Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions

Zvika Brakerski, Ilan Komargodski*, Gil Segev

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

17 Scopus citations


We construct a general-purpose multi-input functional encryption scheme in the private-key setting. Namely, we construct a scheme where a functional key corresponding to a function f enables a user holding encryptions of x1, … , xt to compute f(x1, … , xt) but nothing else. This is achieved starting from any general-purpose private-key single-input scheme (without any additional assumptions) and is proven to be adaptively secure for any constant number of inputs t. Moreover, it can be extended to a super-constant number of inputs assuming that the underlying single-input scheme is sub-exponentially secure. Instantiating our construction with existing single-input schemes, we obtain multi-input schemes that are based on a variety of assumptions (such as indistinguishability obfuscation, multilinear maps, learning with errors, and even one-way functions), offering various trade-offs between security assumptions and functionality. Previous and concurrent constructions of multi-input functional encryption schemes either rely on stronger assumptions and provided weaker security guarantees (Goldwasser et al. in Advances in cryptology—EUROCRYPT, 2014; Ananth and Jain in Advances in cryptology—CRYPTO, 2015), or relied on multilinear maps and could be proven secure only in an idealized generic model (Boneh et al. in Advances in cryptology—EUROCRYPT, 2015). In comparison, we present a general transformation that simultaneously relies on weaker assumptions and guarantees stronger security.

Original languageAmerican English
Pages (from-to)434-520
Number of pages87
JournalJournal of Cryptology
Issue number2
StatePublished - 1 Apr 2018

Bibliographical note

Publisher Copyright:
© 2017, International Association for Cryptologic Research.


  • Adaptive security
  • Functional encryption
  • Multi-input functional encryption
  • Private-key


Dive into the research topics of 'Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions'. Together they form a unique fingerprint.

Cite this