Cryptology ePrint Archive: Report 2013/690

Obfuscation ==> (IND-CPA Security =/=> Circular Security)

Antonio Marcedone and Claudio Orlandi

Abstract: Circular security is an important notion for public-key encryption schemes and is needed by several cryptographic protocols. In circular security the adversary is given an extra ``hint'' consisting of a cycle of encryption of secret keys i.e., (E_{pk_1}(sk_2),..., E_{pk_n}(sk_1)). A natural question is whether every IND-CPA encryption scheme is also circular secure. It is trivial to see that this is not the case when n=1. In 2010 a separation for n=2 was shown by [ABBC10,GH10] under standard assumptions in bilinear groups.

In this paper we finally settle the question showing that for every $n$ there exist an IND-CPA secure scheme which is not n-circular secure. Our result relies on the recent progress in program obfuscation.

Category / Keywords: foundations / Circular Security, Related Key Attack, Obfuscation.

Date: received 24 Oct 2013, last revised 2 May 2014

Contact author: orlandi at cs au dk

Available format(s): PDF | BibTeX Citation

Version: 20140502:121255 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]