Advertisement

Separations in Circular Security for Arbitrary Length Key Cycles

  • Venkata Koppula
  • Kim Ramchen
  • Brent Waters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9015)

Abstract

While standard notions of security suffice to protect any message supplied by an adversary, in some situations stronger notions of security are required. One such notion is n-circular security, where ciphertexts Enc(pk1, sk2), Enc(pk2, sk3), . . . , Enc(pk n , sk1) should be indistinguishable from encryptions of zero.

In this work we prove the following results for n-circular security, based upon recent candidate constructions of indistinguishability obfuscation [18,16] and one way functions:

– For any n there exists an encryption scheme that is IND-CPA secure but not n-circular secure.

– There exists a bit encryption scheme that is IND-CPA secure, but not 1-circular secure.

– If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles.

The last result is generic and applies to any such cryptosystem.

Keywords

Encryption Scheme Homomorphic Encryption Cryptology ePrint Archive Security Game Polynomial Time Adversary 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Acar, T., Belenkiy, M., Bellare, M., Cash, D.: Cryptographic agility and its relation to circular encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 403–422. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Adão, P., Bana, G., Herzog, J.C., Scedrov, A.: Soundness of formal encryption in the presence of key-cycles. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 374–396. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Alperin-Sheriff, J., Peikert, C.: Circular and KDM security for identity-based encryption. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 334–352. Springer, Heidelberg (2012), http://dx.doi.org/10.1007/978-3-642-30057-8_20 CrossRefGoogle Scholar
  4. 4.
    Applebaum, B.: Key-dependent message security: Generic amplification and completeness. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 527–546. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-03356-8_35CrossRefGoogle Scholar
  6. 6.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 423–444. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages (2001) (manuscript)Google Scholar
  9. 9.
    Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-secure encryption from decision diffie-hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. Cryptology ePrint Archive, Report 2013/642 (2013), http://eprint.iacr.org/
  11. 11.
    Brakerski, Z., Goldwasser, S.: Circular and leakage resilient public-key encryption under subgroup indistinguishability. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 1–20. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Brakerski, Z., Goldwasser, S., Kalai, Y.T.: Black-box circular-secure encryption beyond affine functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 201–218. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505–524. Springer, Heidelberg (2011), http://dx.doi.org/10.1007/978-3-642-22792-9_29CrossRefGoogle Scholar
  14. 14.
    Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001), http://dx.doi.org/10.1007/3-540-44987-6_7 CrossRefGoogle Scholar
  15. 15.
    Cash, D., Green, M., Hohenberger, S.: New definitions and separations for circular security. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 540–557. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 476–493. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  17. 17.
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  18. 18.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. Cryptology ePrint Archive, Report 2013/451 (2013)Google Scholar
  19. 19.
    Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009), http://crypto.stanford.edu/craig
  20. 20.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Haitner, I., Holenstein, T.: On the (im)possibility of key dependent encryption. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 202–219. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-00457-5_13CrossRefGoogle Scholar
  22. 22.
    Laud, P.: Encryption cycles and two views of cryptography. In: NORDSEC 2002 - Proceedings of the 7th Nordic Workshop on Secure IT Systems Karlstad University Studies 2002:31, pp. 85–100 (2002)Google Scholar
  23. 23.
    Malkin, T., Teranishi, I., Yung, M.: Efficient circuit-size independent public key encryption with KDM security. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 507–526. EUROCRYPT, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Marcedone, A., Orlandi, C.: Obfuscation = = > (ind-cpa security =/=> circular security). Cryptology ePrint Archive, Report 2013/690 (2013), http://eprint.iacr.org/
  25. 25.
    Rothblum, R.D.: On the circular security of bit-encryption. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 579–598. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  26. 26.
    Rothblum, R.: Personal communication (2014)Google Scholar
  27. 27.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: Deniable encryption, and more. Cryptology ePrint Archive, Report 2013/454 (2013)Google Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Venkata Koppula
    • 1
  • Kim Ramchen
    • 1
  • Brent Waters
    • 1
  1. 1.University of Texas at AustinAustinUSA

Personalised recommendations