International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Achievable CCA2 Relaxation for Homomorphic Encryption

Authors:
Adi Akavia
Craig Gentry
Shai Halevi
Margarita Vald
Download:
DOI: 10.1007/s00145-024-09526-1
Search ePrint
Search Google
Abstract: Abstract Homomorphic encryption () protects data in-use, but can be computationally expensive. To avoid the costly bootstrapping procedure that refreshes ciphertexts, some works have explored client-aided outsourcing protocols, where the client intermittently refreshes ciphertexts for a server that is performing homomorphic computations. But is this approach secure against malicious servers? We present a -secure encryption scheme that is completely insecure in this setting. We define a new notion of security, called , that we prove is sufficient. Additionally, we show: Homomorphic encryption schemes that have a certain type of circuit privacy—for example, schemes in which ciphertexts can be “sanitized"—are -secure. In particular, assuming certain existing schemes are -secure, they are also -secure. For certain encryption schemes, like Brakerski-Vaikuntanathan, that have a property that we call oblivious secret key extraction, -security implies circular security—i.e., that it is secure to provide an encryption of the secret key in a form usable for bootstrapping (to construct fully homomorphic encryption).
BibTeX
@article{jofc-2024-35409,
  title={Achievable CCA2 Relaxation for Homomorphic Encryption},
  journal={Journal of Cryptology},
  publisher={Springer},
  volume={38},
  pages={5},
  doi={10.1007/s00145-024-09526-1},
  author={Adi Akavia and Craig Gentry and Shai Halevi and Margarita Vald},
  year=2024
}