Paper 2002/100

Encryption-Scheme Security in the Presence of Key-Dependent Messages

J. Black, P. Rogaway, and T. Shrimpton

Abstract

Encryption that is only semantically secure should not be used on messages that depend on the underlying secret key; all bets are off when, for example,one encrypts using a shared key K the value K. Here we introduce a new notion of security, KDM security, appropriate for key-dependent messages. The notion makes sense in both the public-key and shared-key settings. For the latter we show that KDM security is easily achievable within the random-oracle model. By developing and achieving stronger notions of encryption-scheme security it is hoped that protocols which are proven secure under ``formal'' models of security can, in time, be safely realized by generically instantiating their primitives.

Metadata
Available format(s)
PDF PS
Category
Foundations
Publication info
Published elsewhere. To appear at SAC'02
Keywords
Definitions``formal'' cryptographysemantic securitysymmetric encryption
Contact author(s)
teshrim @ ucdavis edu
History
2002-07-25: received
Short URL
https://ia.cr/2002/100
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2002/100,
      author = {J.  Black and P.  Rogaway and T.  Shrimpton},
      title = {Encryption-Scheme Security in the Presence of Key-Dependent Messages},
      howpublished = {Cryptology ePrint Archive, Paper 2002/100},
      year = {2002},
      note = {\url{https://eprint.iacr.org/2002/100}},
      url = {https://eprint.iacr.org/2002/100}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.