Theory of Cryptography Conference

TCC 2009: Theory of Cryptography pp 202-219

On the (Im)Possibility of Key Dependent Encryption

  • Iftach Haitner
  • Thomas Holenstein
Conference paper

DOI: 10.1007/978-3-642-00457-5_13

Volume 5444 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Haitner I., Holenstein T. (2009) On the (Im)Possibility of Key Dependent Encryption. In: Reingold O. (eds) Theory of Cryptography. TCC 2009. Lecture Notes in Computer Science, vol 5444. Springer, Berlin, Heidelberg


We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results that hold both in the private and in the public key settings:

  • Let \(\mathcal{H}\) be the family of poly(n)-wise independent hash-functions. There exists no fully-black-box reduction from an encryption scheme secure against key-dependent messages to one-way permutations (and also to families of trapdoor permutations) if the adversary can obtain encryptions of h(k) for \(h \in \mathcal{H}\).

  • There exists no reduction from an encryption scheme secure against key-dependent messages to, essentially, any cryptographic assumption, if the adversary can obtain an encryption of g(k) for an arbitraryg, as long as the reduction’s proof of security treats both the adversary and the function g as black boxes.


Key-dependent inputBlack-box separationsOne-way functions
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Iftach Haitner
    • 1
  • Thomas Holenstein
    • 2
  1. 1.Microsoft Research 
  2. 2.Department of Computer SciencePrinceton University