International Association
for Cryptologic Research

\\emph{Functional encryption} (FE) is a powerful primitive enabling fine-grained access to encrypted data. In an FE scheme, secret keys (``tokens\'\') correspond to functions; a user in possession of a

ciphertext $\\ct = \\enc(x)$ and a token $\\tkf$ for the function~$f$

can compute $f(x)$ but learn nothing else about~$x$. An active area of research over the past few years has focused on the development of ever more expressive FE schemes.

In this work we introduce the notion of \\emph{multi-input} functional encryption. Here, informally, a user in possession of a token $\\tkf$ for an $n$-ary function $f$ and \\emph{multiple} ciphertexts $\\ct_1=\\enc(x_1)$, \\ldots, $\\ct_n=\\enc(x_n)$ can compute $f(x_1, \\ldots, x_n)$ but nothing else about the~$\\{x_i\\}$.

Besides introducing the notion, we explore the feasibility of multi-input FE in the public-key and symmetric-key settings, with respect to both indistinguishability-based and simulation-based definitions of security.