Separating IND-CPA and Circular Security for Unbounded Length Key Cycles

Rishab Goyal, Venkata Koppula, and Brent Waters

Abstract

A public key encryption scheme is said to be n-circular secure if no PPT adversary can distinguish between encryptions of an n length key cycle and n encryptions of zero. One interesting question is whether circular security comes for free from IND-CPA security. Recent works have addressed this question, showing that for all integers n, there exists an IND-CPA scheme that is not n-circular secure. However, this leaves open the possibility that for every IND-CPA cryptosystem, there exists a cycle length l, dependent on the cryptosystem (and the security parameter) such that the scheme is l-circular secure. If this is true, then this would directly lead to many applications, in particular, it would give us a fully homomorphic encryption scheme via Gentry’s bootstrapping. In this work, we show that is not true. Assuming indistinguishability obfuscation and leveled homomorphic encryption, we construct an IND-CPA scheme such that for all cycle lengths l, the scheme is not l-circular secure.

Available format(s)
Publication info
Published by the IACR in PKC 2017
Keywords
Circular Security
Contact author(s)
rgoyal @ cs utexas edu
History
Short URL
https://ia.cr/2017/123

CC BY

BibTeX

@misc{cryptoeprint:2017/123,
author = {Rishab Goyal and Venkata Koppula and Brent Waters},
title = {Separating IND-CPA and Circular Security for Unbounded Length Key Cycles},
howpublished = {Cryptology ePrint Archive, Paper 2017/123},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/123}},
url = {https://eprint.iacr.org/2017/123}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.