In this work we prove the following results for n-circular security:
- For any n there exists an encryption scheme that is IND-CPA secure but not n-circular secure.
- There exists a bit encryption scheme that is IND-CPA secure, but not 1-circular secure.
- If there exists an encryption system where an attacker can distinguish a key encryption cycle from an encryption of zeroes, then in a transformed cryptosystem there exists an attacker which recovers secret keys from the encryption cycles.
Our first two results apply a novel utilization of indistinguishability obfuscation. The last result is generic and applies to any such cryptosystem.Category / Keywords: Date: received 23 Oct 2013 Contact author: kramchen at cs utexas edu Available format(s): PDF | BibTeX Citation Version: 20131024:092858 (All versions of this report) Short URL: ia.cr/2013/683 Discussion forum: Show discussion | Start new discussion