8 research outputs found
Homomorphic encryption from codes
We propose a new homomorphic encryption scheme based on the hardness of
decoding under independent random noise from certain affine families of codes.
Unlike in previous lattice-based homomorphic encryption schemes, where the
message is hidden in the noisy part of the ciphertext, our scheme carries the
message in the affine part of the transformation and applies noise only to
achieve security. Our scheme can tolerate noise of arbitrary magnitude, as long
as the noise vector has sufficiently small hamming weight (and its entries are
independent).
Our design achieves "proto-homomorphic" properties in an elementary manner:
message addition and multiplication are emulated by pointwise addition and
multiplication of the ciphertext vectors. Moreover, the extremely simple nature
of our decryption makes the scheme easily amenable to bootstrapping. However,
some complications are caused by the inherent presence of noticeable encryption
error. Our main technical contribution is the development of two new techniques
for handling this error in the homomorphic evaluation process.
We also provide a definitional framework for homomorphic encryption that may
be useful elsewhere
A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes
Bogdanov and Lee suggested a homomorphic public-key encryption scheme based
on error correcting codes. The underlying public code is a modified
Reed-Solomon code obtained from inserting a zero submatrix in the Vandermonde
generating matrix defining it. The columns that define this submatrix are kept
secret and form a set . We give here a distinguisher that detects if one or
several columns belong to or not. This distinguisher is obtained by
considering the code generated by component-wise products of codewords of the
public code (the so called "square code"). This operation is applied to
punctured versions of this square code obtained by picking a subset
of the whole set of columns. It turns out that the dimension of the
punctured square code is directly related to the cardinality of the
intersection of with . This allows an attack which recovers the full set
and which can then decrypt any ciphertext.Comment: 11 page
A Distinguisher-Based Attack on a Variant of McEliece's Cryptosystem Based on Reed-Solomon Codes
Baldi et \textit{al.} proposed a variant of McEliece's cryptosystem. The main
idea is to replace its permutation matrix by adding to it a rank 1 matrix. The
motivation for this change is twofold: it would allow the use of codes that
were shown to be insecure in the original McEliece's cryptosystem, and it would
reduce the key size while keeping the same security against generic decoding
attacks. The authors suggest to use generalized Reed-Solomon codes instead of
Goppa codes. The public code built with this method is not anymore a
generalized Reed-Solomon code. On the other hand, it contains a very large
secret generalized Reed-Solomon code. In this paper we present an attack that
is built upon a distinguisher which is able to identify elements of this secret
code. The distinguisher is constructed by considering the code generated by
component-wise products of codewords of the public code (the so-called "square
code"). By using square-code dimension considerations, the initial generalized
Reed-Solomon code can be recovered which permits to decode any ciphertext. A
similar technique has already been successful for mounting an attack against a
homomorphic encryption scheme suggested by Bogdanoc et \textit{al.}. This work
can be viewed as another illustration of how a distinguisher of Reed-Solomon
codes can be used to devise an attack on cryptosystems based on them.Comment: arXiv admin note: substantial text overlap with arXiv:1203.668
A Modified Symmetric Key Fully Homomorphic Encryption Scheme Based on Read-Muller Code
Homomorphic encryption became popular and powerful cryptographic primitive for various cloud computing applications. In the recent decades several developments has been made. Few schemes based on coding theory have been proposed but none of them support unlimited operations with security. We propose a modified Reed-Muller Code based symmetric key fully homomorphic encryption to improve its security by using message expansion technique. Message expansion with prepended random fixed length string provides one-to-many mapping between message and codeword, thus one-to many mapping between plaintext and ciphertext. The proposed scheme supports both (MOD 2) additive and multiplication operations unlimitedly. We make an effort to prove the security of the scheme under indistinguishability under chosen-plaintext attack (IND-CPA) through a game-based security proof. The security proof gives a mathematical analysis and its complexity of hardness. Also, it presents security analysis against all the known attacks with respect to the message expansion and homomorphic operations
Somewhat Homomorphic Encryption based on Random Codes
We present a secret-key encryption scheme based on random rank metric ideal linear codes with a simple decryption circuit. It supports unlimited homomorphic additions and plaintext absorptions as well as a fixed arbitrary number of homomorphic multiplications.
We study a candidate bootstrapping algorithm that requires no multiplication but additions and plaintext absorptions only. This latter operation is therefore very efficient in our scheme, whereas bootstrapping is usually the main reason which penalizes the performance of other fully homomorphic encryption schemes. However, the security reduction of our scheme restricts the number of independent ciphertexts that can be published. In particular, this prevents to securely evaluate the bootstrapping algorithm as the number of ciphertexts in the key switching material is too large.
Our scheme is nonetheless the first somewhat homomorphic encryption scheme based on random ideal codes and a first step towards full homomorphism. Random ideal codes give stronger security guarantees as opposed to existing constructions based on highly structured codes.
We give concrete parameters for our scheme that shows that it achieves competitive sizes and performance, with a key size of 3.7 kB and a ciphertext size of 0.9 kB when a single multiplication is allowed
More Than Error Correction: Cryptography from Codes
The first code-based cryptosystem, McEliece, was invented in the very early development of public-key cryptography, yet code-based cryptosystems received little attention for decades due to their relatively large key-sizes. But recently they are re-discovered for their potentials to provide efficient post-quantum cryptographic tools and homomorphic encryption schemes, and the development of large storage and fast Internet have made these schemes closer to practice than ever.
Through our review of the revolution of code-based cryptography, we will demonstrate the usage of codes in cryptographic applicaitons. We will follow the path of the development, from the design, analysis, and implementation of McEliece cryptosystem and the quantum attack resistance to the latest fully homomorphic encryption scheme based on Learning with Errors, a code-related problem, designed by Brakerski et al. We will also cover algebraic manipulation detection codes, a newly proposed extension of error-correcting codes and a lightweight alternative to MACs as an authentication component embedded in security protocols