CryptoDB
On the (Im)Possibility of Key Dependent Encryption
Authors: | |
---|---|
Download: | |
Abstract: | We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results: 1. Let H be the family of poly(n)-wise independent hash-functions. There exists no fully-black-box reduction from an encryption scheme secure against key-dependent inputs to one-way permutations (and also to families of trapdoor permutations) if the adversary can obtain encryptions of h(k) for h \in H. 2. Let G be the family of polynomial sized circuits. There exists no reduction from an encryption scheme secure against key-dependent inputs to, seemingly, any cryptographic assumption, if the adversary can obtain an encryption of g(k) for g \in G, as long as the reduction's proof of security treats both the adversary and the function g as black box. |
BibTeX
@misc{eprint-2008-17841, title={On the (Im)Possibility of Key Dependent Encryption}, booktitle={IACR Eprint archive}, keywords={foundations / Key-dependent input security, black-box separation}, url={http://eprint.iacr.org/2008/164}, note={ iftach.haitner@weizmann.ac.il 13980 received 11 Apr 2008}, author={Iftach Haitner and Thomas Holenstein}, year=2008 }