Separations in circular security for arbitrary length key cycles

Venkata Koppula; Kim Ramchen; Brent Waters

doi:10.1007/978-3-662-46497-7_15

Separations in circular security for arbitrary length key cycles

Venkata Koppula, Kim Ramchen, Brent Waters

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

19 Citations (Scopus)

Abstract

While standard notions of security suffice to protect any message supplied by an adversary, in some situations stronger notions of security are required. One such notion is n-circular security, where ciphertexts Enc(pk₁, sk₂), Enc(pk₂, sk₃), . . . , Enc(pk_n, sk₁) should be indistinguishable from encryptions of zero. In this work we prove the following results for n-circular security, based upon recent candidate constructions of indistinguishability obfuscation [18,16] and one way functions: For any n there exists an encryption scheme that is IND-CPA secure but not n-circular secure. There exists a bit encryption scheme that is IND-CPA secure, but not 1-circular secure. If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles. The last result is generic and applies to any such cryptosystem.

Original language	English
Title of host publication	Theory of Cryptography
Subtitle of host publication	12th Theory of Cryptography Conference, TCC 2015 Warsaw, Poland, March 23-25, 2015 Proceedings, Part II
Editors	Yevgeniy Dodis, Jesper Buus Nielsen
Place of Publication	Berlin Germany
Publisher	Springer
Pages	378-400
Number of pages	23
ISBN (Electronic)	9783662464960
ISBN (Print)	9783662464977
DOIs	https://doi.org/10.1007/978-3-662-46497-7_15
Publication status	Published - 2015
Externally published	Yes
Event	Theory of Cryptography Conference 2015 - Warsaw, Poland Duration: 23 Mar 2015 → 25 Mar 2015 Conference number: 12th https://www.iacr.org/workshops/tcc2015/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	9015
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Theory of Cryptography Conference 2015
Abbreviated title	TCC 2015
Country/Territory	Poland
City	Warsaw
Period	23/03/15 → 25/03/15
Internet address	https://www.iacr.org/workshops/tcc2015/

Access to Document

10.1007/978-3-662-46497-7_15

Cite this

Koppula, V., Ramchen, K., & Waters, B. (2015). Separations in circular security for arbitrary length key cycles. In Y. Dodis, & J. B. Nielsen (Eds.), Theory of Cryptography : 12th Theory of Cryptography Conference, TCC 2015 Warsaw, Poland, March 23-25, 2015 Proceedings, Part II (pp. 378-400). (Lecture Notes in Computer Science; Vol. 9015). Springer. https://doi.org/10.1007/978-3-662-46497-7_15

Koppula, Venkata ; Ramchen, Kim ; Waters, Brent. / Separations in circular security for arbitrary length key cycles. Theory of Cryptography : 12th Theory of Cryptography Conference, TCC 2015 Warsaw, Poland, March 23-25, 2015 Proceedings, Part II. editor / Yevgeniy Dodis ; Jesper Buus Nielsen. Berlin Germany : Springer, 2015. pp. 378-400 (Lecture Notes in Computer Science).

@inproceedings{ae0bcfc5b2d84fb4880731e6481fa861,

title = "Separations in circular security for arbitrary length key cycles",

abstract = "While standard notions of security suffice to protect any message supplied by an adversary, in some situations stronger notions of security are required. One such notion is n-circular security, where ciphertexts Enc(pk1, sk2), Enc(pk2, sk3), . . . , Enc(pkn, sk1) should be indistinguishable from encryptions of zero. In this work we prove the following results for n-circular security, based upon recent candidate constructions of indistinguishability obfuscation [18,16] and one way functions: For any n there exists an encryption scheme that is IND-CPA secure but not n-circular secure. There exists a bit encryption scheme that is IND-CPA secure, but not 1-circular secure. If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles. The last result is generic and applies to any such cryptosystem.",

author = "Venkata Koppula and Kim Ramchen and Brent Waters",

year = "2015",

doi = "10.1007/978-3-662-46497-7\_15",

language = "English",

isbn = "9783662464977",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "378--400",

