Toward Fine-Grained Blackbox Separations Between Semantic and Circular-Security Notions

  • Mohammad Hajiabadi
  • Bruce M. Kapron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10211)


We address the problems of whether t-circular-secure encryption can be based on \((t-1)\)-circular-secure encryption or on semantic (CPA) security, if \(t = 1\). While for \(t = 1\) a folklore construction, based on CPA-secure encryption, can be used to build a 1-circular-secure encryption with the same secret-key and message space, no such constructions are known for the bit-encryption case, which is of particular importance in fully-homomorphic encryption. Also, all constructions of t-circular encryption (bitwise or otherwise) are based on specific assumptions.

We make progress toward these problems by ruling out all fully-blackbox constructions of
  • 1-seed-circular-secure bit encryption from CPA-secure encryption;

  • t-seed-circular-secure encryption from \((t-1)\)-seed-circular secure encryption, for any \(t > 1\).

Informally, seed-circular security is a variant of the circular security notion in which the seed of the key-generation algorithm, instead of the secret key, is encrypted. We also show how to extend our first result to rule out a large and non-trivial class of constructions of 1-circular-secure bit encryption, which we dub key-isolating constructions. Our separations follow the model of Gertner, Malkin and Reingold (FOCS’01), which is a weaker separation model than that of Impagliazzo and Rudich.



We would like to thank Mohammad Mahmoody for useful conversations in an early stage of this work.


