Robust Decentralized Multi-client Functional Encryption: Motivation, Definition, and Inner-Product Constructions

Decentralized Multi-Client Functional Encryption (DMCFE) is a multi-user extension of Functional Encryption (FE) without relying on a trusted third party. However, a fundamental requirement for DMCFE is that the decryptor must collect the partial functional keys and the ciphertexts from all clients. If one client does not generate the partial functional key or the ciphertext, the decryptor cannot obtain any useful information. We found that this strong requirement limits the application of DMCFE in scenarios such as statistical analysis and machine learning. In this paper, we first introduce a new primitive named Robust Decentralized Multi-Client Functional Encryption (RDMCFE), a notion generalized from DMCFE that aims to tolerate the problem of negative clients leading to nothing for the decryptor, where negative clients represent participants that are unable or unwilling to compute the partial functional key or the ciphertext. Conversely, a client is said to be a positive one if it is able and willing to compute both the partial functional key and the ciphertext. In RDMCFE scheme, the positive client set S is known by each positive client such that the generated partial functional keys help to eliminate the influence of negative clients, and the decryptor can learn the function value corresponding to the sensitive data of all positive clients when the cardinality of the set S is not less than a given threshold. We present such constructions for functionalities corresponding to the evaluation of inner products.