Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Key-Dependent Message Security: Generic Amplification and Completeness

Summary: Key-Dependent Message Security:
Generic Amplification and Completeness
Benny Applebaum
February 6, 2011
Key-dependent message (KDM) secure encryption schemes provide secrecy even when the
attacker sees encryptions of messages related to the secret-key sk. Namely, the scheme should
remain secure even when messages of the form f(sk) are encrypted, where f is taken from
some function class F. A KDM amplification procedure takes an encryption scheme which
satisfies F-KDM security and boost it into a G-KDM secure scheme, where the function class
G should be richer than F. It was recently shown by Brakerski et al. (TCC 2011) and Barak
et al. (EUROCRYPT 2010), that a strong form of amplification is possible, provided that the
underlying encryption scheme satisfies some special additional properties.
In this work, we prove the first generic KDM amplification theorem which relies solely on the
KDM security of the underlying scheme without making any other assumptions. Specifically,
we show that an elementary form of KDM security against functions in which each output bit
either copies or flips a single bit of the key (aka projections) can be amplified into KDM security
with respect to any function family that can be computed in arbitrary fixed polynomial-time.
Furthermore, our amplification theorem and its proof are insensitive to the exact setting of KDM
security, and they hold in the presence of multiple-keys and in the symmetric-key/public-key and


Source: Applebaum, Benny - Faculty of Mathematics and Computer Science, Weizmann Institute of Science


Collections: Computer Technologies and Information Sciences