International Association for Cryptologic Research (IACR)
Abstract
We propose the first unbounded functional encryption (FE) scheme for quadratic functions and its extension, in which the sizes of messages to be encrypted are not a priori bounded.
Prior to our work, all FE schemes for quadratic functions are bounded, meaning that the message length is fixed at the setup.
In the first scheme, encryption takes {xi}i∈Sc, key generation takes {ci,j}i,j∈Sk, and decryption outputs ∑i,j∈Skci,jxixj if and only if Sk⊆Sc, where the sizes of Sc and Sk can be arbitrary.
Our second scheme is the extension of the first scheme to partially-hiding FE that computes an arithmetic branching program on a public input and a quadratic function on a private input.
Concretely, encryption takes a public input u in addition to {xi}i∈Sc, a secret key is associated with arithmetic branching programs {fi,j}i,j∈Sk, and decryption yields ∑i,j∈Skfi,j(u)xixj if and only if Sk⊆Sc.
Both our schemes are based on pairings and secure in the simulation-based model under the standard MDDH assumption