On the (Im)Possibility of Key Dependent Encryption

  • Iftach Haitner
  • Thomas Holenstein
Conference paper

DOI: 10.1007/978-3-642-00457-5_13

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5444)
Cite this paper as:
Haitner I., Holenstein T. (2009) On the (Im)Possibility of Key Dependent Encryption. In: Reingold O. (eds) Theory of Cryptography. TCC 2009. Lecture Notes in Computer Science, vol 5444. Springer, Berlin, Heidelberg

Abstract

We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results that hold both in the private and in the public key settings:

  • Let \(\mathcal{H}\) be the family of poly(n)-wise independent hash-functions. There exists no fully-black-box reduction from an encryption scheme secure against key-dependent messages to one-way permutations (and also to families of trapdoor permutations) if the adversary can obtain encryptions of h(k) for \(h \in \mathcal{H}\).

  • There exists no reduction from an encryption scheme secure against key-dependent messages to, essentially, any cryptographic assumption, if the adversary can obtain an encryption of g(k) for an arbitraryg, as long as the reduction’s proof of security treats both the adversary and the function g as black boxes.

Keywords

Key-dependent input Black-box separations One-way functions 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Iftach Haitner
    • 1
  • Thomas Holenstein
    • 2
  1. 1.Microsoft Research 
  2. 2.Department of Computer SciencePrinceton University 

Personalised recommendations