Cryptology ePrint Archive: Report 2002/100
Encryption-Scheme Security in the Presence of Key-Dependent Messages
J. Black and P. Rogaway and T. Shrimpton
Abstract: Encryption that is only semantically secure should not be used on messages that depend on the underlying secret key; all bets are off when, for example,one encrypts using a shared key K the value K.
Here we introduce a new notion of security, KDM security, appropriate for key-dependent messages. The notion makes sense in both the public-key and shared-key settings. For the latter we show that KDM security is easily achievable within the random-oracle model.
By developing and achieving stronger notions of encryption-scheme security it is hoped that protocols which are proven secure under ``formal'' models of security can, in time, be safely realized by generically instantiating their primitives.
Category / Keywords: foundations / Definitions, ``formal'' cryptography, semantic security, symmetric encryption
Publication Info: To appear at SAC'02
Date: received 24 Jul 2002
Contact author: teshrim at ucdavis edu
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation
Version: 20020725:163325 (All versions of this report)
Short URL: ia.cr/2002/100
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]