**Obfuscation ==> (IND-CPA Security =/=> Circular Security)**

*Antonio Marcedone and Claudio Orlandi*

**Abstract: **Circular security is an important notion for public-key encryption schemes and is needed by several cryptographic protocols. In circular security the adversary is given an extra ``hint'' consisting of a cycle of encryption of secret keys i.e., (E_{pk_1}(sk_2),..., E_{pk_n}(sk_1)). A natural question is whether every IND-CPA encryption scheme is also circular secure. It is trivial to see that this is not the case when n=1. In 2010 a separation for n=2 was shown by [ABBC10,GH10] under standard assumptions in bilinear groups.

In this paper we finally settle the question showing that for every $n$ there exist an IND-CPA secure scheme which is not n-circular secure. Our result relies on the recent progress in program obfuscation.

**Category / Keywords: **foundations / Circular Security, Related Key Attack, Obfuscation.

**Date: **received 24 Oct 2013

**Contact author: **orlandi at cs au dk

**Available format(s): **PDF | BibTeX Citation

**Version: **20131024:165359 (All versions of this report)

**Short URL: **ia.cr/2013/690

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]