A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf
.
Three's Compromised Too: Circular Insecurity for Any Cycle Length from (Ring-)LWE
[chapter]
2016
Lecture Notes in Computer Science
Informally, a public-key encryption scheme is k-circular secure if a cycle of k encrypted secret keys (Enc pk1 (sk 2 ), Enc pk2 (sk 3 ), . . . , Enc pk k (sk 1 )) is indistinguishable from encryptions of zeros. Circular security has applications in a wide variety of settings, ranging from security of symbolic protocols to fully homomorphic encryption. A fundamental question is whether standard security notions like IND-CPA/CCA imply k-circular security. For the case k = 2, several works over
doi:10.1007/978-3-662-53008-5_23
fatcat:xlv7wvkb6nfttefkbqcjbmufry