STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Encryption-Scheme Security in the Presence of Key-Dependent Messages
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998
Journal of the ACM (JACM)
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Security under key-dependent inputs
Proceedings of the 14th ACM conference on Computer and communications security
Adaptively-secure, non-interactive public-key encryption
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Soundness of formal encryption in the presence of key-cycles
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Circular-Secure Encryption from Decision Diffie-Hellman
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
On the (Im)Possibility of Key Dependent Encryption
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Deciding security properties for cryptographic protocols. application to key cycles
ACM Transactions on Computational Logic (TOCL)
Key dependent message security: recent results and applications
Proceedings of the first ACM conference on Data and application security and privacy
Black-box circular-secure encryption beyond affine functions
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Efficient circuit-size independent public key encryption with KDM security
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Key-dependent message security: generic amplification and completeness
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Authenticated and misuse-resistant encryption of key-dependent data
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Key-dependent message security for division function: discouraging anonymous credential sharing
ProvSec'11 Proceedings of the 5th international conference on Provable security
Computational soundness about formal encryption in the presence of secret shares and key cycles
ICICS'11 Proceedings of the 13th international conference on Information and communications security
On symmetric encryption and point obfuscation
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Computational soundness, co-induction, and encryption cycles
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Cryptographic agility and its relation to circular encryption
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Bounded key-dependent message security
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
On the security of the "Free-XOR" technique
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Security of message authentication codes in the presence of key-dependent messages
Designs, Codes and Cryptography
New definitions and separations for circular security
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Randomness-Dependent message security
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Hi-index | 0.00 |
Standard security notions for encryption schemes do not guarantee any security if the encrypted messages depend on the secret key. Yet it is exactly the stronger notion of security in the presence of key-dependent messages (KDM security) that is required in a number of applications: most prominently, KDM security plays an important role in analyzing cryptographic multi-party protocols in a formal calculus. But although often assumed, the mere existence of KDM secure schemes is an open problem. The only previously known construction was proven secure in the random oracle model. We present symmetric encryption schemes that are KDM secure in the standard model (i.e., without random oracles). The price we pay is that we achieve only a relaxed (but still useful) notion of key-dependent message security. Our work answers (at least partially) an open problem posed by Black, Rogaway, and Shrimpton. More concretely, our contributions are as follows: 1. We present a (stateless) symmetric encryption scheme that is information-theoretically secure in face of a bounded number and length of encryptions for which the messages depend in an arbitrary way on the secret key. 2. We present a stateful symmetric encryption scheme that is computationally secure in face of an arbitrary number of encryptions for which the messages depend only on the respective current secret state/key of the scheme. The underlying computational assumption is minimal: we assume the existence of one-way functions. 3. We give evidence that the only previously known KDM secure encryption scheme cannot be proven secure in the standard model (i.e., without random oracles).