editor = "Yevgeniy Dodis and Nielsen, \{Jesper Buus\}",

booktitle = "Theory of Cryptography",

address = "Switzerland",

note = "Theory of Cryptography Conference 2015, TCC 2015 ; Conference date: 23-03-2015 Through 25-03-2015",

url = "https://www.iacr.org/workshops/tcc2015/",

}

Koppula, V, Ramchen, K & Waters, B 2015, Separations in circular security for arbitrary length key cycles. in Y Dodis & JB Nielsen (eds), Theory of Cryptography : 12th Theory of Cryptography Conference, TCC 2015 Warsaw, Poland, March 23-25, 2015 Proceedings, Part II. Lecture Notes in Computer Science, vol. 9015, Springer, Berlin Germany, pp. 378-400, Theory of Cryptography Conference 2015, Warsaw, Poland, 23/03/15. https://doi.org/10.1007/978-3-662-46497-7_15

Separations in circular security for arbitrary length key cycles. / Koppula, Venkata; Ramchen, Kim; Waters, Brent.
Theory of Cryptography : 12th Theory of Cryptography Conference, TCC 2015 Warsaw, Poland, March 23-25, 2015 Proceedings, Part II. ed. / Yevgeniy Dodis; Jesper Buus Nielsen. Berlin Germany: Springer, 2015. p. 378-400 (Lecture Notes in Computer Science; Vol. 9015).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Separations in circular security for arbitrary length key cycles

AU - Koppula, Venkata

AU - Ramchen, Kim

AU - Waters, Brent

N1 - Conference code: 12th

PY - 2015

Y1 - 2015

N2 - While standard notions of security suffice to protect any message supplied by an adversary, in some situations stronger notions of security are required. One such notion is n-circular security, where ciphertexts Enc(pk1, sk2), Enc(pk2, sk3), . . . , Enc(pkn, sk1) should be indistinguishable from encryptions of zero. In this work we prove the following results for n-circular security, based upon recent candidate constructions of indistinguishability obfuscation [18,16] and one way functions: For any n there exists an encryption scheme that is IND-CPA secure but not n-circular secure. There exists a bit encryption scheme that is IND-CPA secure, but not 1-circular secure. If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles. The last result is generic and applies to any such cryptosystem.

AB - While standard notions of security suffice to protect any message supplied by an adversary, in some situations stronger notions of security are required. One such notion is n-circular security, where ciphertexts Enc(pk1, sk2), Enc(pk2, sk3), . . . , Enc(pkn, sk1) should be indistinguishable from encryptions of zero. In this work we prove the following results for n-circular security, based upon recent candidate constructions of indistinguishability obfuscation [18,16] and one way functions: For any n there exists an encryption scheme that is IND-CPA secure but not n-circular secure. There exists a bit encryption scheme that is IND-CPA secure, but not 1-circular secure. If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles. The last result is generic and applies to any such cryptosystem.

UR - https://www.scopus.com/pages/publications/84924368230

U2 - 10.1007/978-3-662-46497-7_15

DO - 10.1007/978-3-662-46497-7_15

M3 - Conference Paper

AN - SCOPUS:84924368230

SN - 9783662464977

T3 - Lecture Notes in Computer Science

SP - 378

EP - 400

BT - Theory of Cryptography

A2 - Dodis, Yevgeniy

A2 - Nielsen, Jesper Buus

PB - Springer

CY - Berlin Germany

T2 - Theory of Cryptography Conference 2015

Y2 - 23 March 2015 through 25 March 2015

ER -

Koppula V, Ramchen K, Waters B. Separations in circular security for arbitrary length key cycles. In Dodis Y, Nielsen JB, editors, Theory of Cryptography : 12th Theory of Cryptography Conference, TCC 2015 Warsaw, Poland, March 23-25, 2015 Proceedings, Part II. Berlin Germany: Springer. 2015. p. 378-400. (Lecture Notes in Computer Science). doi: 10.1007/978-3-662-46497-7_15

Separations in circular security for arbitrary length key cycles

Abstract

Publication series

Conference

Access to Document

Other files and links

Cite this