A randomized protocol for signing contracts
Communications of the ACM
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Encryption-Scheme Security in the Presence of Key-Dependent Messages
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Weakening Security Assumptions and Oblivious Transfer (Abstract)
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Cryptographic protocols
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
Security under key-dependent inputs
Proceedings of the 14th ACM conference on Computer and communications security
On the security of multi-party ping-pong protocols
SFCS '83 Proceedings of the 24th Annual Symposium on Foundations of Computer Science
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Circular-Secure Encryption from Decision Diffie-Hellman
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
On the (Im)Possibility of Key Dependent Encryption
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Evaluating branching programs on encrypted data
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Towards key-dependent message security in the standard model
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Soundness of formal encryption in the presence of key-cycles
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Circular and leakage resilient public-key encryption under subgroup indistinguishability
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
i-hop homomorphic encryption and rerandomizable Yao circuits
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Non-interactive verifiable computing: outsourcing computation to untrusted workers
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Key dependent message security: recent results and applications
Proceedings of the first ACM conference on Data and application security and privacy
Black-box circular-secure encryption beyond affine functions
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Efficient circuit-size independent public key encryption with KDM security
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Key-dependent message security: generic amplification and completeness
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Randomly encoding functions: a new cryptographic paradigm
ICITS'11 Proceedings of the 5th international conference on Information theoretic security
The geometry of lattice cryptography
Foundations of security analysis and design VI
Authenticated and misuse-resistant encryption of key-dependent data
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Key-dependent message security for division function: discouraging anonymous credential sharing
ProvSec'11 Proceedings of the 5th international conference on Provable security
Ciphers that securely encipher their own keys
Proceedings of the 18th ACM conference on Computer and communications security
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Circular and KDM security for identity-based encryption
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Shift-type homomorphic encryption and its application to fully homomorphic encryption
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Foundations of garbled circuits
Proceedings of the 2012 ACM conference on Computer and communications security
Barriers in cryptography with weak, correlated and leaky sources
Proceedings of the 4th conference on Innovations in Theoretical Computer Science
On the circular security of bit-encryption
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Randomness-Dependent message security
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Reusable garbled circuits and succinct functional encryption
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Hi-index | 0.00 |
We construct the first public-key encryption scheme that is proven secure (in the standard model, under standard assumptions) even when the attacker gets access to encryptions of arbitrary efficient functions of the secret key. Specifically, under either the DDH or LWE assumption, and for arbitrary but fixed polynomials L and N, we obtain a public-key encryption scheme that resists key-dependent message (KDM) attacks for up to N(k) public keys and functions of circuit size up to L(k), where k denotes the size of the secret key. We call such a scheme bounded KDM secure. Moreover, we show that our scheme suffices for one of the important applications of KDM security: ability to securely instantiate symbolic protocols with axiomatic proofs of security. We also observe that any fully homomorphic encryption scheme that additionally enjoys circular security and circuit privacy is fully KDM secure in the sense that its algorithms can be independent of the polynomials L and N as above. Thus, the recent fully homomorphic encryption scheme of Gentry (STOC 2009) is fully KDM secure under certain non-standard hardness assumptions. Finally, we extend an impossibility result of Haitner and Holenstein (TCC 2009), showing that it is impossible to prove KDM security against a family of query functions that contains exponentially hard pseudorandom functions if the proof makes only a black-box use of the query function and the adversary attacking the scheme. This shows that the non-black-box use of the query function in our proof of security is inherent.