## Cryptology ePrint Archive: Report 2013/307

Maliciously Circuit-private FHE

Abstract: We present a framework for constructing compact FHE (fully homomorphic encryption) which is circuit-private in the malicious setting. That is, even if both maliciously formed public key and cyphertext are used, encrypted outputs only reveal the evaluation of the circuit on some well-formed input $x^*$. Previous literature on FHE only considered semi-honset circuit privacy. Circuit-private FHE schemes have direct applications to computing on encrypted data. In that setting, one party (a receiver) holding an input $x$ wishes to learn the evaluation of a circuit $C$ held by another party (a sender). The goal is to make receiver's work sublinear (and ideally independent) of $\mathcal{C}$, using a 2-message protocol. Maliciously circuit-private FHE immediately gives rise to such a protocol which is secure against malicious receivers.