Adaptive Simulation Security for Inner Product Functional Encryption

Inner product functional encryption [1] is a popular primitive which enables inner product computations on encrypted data. In, the ciphertext is associated with a vector, the secret key is associated with a vector and decryption reveals the inner product. Previously, it was known how to achieve adaptive indistinguishability based security for from the assumptions [8]. However, in the stronger simulation based security game, it was only known how to support a restricted adversary that makes all its key requests either before or after seeing the challenge ciphertext, but not both. In more detail, Wee [46] showed that the-based scheme of Agrawal et al. (Crypto 2016) achieves semi-adaptive simulation-based security, where the adversary must make all its key requests after seeing the challenge ciphertext. On the other hand, O’Neill showed that all-secure schemes (which may be based on satisfy based security in the restricted model where the adversary makes all its key requests before seeing the challenge ciphertext. In this work, we resolve the question of-based security for by showing that variants of the constructions by Agrawal et al., based on, Paillier and, satisfy the strongest possible adaptive-based security where the adversary can make an unbounded number of key requests both before and after seeing the (single) challenge ciphertext. This establishes optimal security of the schemes, under all hardness assumptions on which it can (presently) be based.