  1. 1.
    Alamati, N., Peikert, C.: Three’s compromised too: circular insecurity for any cycle length from (Ring-)LWE. In: Robshaw and Katz [37], pp. 659–680Google Scholar
  2. 2.
    Applebaum, B.: Key-dependent message security: generic amplification and completeness. J. Cryptol. 27(3), 429–451 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03356-8_35 CrossRefGoogle Scholar
  4. 4.
    Asharov, G., Segev, G.: Limits on the power of indistinguishability obfuscation and functional encryption. In: Guruswami, V. (ed.) FOCS 2015, pp. 191–209. IEEE Computer Society (2015)Google Scholar
  5. 5.
    Baecher, P., Brzuska, C., Fischlin, M.: Notions of black-box reductions, revisited. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 296–315. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42033-7_16 CrossRefGoogle Scholar
  6. 6.
    Bishop, A., Hohenberger, S., Waters, B.: New circular security counterexamples from decision linear and learning with errors. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 776–800. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48800-3_32 CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-secure encryption from decision Diffie-Hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_7 CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Papakonstantinou, P.A., Rackoff, C., Vahlis, Y., Waters, B.: On the impossibility of basing identity based encryption on trapdoor permutations. In: FOCS 2008, pp. 283–292. IEEE Computer Society (2008)Google Scholar
  9. 9.
    Brakerski, Z., Goldwasser, S.: Circular and leakage resilient public-key encryption under subgroup indistinguishability. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 1–20. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14623-7_1 CrossRefGoogle Scholar
  10. 10.
    Brakerski, Z., Katz, J., Segev, G., Yerukhimovich, A.: Limits on the power of zero-knowledge proofs in cryptographic constructions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 559–578. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_34 CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Lin, H., Tessaro, S., Vaikuntanathan, V.: Obfuscation of probabilistic circuits and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 468–497. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46497-7_19 CrossRefGoogle Scholar
  12. 12.
    Cash, D., Green, M., Hohenberger, S.: New definitions and separations for circular security. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 540–557. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-30057-8_32 CrossRefGoogle Scholar
  13. 13.
    Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.): PKC 2016, (II). LNCS, vol. 9615. Springer, Heidelberg (2016)zbMATHGoogle Scholar
  14. 14.
    Choi, S.G., Dachman-Soled, D., Malkin, T., Wee, H.: Black-box construction of a non-malleable encryption scheme from any semantically secure one. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 427–444. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78524-8_24 CrossRefGoogle Scholar
  15. 15.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (extended abstract). In: STOC 1991, pp. 542–552 (1991)Google Scholar
  16. 16.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) STOC 2009, pp. 169–178. ACM (2009)Google Scholar
  17. 17.
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: FOCS 2000, pp. 325–335. IEEE Computer Society (2000)Google Scholar
  18. 18.
    Gertner, Y., Malkin, T., Myers, S.: Towards a separation of semantic and CCA security for public key encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 434–455. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-70936-7_24 CrossRefGoogle Scholar
  19. 19.
    Gertner, Y., Malkin, T., Reingold, O.: On the impossibility of basing trapdoor functions on trapdoor predicates. In: FOCS 2001, pp. 126–135. IEEE Computer Society (2001)Google Scholar
  20. 20.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM (1987)Google Scholar
  21. 21.
    Haitner, I., Holenstein, T.: On the (Im)Possibility of key dependent encryption. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 202–219. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_13 CrossRefGoogle Scholar
  22. 22.
    Hajiabadi, M., Kapron, B.M.: Reproducible circularly-secure bit encryption: applications and realizations. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 224–243. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47989-6_11 CrossRefGoogle Scholar
  23. 23.
    Hajiabadi, M., Kapron, B.M., Srinivasan, V.: On generic constructions of circularly-secure, leakage-resilient public-key encryption schemes. In: Cheng et al.[13], pp. 129–158Google Scholar
  24. 24.
    Hsiao, C.-Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_6 CrossRefGoogle Scholar
  25. 25.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Johnson, D.S. (ed.) STOC 1989, pp. 44–61. ACM (1989)Google Scholar
  26. 26.
    Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: Black-box constructions for secure computation. In: Proceedings of the Thirty-Eighth Annual ACM Symposium on Theory of Computing, pp. 99–108. ACM (2006)Google Scholar
  27. 27.
    Koppula, V., Waters, B.: Circular security separations for arbitrary length cycles from LWE. In: Robshaw and Katz [37], pp. 681–700Google Scholar
  28. 28.
    Mahmoody, M., Mohammed, A.: On the power of hierarchical identity-based encryption. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 243–272. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49896-5_9 CrossRefGoogle Scholar
  29. 29.
    Mahmoody, M., Pass, R.: The curious case of non-interactive commitments – on the power of black-box vs. non-black-box use of primitives. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 701–718. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_41 CrossRefGoogle Scholar
  30. 30.
    Malkin, T., Teranishi, I., Yung, M.: Efficient circuit-size independent public key encryption with KDM security. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 507–526. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_28 CrossRefGoogle Scholar
  31. 31.
    Marcedone, A., Pass, R., Shelat, A.: Bounded KDM security from iO and OWF. In: Zikas, V., Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 571–586. Springer, Cham (2016). doi: 10.1007/978-3-319-44618-9_30 CrossRefGoogle Scholar
  32. 32.
    Motwani, R., Raghavan, P.: Randomized Algorithms. Cambridge University Press, New York (1995)CrossRefzbMATHGoogle Scholar
  33. 33.
    Myers, S., Shelat, A.: Bit encryption is complete. In: Foundations of Computer Science, 2009, FOCS 2009, pp. 607–616. IEEE (2009)Google Scholar
  34. 34.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing, pp. 427–437. ACM (1990)Google Scholar
  35. 35.
    Pass, R., Shelat, A., Vaikuntanathan, V.: Construction of a non-malleable encryption scheme from any semantically secure one. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 271–289. Springer, Heidelberg (2006). doi: 10.1007/11818175_16 CrossRefGoogle Scholar
  36. 36.
    Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24638-1_1 CrossRefGoogle Scholar
  37. 37.
    Robshaw, M., Katz, J. (eds.): CRYPTO 2016 (II). LNCS, vol. 9815. Springer, Heidelberg (2016)zbMATHGoogle Scholar
  38. 38.
    Rosen, A., Segev, G.: Chosen-ciphertext security via correlated products. SIAM J. Comput. 39(7), 3058–3088 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Rothblum, R.D.: On the circular security of bit-encryption. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 579–598. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36594-2_32 CrossRefGoogle Scholar
  40. 40.
    Simon, D.R.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998). doi: 10.1007/BFb0054137 CrossRefGoogle Scholar
  41. 41.
    Vahlis, Y.: Two is a crowd? a black-box separation of one-wayness and security under correlated inputs. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 165–182. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-11799-2_11 CrossRefGoogle Scholar
  42. 42.
    Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_2 CrossRefGoogle Scholar
  43. 43.
    Wee, H.: KDM-security via homomorphic smooth projective hashing. In: Cheng et al. [13], pp. 159–179Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity College LondonLondonUK
  2. 2.Department of Computer ScienceUniversity of VictoriaVictoriaCanada

Personalised recommendations