Paper 2022/1741
Demystifying the comments made on “A Practical Full Key Recovery Attack on TFHE and FHEW by Inducing Decryption Errors”
Abstract
Fully Homomorphic Encryption (FHE) allows computations on encrypted data without the need for decryption. Therefore, in the world of cloud computing, FHE provides an essential means for users to garner different computational services from potentially untrusted servers while keeping sensitive data private. In such a context, the security and privacy guarantees of well-known FHE schemes become paramount. In a research article, we (Chaturvedi et al., ePrint 2022/1563) have shown that popular FHE schemes like TFHE and FHEW are vulnerable to CVO (Ciphertext Verification Oracle) attacks, which belong to the family of “reaction attacks” [6]. We show, for the first time, that feedback from the client (user) can be craftily used by the server to extract the error (noise) associated with each computed ciphertext. Once the errors for some m ciphertext (m > n, where n = key size) are retrieved, the original secret key can be trivially leaked using the standard Gaussian Elimination method. The results in the paper (Chaturvedi et al., ePrint 2022/1563) show that FHE schemes should be subjected to further security evaluations, specifically in the context of system-wide implementation, such that CVO-based attacks can be eliminated. Quite recently, Michael Walter published a document (ePrint 2022/1722), claiming that the timing channel we used in our work (Chaturvedi et al., ePrint 2022/1563) “are false”. In this document, we debunk this claim and explain how we use the timing channel to improve the CVO attack. We explain that the CVO-based attack technique we proposed in the paper (Chaturvedi et al., ePrint 2022/1563) is a result of careful selection of perturbation values and the first work in literature that showed reaction based attacks are possible in the context of present FHE schemes in a realistic cloud setting. We further argue that for an attacker, any additional information that can aid a particular attack shall be considered as leakage and must be dealt with due importance to stymie the attack.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- FHE TFHE FHEW CVO attack
- Contact author(s)
-
bhuvneshchaturvedi2512 @ gmail com
ch anirban00727 @ gmail com
cayantika @ gmail com
debdeep mukhopadhyay @ gmail com - History
- 2022-12-25: approved
- 2022-12-19: received
- See all versions
- Short URL
- https://ia.cr/2022/1741
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1741, author = {Bhuvnesh Chaturvedi and Anirban Chakraborty and Ayantika Chatterjee and Debdeep Mukhopadhyay}, title = {Demystifying the comments made on “A Practical Full Key Recovery Attack on {TFHE} and {FHEW} by Inducing Decryption Errors”}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1741}, year = {2022}, url = {https://eprint.iacr.org/2022/1741} }