Multi-Client Functional Encryption for Linear Functions in the Standard Model from LWE

Multi-client functional encryption (MCFE) allows l clients to encrypt ciphertexts (C-t,C-1, C-t,C-2,..., C-t,C-l) under some label. Each client can encrypt his own data Xi for a label t using a private encryption key ek i issued by a trusted authority in such a way that, as long as all C t,i share the same label t, an evaluator endowed with a functional key dk f can evaluate f(X-1, X-2,..., X-l) without learning anything else on the underlying plaintexts Xi. Functional decryption keys can be derived by the central authority using the master secret key. Under the Decision Diffie-Hellman assumption, Chotard et al. (Asiacrypt 2018) recently described an adaptively secure MCFE scheme for the evaluation of linear functions over the integers. They also gave a decentralized variant (DMCFE) of their scheme which does not rely on a centralized authority, but rather allows encryptors to issue functional secret keys in a distributed manner. While efficient, their constructions both rely on random oracles in their security analysis. In this paper, we build a standard-model MCFE scheme for the same functionality and prove it fully secure under adaptive corruptions. Our proof relies on the LearningWith-Errors (LWE) assumption and does not require the random oracle model. We also provide a decentralized variant of our scheme, which we prove secure in the static corruption setting (but for adaptively chosen messages) under the LWE assumption.