Cryptology ePrint Archive: Report 2014/535

On Key Recovery Attacks against Existing Somewhat Homomorphic Encryption Schemes

Massimo Chenal and Qiang Tang

Abstract: In his seminal paper at STOC 2009, Gentry left it as a future work to investigate (somewhat) homomorphic encryption schemes with IND-CCA1 security. At SAC 2011, Loftus et al. showed an IND-CCA1 attack against the somewhat homomorphic encryption scheme presented by Gentry and Halevi at Eurocrypt 2011. At ISPEC 2012, Zhang, Plantard and Susilo showed an IND-CCA1 attack against the somewhat homomorphic encryption scheme developed by van Dijk et al. at Eurocrypt 2010.

In this paper, we continue this line of research and show that most existing somewhat homomorphic encryption schemes are not IND-CCA1 secure. In fact, we show that these schemes suffer from key recovery attacks (stronger than a typical IND-CCA1 attack), which allow an adversary to recover the private keys through a number of decryption oracle queries. The schemes, that we study in detail, include those by Brakerski and Vaikuntanathan at Crypto 2011 and FOCS 2011, and that by Gentry, Sahai and Waters at Crypto 2013. We also develop a key recovery attack that applies to the somewhat homomorphic encryption scheme by van Dijk et al., and our attack is more efficient and conceptually simpler than the one developed by Zhang et al.. Our key recovery attacks also apply to the scheme by Brakerski, Gentry and Vaikuntanathan at ITCS 2012, and we also describe a key recovery attack for the scheme developed by Brakerski at Crypto 2012.

Category / Keywords: Somewhat Homomorphic Encryption, Key Recovery Attack, IND-CCA1 Security.

Original Publication (with major differences): LATINCRYPT 2014

Date: received 8 Jul 2014, last revised 29 Sep 2014

Contact author: massimo chenal at uni lu

Available format(s): PDF | BibTeX Citation

Version: 20140929:152221 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]