TY - GEN
T1 - Toward fine-grained blackbox separations between semantic and circular-security notions
AU - Hajiabadi, Mohammad
AU - Kapron, Bruce M.
N1 - Funding Information:
Work supported in part by the NSERC Discovery Grant ?Foundational Studies in Privacy and Security?. Part of this work completed while the first author was at University College London and received funding from the European Research Council under the ERC Grant Agreement no. 307937.
Publisher Copyright:
© International Association for Cryptologic Research 2017.
PY - 2017
Y1 - 2017
N2 - We address the problems of whether t-circular-secure encryption can be based on (t − 1)-circular-secure encryption or on semantic (CPA) security, if t = 1. While for t = 1 a folklore construction, based on CPA-secure encryption, can be used to build a 1-circular-secure encryption with the same secret-key and message space, no such constructions are known for the bit-encryption case, which is of particular importance in fully-homomorphic encryption. Also, all constructions of t-circular encryption (bitwise or otherwise) are based on specific assumptions. We make progress toward these problems by ruling out all fully blackbox constructions of – 1-seed-circular-secure bit encryption from CPA-secure encryption; – t-seed-circular-secure encryption from (t − 1)-seed-circular secure encryption, for any t > 1. Informally, seed-circular security is a variant of the circular security notion in which the seed of the key-generation algorithm, instead of the secret key, is encrypted. We also show how to extend our first result to rule out a large and non-trivial class of constructions of 1-circular-secure bit encryption, which we dub key-isolating constructions. Our separations follow the model of Gertner, Malkin and Reingold (FOCS’01), which is a weaker separation model than that of Impagliazzo and Rudich.
AB - We address the problems of whether t-circular-secure encryption can be based on (t − 1)-circular-secure encryption or on semantic (CPA) security, if t = 1. While for t = 1 a folklore construction, based on CPA-secure encryption, can be used to build a 1-circular-secure encryption with the same secret-key and message space, no such constructions are known for the bit-encryption case, which is of particular importance in fully-homomorphic encryption. Also, all constructions of t-circular encryption (bitwise or otherwise) are based on specific assumptions. We make progress toward these problems by ruling out all fully blackbox constructions of – 1-seed-circular-secure bit encryption from CPA-secure encryption; – t-seed-circular-secure encryption from (t − 1)-seed-circular secure encryption, for any t > 1. Informally, seed-circular security is a variant of the circular security notion in which the seed of the key-generation algorithm, instead of the secret key, is encrypted. We also show how to extend our first result to rule out a large and non-trivial class of constructions of 1-circular-secure bit encryption, which we dub key-isolating constructions. Our separations follow the model of Gertner, Malkin and Reingold (FOCS’01), which is a weaker separation model than that of Impagliazzo and Rudich.
UR - http://www.scopus.com/inward/record.url?scp=85018711814&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85018711814&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-56614-6_19
DO - 10.1007/978-3-319-56614-6_19
M3 - Conference contribution
AN - SCOPUS:85018711814
SN - 9783319566139
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 561
EP - 591
BT - Advances in Cryptology – EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Nielsen, Jesper Buus
A2 - Coron, Jean-Sebastien
PB - Springer Verlag
ER -