One interesting question is whether circular security comes for free from IND-CPA security. Recent works have addressed this question, showing that for all integers n, there exists an IND-CPA scheme that is not n-circular secure. However, this leaves open the possibility that for every IND-CPA cryptosystem, there exists a cycle length l, dependent on the cryptosystem (and the security parameter) such that the scheme is l-circular secure. If this is true, then this would directly lead to many applications, in particular, it would give us a fully homomorphic encryption scheme via Gentry’s bootstrapping.
In this work, we show that is not true. Assuming indistinguishability obfuscation and leveled homomorphic encryption, we construct an IND-CPA scheme such that for all cycle lengths l, the scheme is not l-circular secure.
Category / Keywords: Circular Security Original Publication (in the same form): IACR-PKC-2017 Date: received 13 Feb 2017 Contact author: rgoyal at cs utexas edu Available format(s): PDF | BibTeX Citation Version: 20170216:215813 (All versions of this report) Short URL: ia.cr/2017/123 Discussion forum: Show discussion | Start new discussion