Paper 2016/164

Sanitization of FHE Ciphertexts

Léo Ducas and Damien Stehle


By definition, fully homomorphic encryption (FHE) schemes support homomorphic decryption, and all known FHE constructions are bootstrapped from a Somewhat Homomorphic Encryption (SHE) scheme via this technique. Additionally, when a public key is provided, ciphertexts are also re-randomizable, e.g., by adding to them fresh encryptions of 0. From those two operations we devise an algorithm to sanitize a ciphertext, by making its distribution canonical. In particular, the distribution of the ciphertext does not depend on the circuit that led to it via homomorphic evaluation, thus providing circuit privacy in the honest-but-curious model. Unlike the previous approach based on noise flooding, our approach does not degrade much the security/efficiency trade-off of the underlying FHE. The technique can be applied to all lattice-based FHE proposed so far, without substantially affecting their concrete parameters.

Available format(s)
Public-key cryptography
Publication info
Published by the IACR in EUROCRYPT 2016
Contact author(s)
damien stehle @ gmail com
2016-02-19: received
Short URL
Creative Commons Attribution


      author = {Léo Ducas and Damien Stehle},
      title = {Sanitization of FHE Ciphertexts},
      howpublished = {Cryptology ePrint Archive, Paper 2016/164},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.