Bounded Key-Dependent Message Security

9 years 4 months ago
Bounded Key-Dependent Message Security
We construct the first public-key encryption scheme that is proven secure (in the standard model, under standard assumptions) even when the attacker gets access to encryptions of arbitrary efficient functions of the secret key. Specifically, under either the DDH or LWE assumption, and for arbitrary but fixed polynomials L and N, we obtain a public-key encryption scheme that resists key-dependent message (KDM) attacks for up to N(k) public keys and functions of circuit size up to L(k), where k denotes the size of the secret key. We call such a scheme bounded KDM secure. Moreover, we show that our scheme suffices for one of the important applications of KDM security: ability to securely instantiate symbolic protocols with axiomatic proofs of security. We also observe that any fully homomorphic encryption scheme that additionally enjoys circular security and circuit privacy is fully KDM secure in the sense that its algorithms can be independent of the polynomials L and N as above. Thus...
Boaz Barak, Iftach Haitner, Dennis Hofheinz, Yuval
Added 19 Jul 2010
Updated 19 Jul 2010
Type Conference
Year 2010
Authors Boaz Barak, Iftach Haitner, Dennis Hofheinz, Yuval Ishai
Comments (0)