Attack on Fully Homomorphic Encryption over the Integers

This paper presents a heuristic attack on the fully homomorphic encryption over the integers by using lattice reduction algorithm. Our result shows that the FHE in [DGHV10] is not secure for some parameter settings. We also present an improvement scheme to avoid the lattice attack in this paper.Comment: 24 page

Cryptanalysis of the Smart-Vercauteren and Gentry-Halevi’s Fully Homomorphic Encryption

For the fully homomorphic encryption schemes in [SV10, GH11], this paper presents attacks to solve equivalent secret key and directly recover plaintext from ciphertext for lattice dimensions n=2048 by using lattice reduction algorithm. According to the average-case behavior of LLL in [NS06], their schemes are also not secure for n=8192

Integer Version of Ring-LWE and its Applications

In this work, we describe an integer version of ring-LWE over the polynomial rings and prove that its hardness is equivalent to one of the polynomial ring-LWE. Moreover, we also present a public key cryptosystem using this variant of the polynomial ring-LWE

Fully Homomorphic Encryption, Approximate Lattice Problem and LWE

In this paper, we first introduce a new concept of approximate lattice problem (ALP), which is an extension of learning with errors (LWE). Next, we propose two ALP-based public key encryption schemes. Then, we construct two new fully homomorphic encryption scheme (FHE) based on respectively approximate principal ideal lattice problem with related modulus (APIP-RM) and approximate lattice problem with related modulus (ALP-RM). Moreover, we also extend our ALP-RM-based FHE to the ALP problem with unrelated modulus (ALP-UM). Our work is different from previous works in three aspects: (1)We extend the LWE problem to the ALP problem. This ALP problem is similar to the closest vector problem in lattice. We believe that this problem is independent of interest. (2)We construct a new FHE by using a re-randomizing method, which is different from the squashing decryption in previous works. (3)The expansion rate is merely O(k) with k a security parameter in Our FHE, which can be improved to O(logk) by using dimension reduction [BV11], whereas all previous schemes are at least O(k*logk) [BV11, Gen11, LNV11]. Our method can also decrease a factor k of the expansion rate in their schemes

Ideal Multilinear Maps Based on Ideal Lattices

Cryptographic multilinear maps have many applications, such as multipartite key exchange and software obfuscation. However, the encodings of three current constructions are noisy and their multilinearity levels are fixed and bounded in advance. In this paper, we describe a candidate construction of ideal multilinear maps by using ideal lattices, which supports arbitrary multilinearity levels. The security of our construction depends on new hardness assumptions

Cryptanalysis of Simple Matrix Scheme for Encryption

Recently, Tao et al. presented a new simple and efficient multivariate pubic key encryption scheme based on matrix multiplica- tion, which is called Simple Matrix Scheme or ABC. Using linearization method, we propose a polynomial time algorithm, which directly solves an equivalent private key from the public key of ABC. Furthermore, our attack can also be applied to the variants of ABC since these variants have the same algebraic structure as the ABC scheme. Therefore, the ABC cryptosystem and its variants are insecure

Multilinear Maps Using Ideal Lattices without Encodings of Zero

Garg, Gentry and Halevi (GGH) described the first candidate multilinear maps using ideal lattices. However, Hu and Jia recently presented an efficient attack for two applications based on the GGH map, multipartite Diffie-Hellman key exchange and an instance of witness encryption using 3-exact cover problem. In this paper, we describe a modification construction of multilinear maps from ideal lattices without encodings of zero by introducing random matrices to avoid the zeroing attack problem. The security of our construction depends upon new hardness assumption, which is seemingly closely related to hardness problems of lattices. Furthermore, we present multipartite Diffie-Hellman key exchange protocol using our construction, and an instance of witness encryption using 3-exact cover problem based on a variant of our construction

Variation of GGH15 Multilinear Maps

Recently, Coron presented an attack of GGH15 multilinear maps, which breaks the multipartite Diffie-Hellman key exchange protocol based on GGH15. In this paper, we describe a variation of GGH15, which seems to thwart known attacks

Multilinear maps via secret ring

Garg, Gentry and Halevi (GGH13) described the first candidate multilinear maps using ideal lattices. However, Hu and Jia recently presented an efficient attack on the GGH13 map, which breaks the multipartite key exchange (MPKE) and witness encryption (WE) based on GGH13. In this work, we describe a new variant of GGH13 using secret ring, which preserves the origin functionality of GGH13. The security of our variant depends upon the following new hardness problem. Given the determinant of the circular matrix of some element in a secret ring, the problem is to find this secret ring and reconstruct this element

New Fully Homomorphic Encryption over the Integers

We first present a fully homomorphic encryption scheme over the integers, which modifies the fully homomorphic encryption scheme in [vDGHV10]. The security of our scheme is merely based on the hardness of finding an approximate-GCD problem over the integers, which is given a list of integers perturbed by the small error noises, removing the assumption of the sparse subset sum problem in the origin scheme [vDGHV10]. Then, we construct a new fully homomorphic encryption scheme, which extends the above scheme from approximate GCD over the ring of integers to approximate principal ideal lattice over the polynomial integer ring. The security of our scheme depends on the hardness of the decisional approximate principle ideal lattice polynomial (APIP), given a list of approximate multiples of a principal ideal lattice. At the same time, we also provide APIP-based fully homomorphic encryption by introducing the sparse subset sum problem. Finally, we design a new fully homomorphic encryption scheme, whose security is based on the hardness assumption of approximate lattice problem and the decisional SSSP