keynote

Key dependent message security: recent results and applications

Authors:

Isamu Teranishi,

Moti YungAuthors Info & Claims

CODASPY '11: Proceedings of the first ACM conference on Data and application security and privacy

Pages 3 - 12

https://doi.org/10.1145/1943513.1943516

Published: 21 February 2011 Publication History

Abstract

An encryption scheme is Key Dependent Message (KDM) secure if it is secure even against an attacker who has access to encryptions of messages which depend on the secret key. Recent studies have revealed that this strong security notion is important both theoretically and practically. In this paper we review the defnition, and survey recent results and applications of KDM security.

References

[1]

M. Abadi and P. Rogaway. Reconciling two views of cryptography (the computational soundness of formal encryption). J. Cryptology, 20(3):395, 2007.

Digital Library

[2]

T. Acar, M. Belenkiy, M. Bellare, and D. Cash. Cryptographic agility and its relation to circular encryption. In Gilbert {21}, pages 403--422.

[3]

P. Adão, G. Bana, J. Herzog, and A. Scedrov. Soundness of formal encryption in the presence of key-cycles. In S. D. C. di Vimercati, P. F. Syverson, and D. Gollmann, editors, ESORICS, volume 3679 of Lecture Notes in Computer Science, pages 374--396. Springer, 2005.

[4]

B. Applebaum. Key-dependent message security: Generic amplification and completeness theorems. Cryptology ePrint Archive, Report 2010/513, 2010. http://eprint.iacr.org/.

[5]

B. Applebaum, D. Cash, C. Peikert, and A. Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In S. Halevi, editor, CRYPTO, volume 5677 of Lecture Notes in Computer Science, pages 595--618. Springer, 2009.

Digital Library

[6]

M. Backes, M. Dürmuth, and D. Unruh. Oaep is secure under key-dependent messages. In J. Pieprzyk, editor, ASIACRYPT, volume 5350 of Lecture Notes in Computer Science, pages 506--523. Springer, 2008.

Digital Library

[7]

M. Backes, B. Pfitzmann, and A. Scedrov. Key-dependent message security under active attacks - BRSIM/UC-soundness of Dolev-Yao-style encryption with key cycles. Journal of Computer Security, 16(5):497--530, 2008.

Digital Library

[8]

B. Barak, I. Haitner, D. Hofheinz, and Y. Ishai. Bounded key-dependent message security. In Gilbert {21}, pages 423--444.

[9]

M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Conference on Computer and Communications Security, pages 62--73, 1993.

Digital Library

[10]

M. Bellare and P. Rogaway. Optimal asymmetric encryption. In EUROCRYPT, pages 92--111, 1994.

[11]

J. Black, P. Rogaway, and T. Shrimpton. Encryption-scheme security in the presence of key-dependent messages. In K. Nyberg and H. M. Heys, editors, Selected Areas in Cryptography, volume 2595 of Lecture Notes in Computer Science, pages 62--75. Springer, 2002.

Digital Library

[12]

D. Boneh, S. Halevi, M. Hamburg, and R. Ostrovsky. Circular-secure encryption from decision Diffie-Hellman. In D. Wagner, editor, CRYPTO, volume 5157 of Lecture Notes in Computer Science, pages 108--125. Springer, 2008.

Digital Library

[13]

D. Boneh and R. Venkatesan. Breaking RSA may not be equivalent to factoring. In EUROCRYPT, pages 59--71, 1998.

[14]

Z. Brakerski and S. Goldwasser. Circular and leakage resilient public-key encryption under subgroup indistinguishability - (or: Quadratic residuosity strikes back). In T. Rabin, editor, CRYPTO, volume 6223 of Lecture Notes in Computer Science, pages 1--20. Springer, 2010.

Digital Library

[15]

Z. Brakerski, S. Goldwasser, and Y. Kalai. Circular-secure encryption beyond affine functions. Cryptology ePrint Archive, Report 2009/485, 2009. http://eprint.iacr.org/ to appear in TCC 2010.

