Iftach Haitner scite author profile

Abstract. We construct the first public-key encryption scheme that is proven secure (in the standard model, under standard assumptions) even when the attacker gets access to encryptions of arbitrary efficient functions of the secret key. Specifically, under either the DDH or LWE assumption, and for arbitrary but fixed polynomials L and N , we obtain a public-key encryption scheme that resists key-dependent message (KDM) attacks for up to N (k) public keys and functions of circuit size up to L(k), where k denotes the size of the secret key. We call such a scheme bounded KDM secure. Moreover, we show that our scheme suffices for one of the important applications of KDM security: ability to securely instantiate symbolic protocols with axiomatic proofs of security.We also observe that any fully homomorphic encryption scheme that additionally enjoys circular security and circuit privacy is fully KDM secure in the sense that its algorithms can be independent of the polynomials L and N as above. Thus, the recent fully homomorphic encryption scheme of Gentry (STOC 2009) is fully KDM secure under certain non-standard hardness assumptions.Finally, we extend an impossibility result of Haitner and Holenstein (TCC 2009), showing that it is impossible to prove KDM security against a family of query functions that contains exponentially hard pseudorandom functions if the proof makes only a black-box use of the query function and the adversary attacking the scheme. This shows that the non-black-box use of the query function in our proof of security is inherent.

show abstract

On the Power of the Randomized Iterate

Haitner¹,

Harnik²,

Reingold³

2011

SIAM J. Comput.

View full text Add to dashboard Cite

On the (Im)Possibility of Key Dependent Encryption

Haitner

Holenstein

2009

View full text Add to dashboard Cite

We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results that hold both in the private and in the public key settings:-Let H be the family of poly(n)-wise independent hash-functions. There exists no fully-black-box reduction from an encryption scheme secure against key-dependent messages to one-way permutations (and also to families of trapdoor permutations) if the adversary can obtain encryptions of h(k) for h ∈ H.-There exists no reduction from an encryption scheme secure against key-dependent messages to, essentially, any cryptographic assumption, if the adversary can obtain an encryption of g(k) for an arbitrary g, as long as the reduction's proof of security treats both the adversary and the function g as black boxes.

show abstract

Efficiency Improvements in Constructing Pseudorandom Generators from One-Way Functions

Haitner¹,

Reingold²,

Vadhan³

2013

SIAM J. Comput.

View full text Add to dashboard Cite

Inaccessible entropy

Haitner

Reingold

Vadhan

et al. 2009

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Iftach Haitner

Bounded Key-Dependent Message Security

On the Power of the Randomized Iterate

On the (Im)Possibility of Key Dependent Encryption

Efficiency Improvements in Constructing Pseudorandom Generators from One-Way Functions

Inaccessible entropy

Contact Info

Product

Resources

About