Impossibility of strong kdm security with auxiliary input

Cody Freitag*, Ilan Komargodski, Rafael Pass

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We show that a strong notion of KDM security cannot be obtained by any encryption scheme in the auxiliary input setting, assuming Learning With Errors (LWE) and one-way permutations. The notion of security we deal with guarantees that for any (possibly inefficient) function f, it is computationally hard to distinguish between an encryption of $$\mathbf {0}$$ and an encryption of $$f(\mathsf {pk}, z)$$, where $$\mathsf {pk} $$ is the public key and z is the auxiliary input. Furthermore, we show that this holds even when restricted to bounded-length auxiliary input where z is much shorter than $$\mathsf {pk} $$ under the additional assumption that (non-leveled) fully homomorphic encryption exists.

Original languageEnglish
Title of host publicationSecurity and Cryptography for Networks - 12th International Conference, SCN 2020, Proceedings
EditorsClemente Galdi, Vladimir Kolesnikov
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages13
ISBN (Print)9783030579890
StatePublished - 2020
Externally publishedYes
Event12th International Conference on Security and Cryptography for Networks, SCN 2020 - Amalfi, Italy
Duration: 14 Sep 202016 Sep 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12238 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference12th International Conference on Security and Cryptography for Networks, SCN 2020


FundersFunder number
National Science FoundationSATC-1704788, RI-1703846
Air Force Office of Scientific ResearchFA9550-18-1-0267, DGE-1650441
Office of the Director of National Intelligence
Intelligence Advanced Research Projects Activity2019-19-020700006


    Dive into the research topics of 'Impossibility of strong kdm security with auxiliary input'. Together they form a unique fingerprint.

    Cite this