Paper 2024/1718
Drifting Towards Better Error Probabilities in Fully Homomorphic Encryption Schemes
, Zama, Zama, Zama, ZamaAbstract
There are two security notions for FHE schemes the traditional notion of IND-CPA, and a more stringent notion of IND-CPA$^D$. The notions are equivalent if the FHE schemes are perfectly correct, however for schemes with negligible failure probability the FHE parameters needed to obtain IND-CPA$^D$ security can be much larger than those needed to obtain IND-CPA security. This paper uses the notion of ciphertext drift in order to understand the practical difference between IND-CPA and IND-CPA$^D$ security in schemes such as FHEW, TFHE and FINAL. This notion allows us to define a modulus switching operation (the main culprit for the difference in parameters) such that one does not require adapting IND-CPA cryptographic parameters to meet the IND-CPA$^D$ security level. Further, the extra cost incurred by the new techniques has no noticeable performance impact in practical applications. The paper also formally defines a stronger version for IND-CPA$^D$ security called sIND-CPA$^D$, which is proved to be strictly separated from the IND-CPA$^D$ notion. Criterion for turning an IND-CPA$^D$ secure public-key encryption into an sIND-CPA$^D$ one is also provided.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- Fully homomorphic encryptionIND-CPAD securityModulus switchingCiphertext driftNoise analysisImplementation
- Contact author(s)
- marc @ zama ai
- History
- 2024-10-21: approved
- 2024-10-21: received
- See all versions
- Short URL
- https://ia.cr/2024/1718
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1718,
author = {Olivier Bernard and Marc Joye and Nigel P. Smart and Michael Walter},
title = {Drifting Towards Better Error Probabilities in Fully Homomorphic Encryption Schemes},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1718},
year = {2024},
url = {https://eprint.iacr.org/2024/1718}
}
