Abstract
To date, all constructions in the standard model (i.e., without random oracles) of Bounded Key-Dependent Message (KDM) secure (or even just circularly-secure) encryption schemes rely on specific assumptions (LWE, DDH, QR or DCR); all of these assumptions are known to imply the existence of collision-resistant hash functions. In this work, we demonstrate the existence of bounded KDM secure encryption assuming indistinguishability obfuscation for P / poly and just one-way functions. Relying on the recent result of Asharov and Segev (STOC’15), this yields the first construction of a Bounded KDM secure (or even circularly secure) encryption scheme from an assumption that provably does not imply collision-resistant hash functions w.r.t. black-box constructions. Combining this with prior constructions, we show how to augment this Bounded KDM scheme into a Bounded CCA2-KDM scheme.
R. Pass—Supported in part by NSF Award CNS-1217821, AFOSR Award FA9550-15-1-0262, a Microsoft Faculty Fellowship, and a Google Faculty Research Award.
A. Shelat—Supported in part by NSF grants CNS-0845811, TC-1111781, TC-0939718, a Microsoft Faculty Fellowship, an SAIC Faculty Award, and a Google Faculty Research Award.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Both [App14, BHHI10] discuss how to strengthen their schemes to achieve a notion called length-dependent KDM security, which is slightly stronger than Bounded KDM security in the sense that the functions queried by the adversary can have circuit size which grows polynomially in the length of their inputs and outputs. We choose to state our result using Bounded KDM security for simplicity of exposition, but our construction can be similarly adapted to achieve this stronger notion by padding the obfuscated circuits appropriately.
- 2.
They show that a CRHF cannot be constructed in a blackbox-manner from a one-way permutation and an indistinguishability obfuscator for all polynomial-sized oracle-aided circuits without exponential-loss in security. Such oracle-aided circuits can model most common uses of iO in cryptographic constructions such as puncturing in which the circuits that are obfuscated make oracle calls to the one-way permutation.
- 3.
In fact, combining our result with [AS15] directly rules black-box constructions of CRH from single-key BKDM security. On the other hand, it is not directly clear whether our final construction of multi-key BKDM falls into the class of oracle-aided circuits.
- 4.
For simplicity, in this paper we assume that the message and key space of the encryption scheme are both \(\{0,1\}^k\), where k is the security parameter.
- 5.
- 6.
To be more precise, the function is only injective with overwhelming probability. We will deal with this and other subtleties in the formal proof.
- 7.
Note that [BHHI10] solves the problem by embedding in their ciphertexts an encryption of the other secret keys under the appropriate public key, which is why circular security is required as an additional assumption for their underlying encryption scheme.
- 8.
Recall that we assume for simplicity \(\mathcal {M} = \mathcal {K} = \{0,1\}^k\).
- 9.
Since there is only one public key, in the rest of the theorem we will just refer to the query for a function h and implicitly assume \(i=1\).
References
Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009)
Alamati, N., Peikert, C.: Three’s compromised too: circular insecurity for any cycle length from (ring-) LWE. Technical report, Cryptology ePrint Archive, Report /110 (2016)
Applebaum, B.: Key-dependent message security: generic amplification and completeness. J. Cryptology 27(3), 429–451 (2014)
Asharov, G., Segev, G.: Limits on the power of indistinguishability obfuscation and functional encryption. In: FOCS 2015. IEEE (2015)
Boyle, E., Chung, K.-M., Pass, R.: On extractability obfuscation. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 52–73. Springer, Heidelberg (2014)
Brakerski, Z., Goldwasser, S.: Circular and leakage resilient public-key encryption under subgroup indistinguishability. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 1–20. Springer, Heidelberg (2010)
Brakerski, Z., Goldwasser, S., Kalai, Y.: Circular-secure encryption beyond affine functions. Technical report, Citeseer (2009)
Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 423–444. Springer, Heidelberg (2010)
Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-secure encryption from decision Diffie-Hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008)
Bitansky, N., Paneth, O., Wichs, D.: Perfect structure on the edge of chaos. In: Kushilevitz, E., et al. (eds.) TCC 2016-A. LNCS, vol. 9562, pp. 474–502. Springer, Heidelberg (2016)
Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)
Camenisch, J., Chandran, N., Shoup, V.: A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 351–368. Springer, Heidelberg (2009)
Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: FOCS 2013. IEEE (2013)
Haitner, I., Holenstein, T.: On the (im)possibility of key dependent encryption. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 202–219. Springer, Heidelberg (2009)
Koppula, V., Ramchen, K., Waters, B.: Separations in circular security for arbitrary length key cycles. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 378–400. Springer, Heidelberg (2015)
Koppula, V., Waters, B.: Circular security counterexamples for arbitrary length cycles from LWE. Technical report, Cryptology ePrint Archive, Report /117 (2016)
Marcedone, A., Orlandi, C.: Obfuscation \(\rightarrow \) (IND-CPA security \(\nrightarrow \) circular security). In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 77–90. Springer, Heidelberg (2014)
Malkin, T., Teranishi, I., Yung, M.: Efficient circuit-size independent public key encryption with KDM security. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 507–526. Springer, Heidelberg (2011)
Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990. ACM (1990)
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: STOC 2014. ACM (2014)
Wee, H.: KDM-security via homomorphic smooth projective hashing. In: Cheng, C.-M., et al. (eds.) PKC 2016. LNCS, vol. 9615, pp. 159–179. Springer, Heidelberg (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Marcedone, A., Pass, R., Shelat, A. (2016). Bounded KDM Security from iO and OWF. In: Zikas, V., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2016. Lecture Notes in Computer Science(), vol 9841. Springer, Cham. https://doi.org/10.1007/978-3-319-44618-9_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-44618-9_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44617-2
Online ISBN: 978-3-319-44618-9
eBook Packages: Computer ScienceComputer Science (R0)