Impossibility of strong kdm security with auxiliary input

Cody Freitag*, Ilan Komargodski, Rafael Pass

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We show that a strong notion of KDM security cannot be obtained by any encryption scheme in the auxiliary input setting, assuming Learning With Errors (LWE) and one-way permutations. The notion of security we deal with guarantees that for any (possibly inefficient) function f, it is computationally hard to distinguish between an encryption of $$\mathbf {0}$$ and an encryption of $$f(\mathsf {pk}, z)$$, where $$\mathsf {pk} $$ is the public key and z is the auxiliary input. Furthermore, we show that this holds even when restricted to bounded-length auxiliary input where z is much shorter than $$\mathsf {pk} $$ under the additional assumption that (non-leveled) fully homomorphic encryption exists.

Original languageEnglish
Title of host publicationSecurity and Cryptography for Networks - 12th International Conference, SCN 2020, Proceedings
EditorsClemente Galdi, Vladimir Kolesnikov
PublisherSpringer Science and Business Media Deutschland GmbH
Pages512-524
Number of pages13
ISBN (Print)9783030579890
DOIs
StatePublished - 2020
Externally publishedYes
Event12th International Conference on Security and Cryptography for Networks, SCN 2020 - Amalfi, Italy
Duration: 14 Sep 202016 Sep 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12238 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference12th International Conference on Security and Cryptography for Networks, SCN 2020
Country/TerritoryItaly
CityAmalfi
Period14/09/2016/09/20

Bibliographical note

Publisher Copyright:
© Springer Nature Switzerland AG 2020.

Fingerprint

Dive into the research topics of 'Impossibility of strong kdm security with auxiliary input'. Together they form a unique fingerprint.

Cite this