Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP

Brakerski, Zvika

doi:10.1007/978-3-642-32009-5_50

Cited by 769 publications

(592 citation statements)

References 20 publications

Supporting

Mentioning

486

Contrasting

Unclassified

Order By: Relevance

“…In this paper, we continue the line of work of [LMSV12,ZPS12] to present key recovery attacks for the schemes [BV11b,BV11a,GSW13,Bra12]. Our attacks can also be applied to the SHE scheme in [BGV12].…”

Section: Our Contributionsmentioning

confidence: 80%

“…In this paper, we showed that the SHE schemes from [BV11b,BV11a,BGV12,Bra12,GSW13] suffer from key recovery attacks when the attacker is given access to the decryption oracle. Combining the results from [LMSV12,ZPS12], we now know that most existing SHE schemes suffer from key recovery attacks, and so they are not IND-CCA1 secure.…”

Section: Resultsmentioning

confidence: 99%

“…(3) The third category starts with Brakerski and Vaikuntanathan [BV11b,BV11a]. More variants appear in [NLV11,BGV12,GHS12b,Bra12,GSW13]. The security of these schemes are based on the learning with errors (LWE) and on the ring-learning with errors (RLWE) problems.…”

Section: Related Workmentioning

confidence: 99%

“…In this section, we describe a key recovery attack against the SHE scheme from [Bra12]. The scheme uses, as a building block, Regev's [Reg05] public-key encryption scheme.…”

Section: Setup(λ)mentioning

confidence: 99%

“…The scheme uses, as a building block, Regev's [Reg05] public-key encryption scheme. It is then enough to show a key recovery attack on Regev's scheme since the full [Bra12] can be attacked exactly as the basic Regev's encryption scheme (the only differences between the two schemes are in the evaluation step which is missing in Regev's scheme). Let's first recall Regev's encryption scheme.…”

Section: Setup(λ)mentioning

confidence: 99%

See 4 more Smart Citations

On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes

Chenal

Tang

2015

Progress in Cryptology - LATINCRYPT 2014

View full text Add to dashboard Cite

In this paper, we continue this line of research and show that most existing somewhat homomorphic encryption schemes are not IND-CCA1 secure. In fact, we show that these schemes suffer from key recovery attacks (stronger than a typical IND-CCA1 attack), which allow an adversary to recover the private keys through a number of decryption oracle queries. The schemes, that we study in detail, include those by Brakerski and Vaikuntanathan at Crypto 2011 and FOCS 2011, and that by Gentry, Sahai and Waters at Crypto 2013. We also develop a key recovery attack that applies to the somewhat homomorphic encryption scheme by van Dijk et al., and our attack is more efficient and conceptually simpler than the one developed by Zhang et al.. Our key recovery attacks also apply to the scheme by Brakerski, Gentry and Vaikuntanathan at ITCS 2012, and we also describe a key recovery attack for the scheme developed by Brakerski at Crypto 2012.

show abstract

Section: Our Contributionsmentioning

confidence: 80%

Section: Resultsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

“…In this section, we describe a key recovery attack against the SHE scheme from [Bra12]. The scheme uses, as a building block, Regev's [Reg05] public-key encryption scheme.…”

Section: Setup(λ)mentioning

confidence: 99%

Section: Setup(λ)mentioning

confidence: 99%

See 3 more Smart Citations

On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes

Chenal

Tang

2015

Progress in Cryptology - LATINCRYPT 2014

View full text Add to dashboard Cite

show abstract

Processing Encrypted Multimedia Data Using Homomorphic Encryption

Canard

Carpov

Fontaine

et al. 2022

Multimedia Security 2

View full text Add to dashboard Cite

Pre‐image sample algorithm with irregular Gaussian distribution and construction of identity‐based signature

Yan

Wang

et al. 2016

Concurrency and Computation

View full text Add to dashboard Cite

Summary Lattice has become an attractive cryptographic tool due to its potential resistance to quantum attacks, worst‐case hardness, simple computation kind, and flexibility. The pre‐image sample algorithm is the most fundamental algorithm in lattice‐based cryptography for its comprehensive applications in various primitives. Currently, boldSampleDscriptO due to Micciancio and Peikert (MP) sample algorithm is the most efficient pre‐image sample algorithm. However, this algorithm also needs massive computations. On the one hand, it expenses the cube of the lattice dimension multiplications over reals to set matrices as Gaussian parameters. On the other hand, it needs complex discrete convolution computations. First, this paper proposes an efficient pre‐image sample algorithm with outputs obeying irregular Gaussian distribution. Two measures are adopted to prevent the leakage of the geometrical property of trapdoor caused by irregular Gaussian outputs. A variant of MP trapdoor is proposed, and a new trapdoor is randomly assembled from a big enough space in each sample. Although still using a matrix as the Guassian parameter, in the proposed algorithm, the computational cost to set Gaussian parameters is zero. Meanwhile, the computational overhead for every sample is far less than that of MP sample algorithm. Second, to demonstrate the security and efficiency of the proposed sample algorithm, a hierarchical identity‐based signature scheme is put forward. This scheme is proved existentially unforgeable against selective identity adaptively chosen‐message attacks. Furthermore, the theoretical analysis shows that the proposed identity‐based signature is more efficient than the existing schemes. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP

Cited by 769 publications

References 20 publications

On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes

On Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes

Processing Encrypted Multimedia Data Using Homomorphic Encryption

Pre‐image sample algorithm with irregular Gaussian distribution and construction of identity‐based signature

Contact Info

Product

Resources

About