In the case of functions that can be expressed as degree-$d$ polynomials, we show that the resulting schemes are also secure with respect to \emph{key cycles} of any length. Specifically, for any polynomial number $n$ of key pairs, our schemes can securely encrypt a degree-$d$ polynomial whose variables are the collection of coordinates of all $n$ secret keys. Prior to this work, it was not known how to achieve this for nonlinear functions.
Our key idea is a general transformation that amplifies KDM security. The transformation takes an encryption scheme that is KDM secure w.r.t.\ \emph{some} functions even when the secret keys are weak (i.e.\ chosen from an arbitrary distribution with entropy~$k$), and outputs a scheme that is KDM secure w.r.t.\ a \emph{richer} class of functions. The resulting scheme may no longer be secure with weak keys. Thus, in some sense, this transformation converts security with weak keys into amplified KDM security.
Category / Keywords: public-key cryptography / public-key cryptography, circular secure encryption, decision Diffie Hellman, Learning with Errors Date: received 1 Oct 2009, last revised 9 Mar 2011 Contact author: zvika brakerski at weizmann ac il Available format(s): PDF | BibTeX Citation Note: Editorial changes (no change in technical contents). Version: 20110309:223137 (All versions of this report) Short URL: ia.cr/2009/485 Discussion forum: Show discussion | Start new discussion