Paper 2002/100

Encryption-Scheme Security in the Presence of Key-Dependent Messages

J. Black, P. Rogaway, and T. Shrimpton

Abstract

Encryption that is only semantically secure should not be used on messages that depend on the underlying secret key; all bets are off when, for example,one encrypts using a shared key K the value K. Here we introduce a new notion of security, KDM security, appropriate for key-dependent messages. The notion makes sense in both the public-key and shared-key settings. For the latter we show that KDM security is easily achievable within the random-oracle model. By developing and achieving stronger notions of encryption-scheme security it is hoped that protocols which are proven secure under ``formal'' models of security can, in time, be safely realized by generically instantiating their primitives.

Metadata
Available format(s)
PS
Category
Foundations
Publication info
Published elsewhere. To appear at SAC'02
Keywords
Definitions``formal'' cryptographysemantic securitysymmetric encryption
Contact author(s)
teshrim @ ucdavis edu
History
2002-07-25: received
Short URL
https://ia.cr/2002/100
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2002/100,
      author = {J.  Black and P.  Rogaway and T.  Shrimpton},
      title = {Encryption-Scheme Security in the Presence of Key-Dependent Messages},
      howpublished = {Cryptology ePrint Archive, Paper 2002/100},
      year = {2002},
      note = {\url{https://eprint.iacr.org/2002/100}},
      url = {https://eprint.iacr.org/2002/100}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.