As a general design criterion, a symmetric key cipher should not be closed under functional composition due to the implications on the security of the cipher. However, there are scenarios in which this property is desirable and can be obtained without reducing the security of a cipher by increasing the computational workload of the cipher. We expand the idea of a symmetric key cipher being closed under functional composition to a more general scenario where there exists a function that converts the ciphertext resulting from encryption under a specific key to the ciphertext corresponding to encryption with another key. We show how to perform such a conversion without exposing the plaintext. We discuss the tradeoff between the computational workload and security, and the relationship between such conversions and proxy cryptography. We conclude with a description of some practical applications of our results.
Debra L. Cook, Angelos D. Keromytis