Akavia, Gentry, Halevi, and Vald (TCC’22, JoC’25) introduced the security notion of function-chosen-plaintext-attack (\({\textsf{FuncCPA}}\) security) for public-key encryption schemes. \({\textsf{FuncCPA}}\) is defined by adding a functional re-encryption oracle to the \(\textsf {IND-CPA} \) game. This notion is crucial for secure computation applications where the server is allowed to delegate a part of the computation to the client. Dodis, Halevi, and Wichs (TCC’23) introduced a stronger variant called \({\textsf{FuncCPA}^+}\), and conjectured that \({\textsf{FuncCPA}^+}\) is strictly stronger than \({\textsf{FuncCPA}}\), while they showed \({\textsf{FuncCPA}^+}\) implies \({\textsf{FuncCPA}}\). Seeking insights into this conjecture, they showed that \({\textsf{ReEncCPA}^+}\) is strictly stronger than \({\textsf{ReEncCPA}}\), where \({\textsf{ReEncCPA}}\) and \({\textsf{ReEncCPA}^+}\) are restricted versions of \({\textsf{FuncCPA}}\) and \({\textsf{FuncCPA}^+}\) respectively.
In this paper, contrary to their conjecture, we show that \({\textsf{FuncCPA}^+}\) is equivalent to \({\textsf{FuncCPA}}\). We also introduce new variants of \({\textsf{FuncCPA}}\); \({\textsf{Weak}{\textsf{FuncCPA}}}\), \(\textsf {OW-}{\textsf{FuncCPA}} \), and \(\textsf {OW-}{\textsf{Weak}{\textsf{FuncCPA}}} \). \({\textsf{Weak}{\textsf{FuncCPA}}}\) is a restricted variant of \({\textsf{FuncCPA}}\) in that an oracle query is prohibited after the challenge query (like \(\textsf {IND-CCA1} \)). \(\textsf {OW-}{\textsf{FuncCPA}} \) and \(\textsf {OW-}{\textsf{Weak}{\textsf{FuncCPA}}} \) are the one-way (\(\textsf{OW}\)) versions of \({\textsf{FuncCPA}}\) and \({\textsf{Weak}{\textsf{FuncCPA}}}\), respectively. This paper shows that \({\textsf{Weak}{\textsf{FuncCPA}}}\) and \(\textsf {OW-}{\textsf{FuncCPA}} \) are equivalent to \({\textsf{FuncCPA}}\), that is, all of \({\textsf{FuncCPA}}\), \({\textsf{FuncCPA}^+}\), \({\textsf{Weak}{\textsf{FuncCPA}}}\), and \(\textsf {OW-}{\textsf{FuncCPA}} \) are equivalent. Considering the separation of \(\textsf {IND-CCA1} \) and \(\textsf {IND-CCA2} \), and that of \(\textsf{OW}\text {-}\textsf{CPA}\) and \(\textsf {IND-CPA} \), these results are surprising. To show the equivalence, we develop novel techniques to utilize functional re-encryption oracles. We then provide the separation results that \(\textsf {OW-}{\textsf{Weak}{\textsf{FuncCPA}}} \) does not imply \({\textsf{FuncCPA}}\) and \({\textsf{ReEncCPA}^+}\) does not imply \({\textsf{FuncCPA}}\).
