Homomorphic encryption from codes

We propose a new homomorphic encryption scheme based on the hardness of decoding under independent random noise from certain affine families of codes. Unlike in previous lattice-based homomorphic encryption schemes, where the message is hidden in the noisy part of the ciphertext, our scheme carries the message in the affine part of the transformation and applies noise only to achieve security. Our scheme can tolerate noise of arbitrary magnitude, as long as the noise vector has sufficiently small hamming weight (and its entries are independent). Our design achieves "proto-homomorphic" properties in an elementary manner: message addition and multiplication are emulated by pointwise addition and multiplication of the ciphertext vectors. Moreover, the extremely simple nature of our decryption makes the scheme easily amenable to bootstrapping. However, some complications are caused by the inherent presence of noticeable encryption error. Our main technical contribution is the development of two new techniques for handling this error in the homomorphic evaluation process. We also provide a definitional framework for homomorphic encryption that may be useful elsewhere

A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes

Bogdanov and Lee suggested a homomorphic public-key encryption scheme based on error correcting codes. The underlying public code is a modified Reed-Solomon code obtained from inserting a zero submatrix in the Vandermonde generating matrix defining it. The columns that define this submatrix are kept secret and form a set $L$. We give here a distinguisher that detects if one or several columns belong to $L$ or not. This distinguisher is obtained by considering the code generated by component-wise products of codewords of the public code (the so called "square code"). This operation is applied to punctured versions of this square code obtained by picking a subset $I$ of the whole set of columns. It turns out that the dimension of the punctured square code is directly related to the cardinality of the intersection of $I$ with $L$. This allows an attack which recovers the full set $L$ and which can then decrypt any ciphertext.Comment: 11 page

A Distinguisher-Based Attack on a Variant of McEliece's Cryptosystem Based on Reed-Solomon Codes

Baldi et \textit{al.} proposed a variant of McEliece's cryptosystem. The main idea is to replace its permutation matrix by adding to it a rank 1 matrix. The motivation for this change is twofold: it would allow the use of codes that were shown to be insecure in the original McEliece's cryptosystem, and it would reduce the key size while keeping the same security against generic decoding attacks. The authors suggest to use generalized Reed-Solomon codes instead of Goppa codes. The public code built with this method is not anymore a generalized Reed-Solomon code. On the other hand, it contains a very large secret generalized Reed-Solomon code. In this paper we present an attack that is built upon a distinguisher which is able to identify elements of this secret code. The distinguisher is constructed by considering the code generated by component-wise products of codewords of the public code (the so-called "square code"). By using square-code dimension considerations, the initial generalized Reed-Solomon code can be recovered which permits to decode any ciphertext. A similar technique has already been successful for mounting an attack against a homomorphic encryption scheme suggested by Bogdanoc et \textit{al.}. This work can be viewed as another illustration of how a distinguisher of Reed-Solomon codes can be used to devise an attack on cryptosystems based on them.Comment: arXiv admin note: substantial text overlap with arXiv:1203.668

A Modified Symmetric Key Fully Homomorphic Encryption Scheme Based on Read-Muller Code

Homomorphic encryption became popular and powerful cryptographic primitive for various cloud computing applications. In the recent decades several developments has been made. Few schemes based on coding theory have been proposed but none of them support unlimited operations with security.   We propose a modified Reed-Muller Code based symmetric key fully homomorphic encryption to improve its security by using message expansion technique. Message expansion with prepended random fixed length string provides one-to-many mapping between message and codeword, thus one-to many mapping between plaintext and ciphertext. The proposed scheme supports both (MOD 2) additive and multiplication operations unlimitedly.   We make an effort to prove the security of the scheme under indistinguishability under chosen-plaintext attack (IND-CPA) through a game-based security proof. The security proof gives a mathematical analysis and its complexity of hardness. Also, it presents security analysis against all the known attacks with respect to the message expansion and homomorphic operations

Somewhat Homomorphic Encryption based on Random Codes

We present a secret-key encryption scheme based on random rank metric ideal linear codes with a simple decryption circuit. It supports unlimited homomorphic additions and plaintext absorptions as well as a fixed arbitrary number of homomorphic multiplications. We study a candidate bootstrapping algorithm that requires no multiplication but additions and plaintext absorptions only. This latter operation is therefore very efficient in our scheme, whereas bootstrapping is usually the main reason which penalizes the performance of other fully homomorphic encryption schemes. However, the security reduction of our scheme restricts the number of independent ciphertexts that can be published. In particular, this prevents to securely evaluate the bootstrapping algorithm as the number of ciphertexts in the key switching material is too large. Our scheme is nonetheless the first somewhat homomorphic encryption scheme based on random ideal codes and a first step towards full homomorphism. Random ideal codes give stronger security guarantees as opposed to existing constructions based on highly structured codes. We give concrete parameters for our scheme that shows that it achieves competitive sizes and performance, with a key size of 3.7 kB and a ciphertext size of 0.9 kB when a single multiplication is allowed

More Than Error Correction: Cryptography from Codes

The first code-based cryptosystem, McEliece, was invented in the very early development of public-key cryptography, yet code-based cryptosystems received little attention for decades due to their relatively large key-sizes. But recently they are re-discovered for their potentials to provide efficient post-quantum cryptographic tools and homomorphic encryption schemes, and the development of large storage and fast Internet have made these schemes closer to practice than ever. Through our review of the revolution of code-based cryptography, we will demonstrate the usage of codes in cryptographic applicaitons. We will follow the path of the development, from the design, analysis, and implementation of McEliece cryptosystem and the quantum attack resistance to the latest fully homomorphic encryption scheme based on Learning with Errors, a code-related problem, designed by Brakerski et al. We will also cover algebraic manipulation detection codes, a newly proposed extension of error-correcting codes and a lightweight alternative to MACs as an authentication component embedded in security protocols