In this work we prove the following results for n-circular security, based upon recent candidate constructions of indistinguishability obfuscation [GGH+ 13b, CLT13]:
- For any n there exists an encryption scheme that is IND-CPA secure but not n-circular secure.
- There exists a bit encryption scheme that is IND-CPA secure, but not 1-circular secure.
- If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles.
Our last result is generic and applies to any such cryptosystem.Category / Keywords: Date: received 23 Oct 2013, last revised 2 Jun 2014 Contact author: kramchen at cs utexas edu Available format(s): PDF | BibTeX Citation Version: 20140602:195635 (All versions of this report) Short URL: ia.cr/2013/683 Discussion forum: Show discussion | Start new discussion