Cryptology ePrint Archive: Report 2014/029

General Impossibility of Group Homomorphic Encryption in the Quantum World

Frederik Armknecht and Tommaso Gagliardoni and Stefan Katzenbeisser and Andreas Peter

Abstract: Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widely-used, more sophisticated primitives, such as CCA2-secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly due to Shor’s algorithm). This leads to the challenge of constructing quantum-resistant group homomorphic cryptosystems.

In this work, we prove the general impossibility of (abelian) group homomorphic encryption in the presence of quantum adversaries, when assuming the IND-CPA security notion as the minimal security requirement. To this end, we prove a new result on the probability of sampling generating sets of finite (sub-)groups if sampling is done with respect to an arbitrary, unknown distribution. Finally, we provide a sufficient condition on homomorphic encryption schemes for our quantum attack to work and discuss its satisfiability in non-group homomorphic cases. The impact of our results on recent fully homomorphic encryption schemes poses itself as an open question.

Category / Keywords: public-key cryptography / Homomorphic Encryption, Semantic Security, Quantum Algorithms, Sampling Group Generators

Original Publication (with minor differences): IACR-PKC-2014

Date: received 10 Jan 2014, last revised 13 Jan 2014

Contact author: tommaso at gagliardoni net

Available format(s): PDF | BibTeX Citation

Version: 20140113:160913 (All versions of this report)

Short URL: ia.cr/2014/029

Discussion forum: Show discussion | Start new discussion