Completeness of Single-Bit Projection-KDM Security for Public Key Encryption

Applebaum (EUROCRYPT 2011, J. Cryptology 2014) showed that it is possible to convert a public key encryption (PKE) scheme which is key dependent message (KDM) secure with respect to projection functions (also called projection-KDM secure) into a PKE scheme which is KDM secure with respect to any function family that can be computed in fixed polynomial time, without using any other assumption. This result holds in both of the chosen plaintext attack (CPA) and the chosen ciphertext attack (CCA) settings. In the CPA setting, he furthermore showed that even a projection-KDM secure 1-bit PKE scheme is sufficient to construct a KDM secure PKE scheme with respect to polynomial time computable functions. The existence of the latter trivially implies that of the former, and in this sense, he mentioned that single-bit projection-KDM security in the CPA setting and (multi-bit) projection-KDM security in the CCA setting are complete.

[1]  Jonathan Herzog,et al.  Soundness and completeness of formal encryption: The cases of key cycles and partial information leakage , 2009, J. Comput. Secur..

[2]  Dennis Hofheinz,et al.  Circular Chosen-Ciphertext Security with Compact Ciphertexts , 2013, EUROCRYPT.

[3]  Benny Applebaum,et al.  Key-Dependent Message Security: Generic Amplification and Completeness , 2011, Journal of Cryptology.

[4]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[5]  Yael Tauman Kalai,et al.  Black-Box Circular-Secure Encryption beyond Affine Functions , 2011, TCC.

[6]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[7]  Michael Backes,et al.  OAEP Is Secure under Key-Dependent Messages , 2008, ASIACRYPT.

[8]  Zvika Brakerski,et al.  Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back) , 2010, IACR Cryptol. ePrint Arch..

[9]  Yuval Ishai,et al.  Bounded Key-Dependent Message Security , 2010, IACR Cryptol. ePrint Arch..

[10]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[11]  Martijn Stam,et al.  KDM Security in the Hybrid Framework , 2014, CT-RSA.

[12]  Birgit Pfitzmann,et al.  Key-dependent Message Security under Active Attacks--BRSIM/UC-Soundness of Symbolic Encryption with Key Cycles , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[13]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[14]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..

[15]  Allison Bishop,et al.  Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security , 2012, EUROCRYPT.

[16]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[17]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[18]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[19]  Goichiro Hanaoka,et al.  Efficient Key Dependent Message Security Amplification Against Chosen Ciphertext Attacks , 2014, ICISC.

[20]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[21]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[22]  Steven Myers,et al.  Bit Encryption Is Complete , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[23]  Moti Yung,et al.  Efficient Circuit-Size Independent Public Key Encryption with KDM Security , 2011, EUROCRYPT.

[24]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.