[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2024/127

Attacks Against the INDCPA-D Security of Exact FHE Schemes

Jung Hee Cheon, CryptoLab Inc., Seoul National University
Hyeongmin Choe, Seoul National University
Alain Passelègue, CryptoLab Inc.
Damien Stehlé, CryptoLab Inc.
Elias Suvanto, CryptoLab Inc., University of Luxembourg
Abstract

A recent security model for fully homomorphic encryption (FHE), called IND-CPA^D security and introduced by Li and Micciancio [Eurocrypt'21], strengthens IND-CPA security by giving the attacker access to a decryption oracle for ciphertexts for which it should know the underlying plaintexts. This includes ciphertexts that it (honestly) encrypted and those obtained from the latter by evaluating circuits that it chose. Li and Micciancio singled out the CKKS FHE scheme for approximate data [Asiacrypt'17] by giving an IND-CPA^D attack on it and claiming that IND-CPA security and IND-CPA^D security coincide for exact FHE schemes. We correct the widespread belief according to which IND-CPA^D attacks are specific to approximate homomorphic computations. Indeed, the equivalency formally proved by Li and Micciancio assumes that the schemes have a negligible probability of incorrect decryption. However, almost all competitive implementations of exact FHE schemes give away strong correctness by analyzing correctness heuristically and allowing noticeable probabilities of incorrect decryption. We exploit this imperfect correctness to mount efficient non-adaptive indistinguishability and key-recovery attacks against all major exact FHE schemes. We illustrate their strength by implementing them for BFV using OpenFHE and simulating an attack for the default parameter set of the CGGI implementation of TFHE-rs (the attack experiment is too expensive to be run on commodity desktops, because of the cost of CGGI bootstrapping). Our attacks extend to CKKS for discrete data, and threshold versions of the exact FHE schemes, when the correctness is similarly loose.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. ACM CCS 2024
Keywords
Fully Homomorphic EncryptionIND-CPA^D Security
Contact author(s)
damien stehle @ cryptolab co kr
History
2024-08-02: last of 4 revisions
2024-01-29: received
See all versions
Short URL
https://ia.cr/2024/127
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/127,
      author = {Jung Hee Cheon and Hyeongmin Choe and Alain Passelègue and Damien Stehlé and Elias Suvanto},
      title = {Attacks Against the {INDCPA}-D Security of Exact {FHE} Schemes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/127},
      year = {2024},
      url = {https://eprint.iacr.org/2024/127}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.