CCA1 secure FHE from PIO, revisited

Xueqing Wang,Rui Xue,Biao Wang

doi:10.1186/s42400-018-0013-8

Xueqing Wang, Rui Xue + Show 1 more

Open Access

https://doi.org/10.1186/s42400-018-0013-8

Copy DOI

Abstract

Fully data using only public information. So far, most FHE schemes are CPA secure. In PKC 2017, Canetti et al. extended the generic transformation of Boneh, Canetti, Halevi and Katz to turn any multi-key identity-based FHE scheme into a CCA1-secure FHE scheme. Their main construction of multi-key identity-based FHE is from probabilistic indistinguishability obfuscation (PIO) and statistical trapdoor encryption.We show that the above multi-key identity-based FHE is not secure by giving an attack. Then we give a solution to avoid the attack and redesign a more succinct and efficient multi-key identity-based FHE scheme. Compared with the scheme of Canetti et al., ours has smaller secret key of one identity and more efficient homomorphic operations. Thus we obtain a more efficient CCA1 secure FHE scheme.

Highlights

Homomorphic encryption (FHE) is one of the holy grails of modern cryptography
The basic security property considered for Fully homomorphic encryption (FHE) is security against chosen plaintext attacks (CPA), where it is required that an adversary that has access to the public parameters cannot distinguish between ciphertexts that encrypt two plaintexts chosen by the adversary
Based on this new primitive, IND-sID-CPA-secure convertible identity-based fully homomorphic encryption (IBFHE), Wang et al Cybersecurity (2018) 1:11 and strongly EUF-CMA-secure signature, they proposed a generic paradigm of constructing CCA-secure keyedFHE by modifying CHK transformation (Canetti et al 2004) slightly

Summary

Introduction

Homomorphic encryption (FHE) is one of the holy grails of modern cryptography. For short, a FHE scheme is an encryption scheme that allows anyone to perform arbitrary computations on encrypted data using only public information. Related work In PKC 2016, Lai et al (2016) first introduced a new primitive called convertible identity-based fully homomorphic encryption (IBFHE), which is an IBFHE with an additional transformation functionality Based on this new primitive, IND-sID-CPA-secure convertible IBFHE, Wang et al Cybersecurity (2018) 1:11 and strongly EUF-CMA-secure signature, they proposed a generic paradigm of constructing CCA-secure keyedFHE (a CCA-secure keyed-FHE scheme should provide CCA security when the evaluation key is unavailable to the adversary and remain CPA-secure when the evaluation key is exposed) by modifying CHK transformation (Canetti et al 2004) slightly. A CCA1-secure FHE scheme is a tuple of polynomial time algorithms (Gen, Enc, Dec, Eval), defined as follows, which satisfy the correctness, compactness and security properties below. A multi-key identity-based fully homomorphic encryption scheme is a tuple of polynomial time algorithms (Setup, KeyGen, Enc, Dec, Eval), defined as follows, which satisfy the correctness and security properties below. C draws id∗ ← ID and (mpk, msk) ← Setup 1λ , sends mpk to A

A makes queries to an oracle O defined by

Conclusion