M. Abdalla, F. Benhamouda, and R. Gay, From single-input to multi-client inner product functional encryption, Asiacrypt, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02135963

M. Abdalla, F. Benhamouda, M. Kolhweiss, and H. Waldner, Decentralizing inner-product functional encryption, PKC, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02135871

M. Abdalla, F. Bourse, A. D. Caro, and D. Pointcheval, Simple functional encryption schemes for inner products, PKC, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01131971

M. Abdalla, D. Catalano, D. Fiore, R. Gay, and B. Ursu, Multi-input functional encryption for inner products: Function-hiding realizations and constructions without pairings, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01667169

M. Abdalla, R. Gay, M. Raykova, and H. Wee, Multi-input inner-product functional encryption from pairings, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01524105

S. Agrawal, D. Boneh, and X. Boyen, Efficient lattice (H)IBE in the standard model, Eurocrypt, 2010.

S. Agrawal, S. Freeman, and V. Vaikuntanathan, Functional encryption for inner product predicates from learning with errors, Asiacrypt, 2011.

S. Agrawal, B. Libert, and D. Stehlé, Fully secure functional encryption for inner products from standard assumptions, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01228559

S. Agrawal and A. Rosen, Functional encryption for bounded collusions, revisited, TCC, 2017.

J. Alwen, S. Krenn, K. Pietrzak, and D. Wichs, Learning with rounding, revisitednew reduction, properties and applications, 2013.

C. Baltico, D. Catalano, D. Fiore, and R. Gay, Practical functional encryption for quadratic functions with applications to predicate encryption, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01599768

A. Banerjee and C. Peikert, New and improved key-homomorphic pseudo-random functions, Crypto, 2014.

A. Banerjee, C. Peikert, and A. Rosen, Pseudorandom functions and lattices, Eurocrypt, 2012.

F. Benhamouda, F. Bourse, and H. Lipmaa, CCA-secure inner-product functional encryption from projective hash functions, PKC, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01613546

F. Benhamouda, M. Joye, and B. Libert, A framework for privacy-preserving aggregation of time-series data, ACM Transactions on Information and System Security (ACM-TISSEC), vol.18, issue.3, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01181321

D. Boneh and X. Boyen, Secure identity based encryption without random oracles, Crypto, 2004.

D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano, Public key encryption with keyword search, Eurocrypt, 2004.

D. Boneh and M. K. Franklin, Identity-based encryption from the Weil pairing, Crypto, 2001.

D. Boneh, K. Lewi, H. Montgomery, and A. Raghunathan, Key-homomorphic PRFs and their applications, 2013.

D. Boneh, A. Sahai, and B. Waters, Functional encryption: Definitions and challenges, TCC, 2011.

D. Boneh and B. Waters, Conjunctive, subset, and range queries on encrypted data, TCC, 2007.

D. Boneh and M. Zhandry, Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation, 2014.

Z. Brakerski, I. Komargodski, and G. Segev, Multi-input functional encryption in the private-key setting: Stronger security from weaker assumptions, Eurocrypt, 2016.

T. Chan, E. Shi, and D. Song, Privacy-preserving stream aggregation with fault tolerance, FC, 2012.

N. Chandran, V. Goyal, A. Jain, and A. Sahai, Functional encryption: Decentralised and delegatable, Cryptology ePrint Archive, 1017.

M. Chase, Multi-authority attribute based encryption, TCC, 2007.

M. Chase and S. Chow, Improving privacy and security in multi-authority attributebased encryption, ACM-CCS, 2009.

J. Chotard, E. Dufour, R. Sans, D. Gay, D. Phan et al., Decentralized multi-client functional encryption for inner product, In Asiacrypt, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01668020

J. Chotard, E. Dufour, R. Sans, D. Gay, D. Phan et al., Multi-client functional encryption with repetition for inner product, Cryptology ePrint Archive: Report, 1021.

C. Cocks, An identity based encryption scheme based on quadratic residues, IMA International Conference on Cryptography and Coding, 2001.

P. Datta, T. Okamoto, and J. Tomida, Full-hiding (unbounded) multi-input inner product functional encryption from the k-linear assumption, PKC, 2018.

Y. Dodis, Exposure-resilient cryptography, 2000.

A. Fiat and M. Naor, Broadcast encryption, Crypto, 1993.

E. Freire, D. Hofheinz, K. Paterson, and C. Striecks, Programmable hash functions in the multilinear setting, 2013.

S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai et al., Candidate indistinguishability obfuscation and functional encryption for all circuits, FOCS, 2013.

C. Gentry, C. Peikert, and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, STOC, 2008.

C. Gentry, A. Sahai, and B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, 2013.

S. Goldwasser, S. Gordon, V. Goyal, A. Jain, J. Katz et al., Multi-input functional encryption, Eurocrypt, 2014.

S. Goldwasser, V. Goyal, A. Jain, and A. Sahai, Multi-input functional encryption, 2013.

S. Goldwasser, Y. Kalai, C. Peikert, and V. Vaikuntanathan, Robustness of the Learning with Errors assumption, ICS, 2010.

