Cryptology ePrint Archive: Report 2017/123

Separating IND-CPA and Circular Security for Unbounded Length Key Cycles

Rishab Goyal and Venkata Koppula and Brent Waters

Abstract: A public key encryption scheme is said to be n-circular secure if no PPT adversary can distinguish between encryptions of an n length key cycle and n encryptions of zero.

One interesting question is whether circular security comes for free from IND-CPA security. Recent works have addressed this question, showing that for all integers n, there exists an IND-CPA scheme that is not n-circular secure. However, this leaves open the possibility that for every IND-CPA cryptosystem, there exists a cycle length l, dependent on the cryptosystem (and the security parameter) such that the scheme is l-circular secure. If this is true, then this would directly lead to many applications, in particular, it would give us a fully homomorphic encryption scheme via Gentry’s bootstrapping.

In this work, we show that is not true. Assuming indistinguishability obfuscation and leveled homomorphic encryption, we construct an IND-CPA scheme such that for all cycle lengths l, the scheme is not l-circular secure.

Category / Keywords: Circular Security

Original Publication (in the same form): IACR-PKC-2017

Date: received 13 Feb 2017

Contact author: rgoyal at cs utexas edu

Available format(s): PDF | BibTeX Citation

Version: 20170216:215813 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]