the standard indistinguishability paradigm, and modeling security both against malicious senders (i.e., corruption of encryption keys) and malicious receivers (i.e., collusions). Constructions. We construct adaptively secure multi-key and multi-input PE supporting the conjunction of poly-many arbitrary single-input predicates, assuming the sub-exponential hardness of the learning with errors (LWE) problem. Applications. We show that multi-key and multi-input PE for expressive enough predicates suffices for interesting cryptographic applications, including non-interactive multi-party computation (NI-MPC) and matchmaking encryption (ME). In particular, plugging in our constructions of multi-key and multi-input PE, under the sub-exponential LWE assumption, we obtain the first ME supporting arbitrary policies with unbounded collusions, as well as robust (resp. non-robust) NI-MPC for so-called all-or-nothing functions satisfying a non-trivial notion of reusability and supporting a constant (resp. polynomial) number of parties. Prior to our work, both of these applications required much heavier tools such as indistinguishability obfuscation or compact functional encryption.