[16]

J. Camenisch, N. Chandran, and V. Shoup. A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks. In A. Joux, editor, EUROCRYPT, volume 5479 of Lecture Notes in Computer Science, pages 351--368. Springer, 2009.

Digital Library

[17]

J. Camenisch and A. Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In B. Pfitzmann, editor, EUROCRYPT, volume 2045 of Lecture Notes in Computer Science, pages 93--118. Springer, 2001.

Digital Library

[18]

R. Canetti, Y. T. Kalai, M. Varia, and D. Wichs. On symmetric encryption and point obfuscation. In D. Micciancio, editor, TCC, volume 5978 of Lecture Notes in Computer Science, pages 52--71. Springer, 2010.

Digital Library

[19]

D. Dolev and A. C.-C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198--207, 1983.

Digital Library

[20]

C. Gentry. Fully homomorphic encryption using ideal lattices. In M. Mitzenmacher, editor, STOC, pages 169--178. ACM, 2009.

Digital Library

[21]

H. Gilbert, editor. Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30 - June 3, 2010. Proceedings, volume 6110 of Lecture Notes in Computer Science. Springer, 2010.

Digital Library

[22]

S. Goldwasser and S. Micali. Probabilistic encryption. J. Comput. Syst. Sci., 28(2):270--299, 1984.

[23]

M. Green and S. Hohenberger. CPA and CCA-secure encryption systems that are not 2-circular secure. Cryptology ePrint Archive, Report 2010/144, 2010. http://eprint.iacr.org/.

[24]

J. Groth and A. Sahai. Efficient non-interactive proof systems for bilinear groups. In Smart {39}, pages 415--432.

[25]

I. Haitner and T. Holenstein. On the (im)possibility of key dependent encryption. In O. Reingold, editor, TCC, volume 5444 of Lecture Notes in Computer Science, pages 202--219. Springer, 2009.

Digital Library

[26]

S. Halevi and H. Krawczyk. Security under key-dependent inputs. In P. Ning, S. D. C. di Vimercati, and P. F. Syverson, editors, ACM Conference on Computer and Communications Security, pages 466--475. ACM, 2007.

Digital Library

[27]

D. Hofheinz and E. Kiltz. Secure hybrid encryption from weakened key encapsulation. In A. Menezes, editor, CRYPTO, volume 4622 of Lecture Notes in Computer Science, pages 553--571. Springer, 2007.

Digital Library

[28]

D. Hofheinz and D. Unruh. Towards key-dependent message security in the standard model. In Smart {39}, pages 108--126.

[29]

M. Liskov, R. L. Rivest, and D. Wagner. Tweakable block ciphers. In M. Yung, editor, CRYPTO, volume 2442 of Lecture Notes in Computer Science, pages 31--46. Springer, 2002.

Digital Library

[30]

T. Malkin, I. Teranishi, and M. Yung. Efficient block-wise PKE with KDM security under a flexible slp queries. Cryptology ePrint Archive, 2011. http://eprint.iacr.org/ (to appear).

[31]

IEEE P1619. Standard for cryptographic protection of data on block-oriented storage devices, 2007.

[32]

IEEE P1619 email archive, 2007. http://grouper.ieee.org/groups/1619/email.

[33]

M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In STOC, pages 427--437. ACM, 1990.

Digital Library

[34]

B. Pfitzmann and M. Waidner. Composition and integrity preservation of secure reactive systems. In ACM Conference on Computer and Communications Security, pages 245--254, 2000.

Digital Library

[35]

O. Regev. On lattices, learning with errors, random linear codes, and cryptography. J. ACM, 56(6), 2009.

Digital Library

[36]

O. Reingold, L. Trevisan, and S. P. Vadhan. Notions of reducibility between cryptographic primitives. In M. Naor, editor, TCC, volume 2951 of Lecture Notes in Computer Science, pages 1--20. Springer, 2004.

[37]

P. Rogaway. Efficient instantiations of tweakable blockciphers and refinements to modes ocb and pmac. In P. J. Lee, editor, ASIACRYPT, volume 3329 of Lecture Notes in Computer Science, pages 16--31. Springer, 2004.

