Adaptive Simulation Security for Inner Product Functional Encryption.

Inner product functional encryption (\\({\\mathsf {IPFE}}\\)) [1] is a popular primitive which enables inner product computations on encrypted data. In \\({\\mathsf {IPFE}}\\), the ciphertext is associated with a vector \\(\\varvec{x}\\), the secret key is associated with a vector \\(\\varvec{y}\\) and decryption reveals the inner product \\(\\langle \\varvec{x},\\varvec{y}\\rangle \\). Previously, it was known how to achieve adaptive indistinguishability (\\(\\mathsf {IND}\\)) based security for \\({\\mathsf {IPFE}}\\) from the \\(\\mathsf {DDH}\\), \\(\\mathsf {DCR}\\) and \\(\\mathsf {LWE}\\) assumptions [8]. However, in the stronger simulation (\\(\\mathsf {SIM}\\)) based security game, it was only known how to support a restricted adversary that makes all its key requests either before or after seeing the challenge ciphertext, but not both. In more detail, Wee [46] showed that the \\(\\mathsf {DDH}\\)-based scheme of Agrawal et al. (Crypto 2016) achieves semi-adaptive simulation-based security, where the adversary must make all its key requests after seeing the challenge ciphertext. On the other hand, O’Neill showed that all \\(\\mathsf {IND}\\)-secure \\({\\mathsf {IPFE}}\\) schemes (which may be based on \\(\\mathsf {DDH}\\), \\(\\mathsf {DCR}\\) and \\(\\mathsf {LWE}\\)) satisfy \\(\\mathsf {SIM}\\) based security in the restricted model where the adversary makes all its key requests before seeing the challenge ciphertext.