 
Summary: KeyDependent Message Security:
Generic Amplification and Completeness
Benny Applebaum
February 6, 2011
Abstract
Keydependent message (KDM) secure encryption schemes provide secrecy even when the
attacker sees encryptions of messages related to the secretkey sk. Namely, the scheme should
remain secure even when messages of the form f(sk) are encrypted, where f is taken from
some function class F. A KDM amplification procedure takes an encryption scheme which
satisfies FKDM security and boost it into a GKDM secure scheme, where the function class
G should be richer than F. It was recently shown by Brakerski et al. (TCC 2011) and Barak
et al. (EUROCRYPT 2010), that a strong form of amplification is possible, provided that the
underlying encryption scheme satisfies some special additional properties.
In this work, we prove the first generic KDM amplification theorem which relies solely on the
KDM security of the underlying scheme without making any other assumptions. Specifically,
we show that an elementary form of KDM security against functions in which each output bit
either copies or flips a single bit of the key (aka projections) can be amplified into KDM security
with respect to any function family that can be computed in arbitrary fixed polynomialtime.
Furthermore, our amplification theorem and its proof are insensitive to the exact setting of KDM
security, and they hold in the presence of multiplekeys and in the symmetrickey/publickey and
