## Cryptology ePrint Archive: Report 2017/146

Toward Fine-Grained Blackbox Separations Between Semantic and Circular-Security Notions

Abstract: We address the problems of whether t-circular-secure encryption can be based on (t-1)-circular-secure encryption or on semantic (CPA) security, if t = 1. While for t = 1 a folklore construction, based on CPA-secure encryption, can be used to build a 1-circular-secure encryption with the same secret-key and message space, no such constructions are known for the bit-encryption case, which is of particular importance in fully-homomorphic encryption. Also, for $t \geq 2$, all constructions of t-circular-secure encryption (bitwise or otherwise) are based on specific assumptions.

We make progress toward these problems by ruling out all fully-blackbox constructions of

-- 1-seed circular-secure public-key bit encryption from CPA-secure public-key encryption;

-- t-seed circular-secure public-key encryption from (t-1)-seed circular-secure public-key encryption, for any $t \geq 2$.

Informally, seed-circular security is a variant of the circular security notion in which the seed of the key-generation algorithm, instead of the secret key, is encrypted. We also show how to extend our first result to rule out a large and non-trivial class of constructions of 1-circular-secure bit encryption, which we dub key-isolating constructions.

Our separation model follows that of Gertner, Malkin and Reingold (FOCS’01), which is a weaker separation model than that of Impagliazzo and Rudich.

Category / Keywords: foundations / Black-box separations, circular security

Original Publication (with minor differences): IACR-EUROCRYPT-2017

Date: received 15 Feb 2017, last revised 9 Mar 2017

Contact author: m hajiabadi at ucl ac uk

Available format(s): PDF | BibTeX Citation

Note: Fixed some typos.

Short URL: ia.cr/2017/146

[ Cryptology ePrint archive ]