Circular Security Is Complete for KDM Security

Circular security is the most elementary form of key-dependent message (KDM) security, which allows us to securely encrypt only a copy of secret key bits. In this work, we show that circular security is complete for KDM security in the sense that an encryption scheme satisfying this security notion can be transformed into one satisfying KDM security with respect to all functions computable by a-priori bounded-size circuits (bounded-KDM security). This result holds in the presence of any number of keys and in any of secretkey/public-key and CPA/CCA settings. Such a completeness result was previously shown by Applebaum (EUROCRYPT 2011) for KDM security with respect to projection functions (projection-KDM security) that allows us to securely encrypt both a copy and a negation of secret key bits. Besides amplifying the strength of KDM security, our transformation in fact can start from an encryption scheme satisfying circular security against CPA attacks and results in one satisfying bounded-KDM security against CCA attacks. This result improves the recent result by Kitagawa and Matsuda (TCC 2019) showing a CPA-to-CCA transformation for KDM secure public-key encryption schemes.

[1]  Tal Malkin,et al.  The Power of Negations in Cryptography , 2015, TCC.

[2]  Elette Boyle,et al.  Homomorphic Secret Sharing from Lattices Without FHE , 2019, IACR Cryptol. ePrint Arch..

[3]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[4]  Bruce M. Kapron,et al.  Toward Fine-Grained Blackbox Separations Between Semantic and Circular-Security Notions , 2017, EUROCRYPT.

[5]  Jonathan Herzog,et al.  Soundness of Formal Encryption in the Presence of Key-Cycles , 2005, ESORICS.

[6]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[7]  Birgit Pfitzmann,et al.  Key-dependent Message Security under Active Attacks--BRSIM/UC-Soundness of Symbolic Encryption with Key Cycles , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[8]  Fuyuki Kitagawa,et al.  CPA-to-CCA Transformation for KDM Security , 2019, IACR Cryptol. ePrint Arch..

[9]  Oded Goldreich,et al.  Monotone Circuits: One-Way Functions versus Pseudorandom Generators , 2012, Theory Comput..

[10]  David Cash,et al.  Cryptographic Agility and Its Relation to Circular Encryption , 2010, EUROCRYPT.

[11]  Ron Rothblum,et al.  On the Circular Security of Bit-Encryption , 2013, TCC.

[12]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[13]  Brent Waters,et al.  Separations in Circular Security for Arbitrary Length Key Cycles , 2015, TCC.

[14]  Ron Rothblum,et al.  New Constructions of Reusable Designated-Verifier NIZKs , 2019, IACR Cryptol. ePrint Arch..

[15]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..

[16]  Fuyuki Kitagawa,et al.  CCA Security and Trapdoor Functions via Key-Dependent-Message Security , 2019, IACR Cryptol. ePrint Arch..

[17]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.

[18]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[19]  Brent Waters,et al.  Separating Semantic and Circular Security for Symmetric-Key Bit Encryption from the Learning with Errors Assumption , 2017, EUROCRYPT.

[20]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[21]  Matthew Green,et al.  New Definitions and Separations for Circular Security , 2012, Public Key Cryptography.

[22]  Ron Rothblum,et al.  Fiat-Shamir: from practice to theory , 2019, STOC.

[23]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[24]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[25]  Benny Applebaum,et al.  Key-Dependent Message Security: Generic Amplification and Completeness , 2011, Journal of Cryptology.

[26]  Mihir Bellare,et al.  Randomness Re-use in Multi-recipient Encryption Schemeas , 2003, Public Key Cryptography.

[27]  Bruce M. Kapron,et al.  Reproducible Circularly Secure Bit Encryption: Applications and Realizations , 2017, Journal of Cryptology.

[28]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).