I have to write an essay on the paper ad hoc multi-input functional encryption, and can't understand the security definition. In a nutshell it is a primitive that allow sources to supply encrypted data, such that at any point a dynamically-chosen subset of
sources can allow an agreed-upon joint function of their data to be computed by the aggregator.
Syntax description:
Security definition:
I've got the following questions about the security definition:
- I do not understand why a queried function is defined and why its defined this way.
I think the gist is a function is queried if you could provide ciphertexts for all it's input arguments (by having the keys when its corrupted or asking keygen oracle). But what is it trying to say by "for every user associated with it's input wires"?
A function can be calculated on different subset of users. Would it not be more reasonable if it said "$f$ is queried if there exist a $\{i_1, ... , i_{\ell}\}$ such that for every user associated with ..."?
- Should it not read: "$j \in I$, i.e. $j$ is corrupted and $y_{j,0} = y_{j,i}$" at the bullet point that I highlighted?
Otherwise whats the point if the inputs that are controlled by the adversary are different? It's not going to help you distinguish the challenge and guess the $b$.
