A Note on Ring-LWE Security in the Case of Fully Homomorphic Encryption
نویسندگان
چکیده
Evaluating the practical security of Ring-LWE based cryptography has attracted lots of efforts recently. Indeed, some differences from the standard LWE problem enable new attacks. In this paper we discuss the security of Ring-LWE as found in Fully Homomorphic Encryption (FHE) schemes. These schemes require parameters of very special shapes, that an attacker might use to its advantage. First we present the specificities of this case and recall state-of-the-art attacks, then we derive a new specialpurpose attack. Our experiments show that this attack has unexpected performance and confirm that we need to study the security of special parameters sets carefully.
منابع مشابه
Somewhat Practical Fully Homomorphic Encryption
In this paper we port Brakerski’s fully homomorphic scheme based on the Learning With Errors (LWE) problem to the ring-LWE setting. We introduce two optimised versions of relinearisation that not only result in a smaller relinearisation key, but also faster computations. We provide a detailed, but simple analysis of the various homomorphic operations, such as multiplication, relinearisation and...
متن کاملFaster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds
In this paper, we revisit fully homomorphic encryption (FHE) based on GSW and its ring variants. We notice that the internal product of GSW can be replaced by a simpler external product between a GSW and an LWE ciphertext. We show that the bootstrapping scheme FHEW of Ducas and Micciancio [14] can be expressed only in terms of this external product. As a result, we obtain a speed up from less t...
متن کاملFully Homomorphic Encryption over the Integers Revisited
Two main computational problems serve as security foundations of current fully homomorphic encryption schemes: Regev’s Learning With Errors problem (LWE) and HowgraveGraham’s Approximate Greatest Common Divisor problem (AGCD). Our first contribution is a reduction from LWE to AGCD. As a second contribution, we describe a new AGCD-based fully homomorphic encryption scheme, which outperforms all ...
متن کاملThree's Compromised Too: Circular Insecurity for Any Cycle Length from (Ring-)LWE
Informally, a public-key encryption scheme is k-circular secure if a cycle of k encrypted secret keys (Encpk1(sk2),Encpk2(sk3), . . . ,Encpkk(sk1)) is indistinguishable from encryptions of zeros. Circular security has applications in a wide variety of settings, ranging from security of symbolic protocols to fully homomorphic encryption. A fundamental question is whether standard security notion...
متن کاملFully Homomophic Encryption over the Integers Revisited
Two main computational problems serve as security foundations of current fully homomorphic encryption schemes: Regev’s Learning With Errors problem (LWE) and HowgraveGraham’s Approximate Greatest Common Divisor problem (AGCD). Our first contribution is a reduction from LWE to AGCD. As a second contribution, we describe a new AGCD-based fully homomorphic encryption scheme, which outperforms all ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016