Lattice Attacks on the DGHV Homomorphic Encryption Scheme
نویسندگان
چکیده
In 2010, van Dijk, Gentry, Halevi, and Vaikuntanathan described the first fully homomorphic encryption over the integers, called DGHV. The scheme is based on a set of m public integers ci = pqi + ri, i = 1, · · · ,m, where the integers p, qi and ri are secret. In this paper, we describe two lattice-based attacks on DGHV. The first attack is applicable when r1 = 0 and the public integers ci satisfy a linear equation a2c2 + . . .+amcm = a1q1 for suitably small integers ai, i = 2, . . . ,m. The second attack works when the positive integers qi satisfy a linear equation a1q1 + . . . + amqm = 0 for suitably small integers ai, i = 1, . . . ,m. We further apply our methods for the DGHV recommended parameters as specified in the original work of van Dijk, Gentry, Halevi, and Vaikuntanathan.
منابع مشابه
CRT-based fully homomorphic encryption over the integers
In 1978, Rivest, Adleman and Dertouzos introduced the basic concept of privacy homomorphism that allows computation on encrypted data without decryption. It was elegant work that precedes the recent development of fully homomorphic encryption schemes although there were found some security flaws, e.g., ring homomorphic schemes are broken by the knownplaintext attacks. In this paper, we revisit ...
متن کاملPublic Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers
We describe a compression technique that reduces the public key size of van Dijk, Gentry, Halevi and Vaikuntanathan’s (DGHV) fully homomorphic scheme over the integers from Õ(λ) to Õ(λ). Our variant remains semantically secure, but in the random oracle model. We obtain an implementation of the full scheme with a 10.1 MB public key instead of 802 MB using similar parameters as in [7]. Additional...
متن کاملImproved Fully Homomorphic Encryption over the Integers with Shorter Public Keys
Fully homomorphic encryption (FHE) is a “holy grail” of cryptography. However, it is not yet adopted in practice because no known scheme is efficient. In this paper, we mainly focus on how to reduce the public key sizes in FHE. Based on Dijk et al.’s FHE scheme (DGHV) and Gentry’s fully homomorhpic technology, we propose two schemes with shorter public keys by encrypting with a combination of t...
متن کاملBatch Fully Homomorphic Encryption over the Integers
We extend the fully homomorphic encryption scheme over the integers of van Dijk et al. (DGHV) into a batch fully homomorphic encryption scheme, i.e. to a scheme that supports encrypting and homomorphically processing a vector of plaintexts as a single ciphertext. We present two variants in which the semantic security is based on different assumptions. The first variant is based on a new decisio...
متن کاملOn CCA-Secure Somewhat Homomorphic Encryption
It is well known that any encryption scheme which supports any form of homomorphic operation cannot be secure against adaptive chosen ciphertext attacks. The question then arises as to what is the most stringent security definition which is achievable by homomorphic encryption schemes. Prior work has shown that various schemes which support a single homomorphic encryption scheme can be shown to...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015