Paper 2024/1858
(In)Security of Threshold Fully Homomorphic Encryption based on Shamir Secret Sharing
Abstract
Boneh et al. (CRYPTO'18) proposed two $t$-out-of-$N$ threshold fully homomorphic encryption ($\sf TFHE$) schemes based on Shamir secret sharing scheme and $\{0,1\}$-linear secret sharing scheme. They demonstrated the simulation security, ensuring no information leakage during partial or final decryption. This breakthrough allows any scheme to be converted into a threshold scheme by using $\sf TFHE$. We propose two polynomial time algorithms to break the simulation security of $t$-out-of-$N$ $\sf TFHE$ based on Shamir secret sharing scheme proposed by Boneh et al.. First, we show that an adversary can break the simulation security by recovering the secret key under some constraints on $t$ and $N$, which does not violate the conditions for security proof. Next, we introduce a straightforward fix that theoretically satisfies the simulation security. However, we argue that this modification remains insecure insecure when implemented with any state-of-the-art fully homomorphic encryption libraries in practice. To ensure robustness against our subsequent attacks, we recommend using an error-refreshing algorithm, such as bootstrapping or modulus switching, for each addition operation.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Threshold Fully Homomorphic EncryptionShamir secret sharing schemeCryptanalysis
- Contact author(s)
-
wony0404 @ snu ac kr
jiseungkim @ jbnu ac kr
changminlee @ kias re kr - History
- 2024-11-15: approved
- 2024-11-14: received
- See all versions
- Short URL
- https://ia.cr/2024/1858
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1858,
author = {Wonhee Cho and Jiseung Kim and Changmin Lee},
title = {(In)Security of Threshold Fully Homomorphic Encryption based on Shamir Secret Sharing},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1858},
year = {2024},
url = {https://eprint.iacr.org/2024/1858}
}
