Adaptive Key Recovery Attacks on NTRU-Based Somewhat Homomorphic Encryption Schemes
نویسندگان
چکیده
In this paper we present adaptive key recovery attacks on NTRU-based somewhat homomorphic encryption schemes. Among such schemes, we study the proposal by Bos et al [BLLN13] in 2013. Given access to a decryption oracle, the attack allows us to compute the private key for all parameter choices. Such attacks show that one must be very careful about the use of homomorphic encryption in practice. The existence of a key recovery attack means that the scheme is not CCA1-secure. Indeed, almost every somewhat homomorphic construction proposed till now in the literature is vulnerable to an attack of this type. Hence our result adds to a body of literature that shows that building CCA1-secure homomorphic schemes is not trivial.
منابع مشابه
Key Recovery Attacks Against NTRU-Based Somewhat Homomorphic Encryption Schemes
A key recovery attack allows an attacker to recover the private key of an underlying encryption scheme when given a number of decryption oracle accesses. Previous research has shown that most existing Somewhat Homomorphic Encryption (SHE) schemes suffer from this attack. In this paper, we propose efficient key recovery attacks against two NTRU-based SHE schemes, which have not gained much atten...
متن کاملA key recovery attack to the scale-invariant NTRU-based somewhat homomorphic encryption scheme
In this paper we present a key recovery attack to the scale-invariant NTRU-based somewhat homomorphic encryption scheme proposed by Bos et al [BLLN13] in 2013. The attack allows us to compute the private key for t > 2 and when the private key is chosen with coefficients in {−1, 0, 1}. The efficiency of the attack is optimal since it requires just one decryption oracle query, showing that if we ...
متن کاملOn Key Recovery Attacks Against Existing Somewhat Homomorphic Encryption Schemes
In his seminal paper at STOC 2009, Gentry left it as a future work to investigate (somewhat) homomorphic encryption schemes with IND-CCA1 security. At SAC 2011, Loftus et al. showed an IND-CCA1 attack against the somewhat homomorphic encryption scheme presented by Gentry and Halevi at Eurocrypt 2011. At ISPEC 2012, Zhang, Plantard and Susilo showed an IND-CCA1 attack against the somewhat homomo...
متن کاملOn CCA-Secure Somewhat Homomorphic Encryption
It is well known that any encryption scheme which supports any form of homomorphic operation cannot be secure against adaptive chosen ciphertext attacks. The question then arises as to what is the most stringent security definition which is achievable by homomorphic encryption schemes. Prior work has shown that various schemes which support a single homomorphic encryption scheme can be shown to...
متن کاملComparison between Subfield and Straightforward Attacks on NTRU
Recently in two independent papers, Albrecht, Bai and Ducas and Cheon, Jeong and Lee presented two very similar attacks, that allow to break NTRU with larger parameters and GGH Multinear Map without zero encodings. They proposed an algorithm for recovering the NTRU secret key given the public key which apply for large NTRU modulus, in particular to Fully Homomorphic Encryption schemes based on ...
متن کامل