Achievable CCA2 Relaxation for Homomorphic Encryption

Adi Akavia, Craig Gentry, Shai Halevi, Margarita Vald

Research output: Contribution to journalArticlepeer-review

Abstract

Homomorphic encryption (HE) protects data in-use, but can be computationally expensive. To avoid the costly bootstrapping procedure that refreshes ciphertexts, some works have explored client-aided outsourcing protocols, where the client intermittently refreshes ciphertexts for a server that is performing homomorphic computations. But is this approach secure against malicious servers? We present a CPA-secure encryption scheme that is completely insecure in this setting. We define a new notion of security, called funcCPA, that we prove is sufficient. Additionally, we show: Homomorphic encryption schemes that have a certain type of circuit privacy—for example, schemes in which ciphertexts can be “sanitized"—are funcCPA-secure. In particular, assuming certain existing HE schemes are CPA-secure, they are also funcCPA-secure. For certain encryption schemes, like Brakerski-Vaikuntanathan, that have a property that we call oblivious secret key extraction, funcCPA-security implies circular security—i.e., that it is secure to provide an encryption of the secret key in a form usable for bootstrapping (to construct fully homomorphic encryption).

Original languageAmerican English
Article number5
JournalJournal of Cryptology
Volume38
Issue number1
DOIs
StatePublished - Jan 2025

Keywords

  • Chosen ciphertext attack
  • Chosen plaintext attack
  • Client aided protocols
  • Cryptographic protocols
  • Functional bootstrapping oracle
  • Homomorphic encryption

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Science Applications
  • Applied Mathematics

Cite this