Paper 2021/722

Chosen Ciphertext Secure Keyed Two-Level Homomorphic Encryption

Yusaku Maeda
Koji Nuida

Homomorphic encryption (HE) is a useful variant of public key encryption (PKE), but it has a drawback that HE cannot fully achieve IND-CCA2 security, which is a standard security notion for PKE. Beyond existing HE schemes achieving weaker IND-CCA1 security, Emura et al.\ (PKC 2013) proposed the notion of \lq\lq keyed\rq\rq{} version of HE, called KH-PKE, which introduces an evaluation key controlling the functionality of homomorphic operations and achieves security stronger than IND-CCA1 and as close to IND-CCA2 as possible. After Emura et al.'s scheme which can evaluate linear polynomials only, Lai et al.\ (PKC 2016) proposed a fully homomorphic KH-PKE, but it requires indistinguishability obfuscation and hence has a drawback in practical feasibility. In this paper, we propose a \lq\lq two-level\rq\rq{} KH-PKE scheme for evaluating degree-two polynomials, by cleverly combining Emura et al.'s generic framework with a recent efficient two-level HE by Attrapadung et al.\ (ASIACCS 2018). Our scheme is the first KH-PKE that can handle non-linear polynomials while keeping practical efficiency.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. ACISP 2022
public key encryption keyed homomorphic encryption hash proof system
Contact author(s)
yusaku maeda1996 @ gmail com
nuida @ imi kyushu-u ac jp
2022-12-18: revised
2021-05-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yusaku Maeda and Koji Nuida},
      title = {Chosen Ciphertext Secure Keyed Two-Level Homomorphic Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2021/722},
      year = {2021},
      doi = {10.1007/978-3-031-22301-3_11},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.