**A Quasipolynomial Reduction for Generalized Selective Decryption on Trees**

*Georg Fuchsbauer and Zahra Jafargholi and Krzysztof Pietrzak*

**Abstract: **Generalized Selective Decryption (GSD), introduced by Panjwani [TCC’07], is a game for a symmetric encryption scheme Enc that captures the difficulty of proving adaptive security of certain protocols, most notably the Logical Key Hierarchy (LKH) multicast encryption protocol. In the GSD game there are n keys k1, . . . , kn, which the adversary may adaptively corrupt (learn); moreover, it can ask for encryptions Enc_ki (kj ) of keys under other keys. The adversary’s task is to distinguish keys (which it cannot trivially compute) from random. Proving the hardness of GSD assuming only IND-CPA security of Enc is surprisingly hard. Using “complexity leveraging” loses a factor exponential in n, which makes the proof practically meaningless.
We can think of the GSD game as building a graph on n vertices, where we add an edge i → j when the adversary asks for an encryption of kj under ki. If restricted to graphs of depth l, Panjwani gave a reduction that loses only a factor exponential in l (not n). To date, this is the only non-trivial result known for GSD.
In this paper we give almost-polynomial reductions for large classes of graphs. Most importantly, we prove the security of the GSD game restricted to trees losing only a quasi-polynomial factor n^(3 log n+5). Trees are an important special case capturing real-world protocols like the LKH protocol. Our new bound improves upon Panjwani’s on some LKH variants proposed in the literature where the underlying tree is not balanced. Our proof builds on ideas from the “nested hybrids” technique recently introduced by Fuchsbauer et al. [Asiacrypt’14] for proving the adaptive security of constrained PRFs.

**Category / Keywords: **Nested Hybrids, Broadcast Encryption, Multicast Encryption, Logical Key Hierarchy

**Original Publication**** (with minor differences): **IACR-CRYPTO-2015

**Date: **received 18 Apr 2016

**Contact author: **zahra at ccs neu edu

**Available format(s): **PDF | BibTeX Citation

**Version: **20160419:170337 (All versions of this report)

**Short URL: **ia.cr/2016/389

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]