Paper 2025/045

IND-CPAC: A New Security Notion for Conditional Decryption in Fully Homomorphic Encryption

Bhuvnesh Chaturvedi, Indian Institute of Technology Kharagpur, India
Anirban Chakraborty, Max Planck Institute for Security and Privacy, Germany
Nimish Mishra, Indian Institute of Technology Kharagpur, India
Ayantika Chatterjee, Indian Institute of Technology Kharagpur, India
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur, India
Abstract

Fully Homomorphic Encryption (FHE) allows a server to perform computations directly over the encrypted data. In general FHE protocols, the client is tasked with decrypting the computation result using its secret key. However, certain FHE applications benefit from the server knowing this result, especially without the aid of the client. Providing the server with the secret key allows it to decrypt all the data, including the client's private input. Protocols such as Goldwasser et. al. (STOC'13) have shown that it is possible to provide the server with the capability of conditional decryption that allows it to decrypt the result of some pre-defined computation and nothing else. While beneficial to an honest-but-curious server to aid in providing better services, a malicious server may utilize this added advantage to perform active attacks on the overall FHE application to leak secret information. Existing security notions fail to capture this scenario since they assume that only the client has the ability to decrypt FHE ciphertexts. Therefore, in this paper, we propose a new security notion named IND-CPA, that provides the adversary with access to a conditional decryption oracle. We then show that none of the practical exact FHE schemes are secure under this notion by demonstrating a generic attack that utilizes this restricted decryption capability to recover the underlying errors in the FHE ciphertexts. Given the security guarantee of the underlying (R)LWE hardness problem collapses with the leakage of these error values, we show a full key recovery attack. Finally, we propose a technique to convert any IND-CPA secure FHE scheme into an IND-CPA secure FHE scheme. Our technique utilizes Succinct Non-Interactive Argument of Knowledge, where the server is forced to generate a proof of an honest computation of the requested function along with the computation result. During decryption, the proof is verified, and the decryption proceeds only if the verification holds. Both the verification and decryption steps run inside a Garbled Circuit and thus are not observable or controllable by the server.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
FHEConditional DecryptionSNARKs
Contact author(s)
bhuvneshchaturvedi2512 @ kgpian iitkgp ac in
anirban chakraborty @ mpi-sp org
nimish mishra @ kgpian iitkgp ac in
ayantika @ atdc iitkgp ac in
debdeep @ cse iitkgp ac in
History
2025-01-13: approved
2025-01-12: received
See all versions
Short URL
https://ia.cr/2025/045
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/045,
      author = {Bhuvnesh Chaturvedi and Anirban Chakraborty and Nimish Mishra and Ayantika Chatterjee and Debdeep Mukhopadhyay},
      title = {{IND}-{CPA}$^{\text{C}}$: A New Security Notion for Conditional Decryption in Fully Homomorphic Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/045},
      year = {2025},
      url = {https://eprint.iacr.org/2025/045}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.