[38]

H. Shacham. A Cramer-Shoup encryption scheme from the linear assumption and from progressively weaker linear variants. Cryptology ePrint Archive, Report 2007/074, 2007. http://eprint.iacr.org/.

[39]

N. P. Smart, editor. Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13--17, 2008. Proceedings, volume 4965 of Lecture Notes in Computer Science. Springer, 2008.

Digital Library

Cited By

Nakamura WTakahashi K(2023)A Biometric Signature Scheme with Template Protection and Authenticated Sample Recoverability2023 Asia Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC)10.1109/APSIPAASC58517.2023.10317408(1784-1791)Online publication date: 31-Oct-2023
https://doi.org/10.1109/APSIPAASC58517.2023.10317408
Qin BLiu SHuang Z(2013)Key-Dependent Message Chosen-Ciphertext Security of the Cramer-Shoup CryptosystemInformation Security and Privacy10.1007/978-3-642-39059-3_10(136-151)Online publication date: 2013
https://doi.org/10.1007/978-3-642-39059-3_10
Malkin TTeranishi IYung M(2011)Efficient circuit-size independent public key encryption with KDM securityProceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology10.5555/2008684.2008723(507-526)Online publication date: 15-May-2011
https://dl.acm.org/doi/10.5555/2008684.2008723
Show More Cited By

Index Terms

Key dependent message security: recent results and applications
1. Applied computing
  1. Electronic commerce
    1. Secure online transactions
2. Security and privacy

Recommendations

On the Key Dependent Message Security of the Fujisaki-Okamoto Constructions
Proceedings, Part I, of the 19th IACR International Conference on Public-Key Cryptography --- PKC 2016 - Volume 9614

In PKC 1999, Fujisaki and Okamoto showed how to convert any public key encryption PKE scheme secure against chosen plaintext attacks CPA to a PKE scheme which is secure against chosen ciphertext attacks CCA in the random oracle model. Surprisingly, the ...
Security under key-dependent inputs
CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

In this work we re-visit the question of building cryptographic primitives that remain secure even when queried on inputs that depend on the secret key. This was investigated by Black, Rogaway, and Shrimpton in the context of randomized encryption ...
Key-dependent message security: generic amplification and completeness
EUROCRYPT'11: Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology

Key-dependent message (KDM) secure encryption schemes provide secrecy even when the attacker sees encryptions of messages related to the secret-key sk. Namely, the scheme should remain secure even when messages of the form f(sk) are encrypted, where f ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '11: Proceedings of the first ACM conference on Data and application security and privacy

February 2011

294 pages

ISBN:9781450304665

DOI:10.1145/1943513

General Chair:
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Elisa Bertino
Purdue University, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 February 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Keynote

Conference

CODASPY '11

Sponsor:

SIGSAC

CODASPY '11: First ACM Conference on Data and Application Security and Privacy

February 21 - 23, 2011

TX, San Antonio, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
341
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)1

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Nakamura WTakahashi K(2023)A Biometric Signature Scheme with Template Protection and Authenticated Sample Recoverability2023 Asia Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC)10.1109/APSIPAASC58517.2023.10317408(1784-1791)Online publication date: 31-Oct-2023
https://doi.org/10.1109/APSIPAASC58517.2023.10317408
Qin BLiu SHuang Z(2013)Key-Dependent Message Chosen-Ciphertext Security of the Cramer-Shoup CryptosystemInformation Security and Privacy10.1007/978-3-642-39059-3_10(136-151)Online publication date: 2013
https://doi.org/10.1007/978-3-642-39059-3_10
Malkin TTeranishi IYung M(2011)Efficient circuit-size independent public key encryption with KDM securityProceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology10.5555/2008684.2008723(507-526)Online publication date: 15-May-2011
https://dl.acm.org/doi/10.5555/2008684.2008723
Malkin TTeranishi IYung M(2011)Efficient Circuit-Size Independent Public Key Encryption with KDM SecurityAdvances in Cryptology – EUROCRYPT 201110.1007/978-3-642-20465-4_28(507-526)Online publication date: 2011
https://doi.org/10.1007/978-3-642-20465-4_28

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten