On Generic Constructions of Circularly-Secure, Leakage-Resilient Public-Key Encryption Schemes.

We propose generic constructions of public-key encryption schemes, satisfying key-dependent message KDM security for projections and different forms of key-leakage resilience, from CPA-secure private-key encryption schemes with two main abstract properties: 1 a form of additive homomorphism with respect to both plaintexts and randomness, and 2 reproducibility, providing a means for reusing encryption randomness across independent secret keys. More precisely, our construction transforms a private-key scheme with the stated properties and one more mild condition into a public-key one, providing: KDM-projection security, an extension of circular security, where the adversary may also ask for encryptions of negated secret key bits;a $$1-o1$$ resilience rate in the bounded-memory leakage model of Akavia et al. TCC 2009; andAuxiliary-input security against subexponentially-hard functions. We introduce homomorphic weak pseudorandom functions, a homomorphic version of the weak PRFs proposed by Naor and Reingold FOCS '95 and use them to realize our base encryption scheme. We in turn obtain homomorphic weak PRFs from homomorphic hash-proof systemsHHPS. We also show how the base encryption scheme may be realized using subgroup indistinguishability implied, in particular, by quadratic residuosity QR and decisional composite residuosity DCR. As corollaries of our results, we obtain 1 the first multiple-key projection-secure bit-encryption scheme as well as the first scheme with a $$1-o1$$ resilience rate based solely on the HHPS assumption, and 2 a unifying approach explaining the results of Boneh et al. CRYPTO '08 and Brakerski and Goldwasser CRYPTO '10. Finally, by observing that Applebaum's KDM amplification method EUROCRYPT '11 preserves both types of leakage resilience, we obtain schemes providing at the same time high leakage resilience and KDM security against any fixed polynomial-sized circuit family.