On the practical CPAD security of “exact” and threshold FHE schemes and libraries

In their 2021 seminal paper, Li and Micciancio presented a passive attack against the CKKS approximate FHE scheme and introduced the notion of CPAD security. The current status quo is that this line of attacks does not apply to ``exact\u27\u27 FHE. In this paper, we challenge this status quo by exhibiting a CPAD key recovery attack on the linearly homomorphic Regev cryptosystem which easily generalizes to other xHE schemes such as BFV, BGV and TFHE showing that these cryptosystems are not CPAD secure in their basic form. We also show that existing threshold variants of BFV, BGV and CKKS are particularily exposed to CPAD attackers and would be CPAD-insecure without smudging noise addition after partial decryption. Finally we successfully implement our attack against several mainstream FHE libraries and discuss a number of natural countermeasures as well as their consequences in terms of FHE practice, security and efficiency. The attack itself is quite practical as it typically takes less than an hour on an average laptop PC, requiring a few thousand ciphertexts as well as up to around a million evaluations/decryptions, to perform a full key recovery

Lightweight FHE-based protocols achieving results consistency for data encrypted under different keys

International audienceOver the last few years, the improved performances of FHE has paved the way for new multi-user approaches which go beyond performing encrypted-domain calculation for a single user. In this context, this paper proposes several simplified multi-user setups resulting in new FHE-based building blocks and protocols. By $simplified$ $multi$-$user$ setting we mean that, in order to process a user request, the FHE server is able to select only data encrypted under the proper key in an oblivious way. In doing so, information like the distribution of data per user remains private without losing the consistency of the obtained homomorphic results. We conclude the paper with experiments illustrating that these simplified setups, although not universally applicable, can lead to practical performances for moderate-size databases

Combining homomorphic encryption and differential privacy in federated learning

International audienceRecent works have investigated the relevance and practicality of using techniques such as Differential Privacy (DP) or Homomorphic Encryption (HE) to strengthen training data privacy in the context of Federated Learning protocols. As these two techniques cover different sources of confidentiality threats (other clients/end-users for the former, aggregation server for the latter), there is a need to consistently combine them in order to bridge the gap towards more realistic deployment scenarios. In this paper, we achieve that goal by means of a novel stochastic quantization operator which allows us to establish DP guarantees when the noise is both quantized and bounded due to the use of HE. The paper is concluded by experiments on the FEMNIST dataset which show that the precision required to get state-of-the art privacy/utility trade-off (which directly impacts HE parameters and, hence, HE operations performances) results in a computation time overhead between 0.2% and 1.1% imputable to HE (depending on the key setup, either single key or threshold), for the whole training of a 500k parameters model and state-of-the-art privacy/utility trade-off