Encryption Schemes Secure under Related-Key and Key-Dependent Message Attacks
We construct secret-key encryption (SKE) schemes that are secure against related-key attacks and in the presence of key-dependent messages (RKA-KDM secure). We emphasize that RKA-KDM security is not merely the conjunction of individual security properties, but covers attacks in which ciphertexts of key-dependent messages under related keys are available. Besides being interesting in their own right, RKA-KDM secure schemes allow to garble circuits with XORs very efficiently (Applebaum, TCC 2013). Until now, the only known RKA-KDM secure SKE scheme (due to Applebaum) is based on the LPN assumption. Our schemes are based on various other computational assumptions, namely DDH, LWE, QR, and DCR.
We abstract from Applebaum’s construction and proof, and formalize three generic technical properties that imply RKA-KDM security: one property is IND-CPA security, and the other two are the existence of suitable oracles that produce ciphertexts under related keys, resp. of key-dependent messages. We then give simple SKE schemes that achieve these properties. Our constructions are variants of known KDM-secure public-key encryption schemes. To additionally achieve RKA security, we isolate suitable homomorphic properties of the underlying schemes in order to simulate ciphertexts under related keys in the security proof. RKA-KDM security for our schemes holds w.r.t. affine functions (over the respective mathematical domain).
From a conceptual point of view, our work provides a generic and extensible way to construct encryption schemes with multiple special security properties.
Keywordsrelated key attacks key-dependent message security garbled circuits
- 12.Bellare, M., Cash, D., Keelveedhi, S.: Ciphers that Securely Encipher their own Keys. In: ACM Conference on Computer and Communications Security, pp. 423–432 (2011)Google Scholar
- 14.Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 784–796. ACM (2012)Google Scholar
- 15.Bellare, M., Hoang, V.T., Rogaway, P.: Foundations of garbled circuits. Cryptology ePrint Archive, Report 2012/265 (2012), http://eprint.iacr.org/
- 24.Böhl, F., Davies, G.T., Hofheinz, D.: Encryption schemes secure under related-key and key-dependent message attacks. IACR Cryptology ePrint Archive 653 (2013)Google Scholar
- 29.Dziembowski, S., Pietrzak, K.: Leakage-Resilient Cryptography. In: FOCS, pp. 293–302 (2008)Google Scholar
- 31.Halevi, S., Krawczyk, H.: Security under Key-Dependent Inputs. In: ACM Conference on Computer and Communications Security, pp. 466–475 (2007)Google Scholar