Paper 2013/683

Separations in Circular Security for Arbitrary Length Key Cycles

Venkata Koppula, Kim Ramchen, and Brent Waters

Abstract

While standard notions of security suffice to protect any message supplied by an adversary, in some situations stronger notions of security are required. One such notion is n-circular security, where ciphertexts Enc(pk1, sk2), Enc(pk2, sk3), ..., Enc(pkn, sk1) should be indistinguishable from encryptions of zero. In this work we prove the following results for n-circular security, based upon recent candidate constructions of indistinguishability obfuscation [GGH+ 13b, CLT13]: - For any n there exists an encryption scheme that is IND-CPA secure but not n-circular secure. - There exists a bit encryption scheme that is IND-CPA secure, but not 1-circular secure. - If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles. Our last result is generic and applies to any such cryptosystem.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Contact author(s)
kramchen @ cs utexas edu
History
2014-06-02: last of 2 revisions
2013-10-24: received
See all versions
Short URL
https://ia.cr/2013/683
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/683,
      author = {Venkata Koppula and Kim Ramchen and Brent Waters},
      title = {Separations in Circular Security for Arbitrary Length Key Cycles},
      howpublished = {Cryptology ePrint Archive, Paper 2013/683},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/683}},
      url = {https://eprint.iacr.org/2013/683}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.