On the security of fully homomorphic encryption for data privacy in Internet of Things

Abstract

SummaryTo achieve data privacy in Internet of Things (IoT), fully homomorphic encryption (FHE) technique is used to encrypt the data while allowing others to compute on the encrypted data. However, there are many well‐known problems with FHE such as chosen‐ciphertext attack security and circuit privacy problem. In this article, we demonstrate that a famous FHE application named Brakerski/Fan–Vercauteren scheme, a circuit privacy application based on fast private set intersection, and an encoding application that encodes integer or floating point numbers based on Microsoft Simple Encryption Arithmetic Library homomorphic encryption library, are insecure against chosen ciphertext attacks due to insecurity of the underlying fully homomorphic schemes. These results show that using cryptographic primitives even with security proofs causes serious security vulnerabilities on the applications themselves. The results also give evidences that the security of adopted cryptographic primitives in IoT should be proved in appropriate formal security models as well as proof of the scheme itself.