Circular Chosen-Ciphertext Security With Compact Ciphertexts
A Key-Dependent Message (KDM) secure encryption scheme is secure even if an adversary obtains encryptions of messages that depend on the secret key. Such key-dependent encryptions naturally occur in scenarios such as hard disk encryption, formal cryptography, or in specific protocols. However, there are not many provably secure constructions of KDM-secure encryption schemes. Moreover, only one construction, due to Camenisch, Chandran, and Shoup is known to be secure against active (i.e., CCA) attacks. In this paper, the authors construct the first public-key encryption scheme that is KDM-secure against active adversaries and has compact ciphertexts.