S. Goldwasser, Y. Kalai, R. Popa, V. Vaikuntanathan, and N. Zeldovich, How to run Turing machines on encrypted data, 2013.

S. Goldwasser, Y. Kalai, R. Popa, V. Vaikuntanathan, and N. Zeldovich, Reusable garbled circuits and succinct functional encryption, STOC, 2013.

S. Gorbunov, V. Vaikuntanathan, and H. Wee, Functional encryption with bounded collusions via multi-party computation, 2012.

S. Gordon, J. Katz, F. Liu, E. Shi, and H. Zhou, Multi-input functional encryption, 2014.

V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, ACM-CCS, 2006.

G. Hanaoka, T. Matsuda, and J. Schuldt, On the impossibility of constructing efficient key encapsulation and programmable hash functions in prime order groups, 2012.

D. Hofheinz and E. Kiltz, Programmable hash functions and their applications, Crypto, 2008.

T. Jager, Verifiable random functions from weaker assumptions, TCC, 2015.

M. Joye and B. Libert, A scalable scheme for privacy-preserving aggregation of time-series data, FC, 2013.

S. Katsumata and S. Yamada, Partitioning via non-linear polynomial functions: More compact IBEs from ideal lattices and bilinear maps, Asiacrypt, 2016.

J. Katz, A. Sahai, and B. Waters, Predicate encryption supporting disjunctions, polynomial equations, and inner products, Eurocrypt, 2008.

A. Lewko, E. Okamoto, A. Sahai, K. Takashima, and B. Waters, Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption, Eurocrypt, 2010.

A. Lewko and B. Waters, Decentralizing attribute-based encryption, Eurocrypt, 2011.

A. Lewko and B. Waters, New proof methods for attribute-based encryption: Achieving full security through selective techniques, 2012.

B. Libert, A. Sakzad, D. Stehlé, and R. Steinfeld, All-but-many lossy trapdoor functions and selective opening chosen-ciphertext security from LWE, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01621025

B. Libert, D. Stehlé, and R. Titiu, Adaptively secure distributed PRFs from LWE, TCC, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01911887

H. Lin, Indistinguishability obfuscation from SXDH on 5-linear maps and locality-5 PRGs, Crypto, 2017.

D. Micciancio and C. Peikert, Trapdoors for lattices: Simpler, tighter, faster, smaller, Eurocrypt, 2012.

D. Micciancio and O. Regev, Worst-case to average-case reductions based on Gaussian measures, SIAM J. Comput, vol.37, issue.1, pp.267-302, 2007.

M. Naor, B. Pinkas, and O. Reingold, Distributed pseudo-random functions and KDCs, Eurocrypt, 1999.

T. Okamoto and K. Takashima, Fully secure functional encryption with general relations from the decisional linear assumption, 2010.

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, STOC, 2005.

A. Sahai and H. Seyalioglu, Worry-free encryption: Functional encryption with public keys, ACM-CCS, 2010.

A. Sahai and B. Waters, Fuzzy identity-based encryption, Eurocrypt, 2005.

C. P. Schnorr, A hierarchy of polynomial time lattice basis reduction algorithms, Theor. Comput. Sci, vol.53, issue.2-3, pp.201-224, 1987.

E. Shi, T. Chan, E. Rieffel, R. Chow, and D. Song, Privacy-preserving aggregation of time-series data, NDSS, 2011.

B. Waters, Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization, PKC, 2011.

B. Waters, Functional encryption for regular languages, Crypto, 2012.

H. Wee, Dual system encryption via predicate encoding, TCC, 2014.

S. Yamada, We observe that we have y j · s j ? [?X,X] n ,X = 2 Y ?, for all j ? HS. We also observe that, if A makes all encryption queries QEncrypt(j, x 0,j , x 1,j , t) for all indexes j ? HS for a given tag t, so does B for the same tag t. By construction, B only makes a functional decryption query QDKeygen(f y ) for a function f y when A makes a partial functional key query QDKeygen(j, f y ) for the last honest sender's index j ? HS. In the Finalize step of Definition 2.14, Condition 3 requires that, for any function f y involved in queries QDKeygen(i, f y ) for all honest senders' indexes i ? HS, the condition f y (X 0 ) = f y (X 1 ) be satisfied for any pair of messages X 0 =, Asymptotically compact adaptively secure lattice IBEs and verifiable random functions via generalized partitioning techniques, 2017.

, From (38), it follows that, if secret bit of B's challenger is b = 0, B is playing Game 1 with A. Similarly

D. Lemma, Game 3 and Game 2 are computationally indistinguishable as long as that the MCFE scheme of Section 3 provides IND-sec security. Under the LWE q,m,n1,?1 assumption, we have | Pr