Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
On lattices, learning with errors, random linear codes, and cryptography
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Formal Proofs for the Security of Signcryption
Journal of Cryptology
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
On lattices, learning with errors, random linear codes, and cryptography
Journal of the ACM (JACM)
A secure and optimally efficient multi-authority election scheme
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A fully homomorphic encryption scheme
A fully homomorphic encryption scheme
Implementing Gentry's fully-homomorphic encryption scheme
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Semi-homomorphic encryption and multiparty computation
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
On the CCA1-security of Elgamal and Damgård's Elgamal
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Adapting helios for provable ballot privacy
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Attacking and Fixing Helios: An Analysis of Ballot Secrecy
CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
Fully homomorphic encryption with relatively small key and ciphertext sizes
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Fully homomorphic encryption over the integers
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Errors matter: breaking RSA-Based PIN encryption with thirty ciphertext validity queries
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Shift-type homomorphic encryption and its application to fully homomorphic encryption
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Reaction attack on outsourced computing with fully homomorphic encryption schemes
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Relaxing IND-CCA: indistinguishability against chosen ciphertext verification attack
SPACE'12 Proceedings of the Second international conference on Security, Privacy, and Applied Cryptography Engineering
Hi-index | 0.00 |
It is well known that any encryption scheme which supports any form of homomorphic operation cannot be secure against adaptive chosen ciphertext attacks. The question then arises as to what is the most stringent security definition which is achievable by homomorphic encryption schemes. Prior work has shown that various schemes which support a single homomorphic encryption scheme can be shown to be IND-CCA1, i.e. secure against lunchtime attacks. In this paper we extend this analysis to the recent fully homomorphic encryption scheme proposed by Gentry, as refined by Gentry, Halevi, Smart and Vercauteren. We show that the basic Gentry scheme is not IND-CCA1; indeed a trivial lunchtime attack allows one to recover the secret key. We then show that a minor modification to the variant of the somewhat homomorphic encryption scheme of Smart and Vercauteren will allow one to achieve IND-CCA1, indeed PA-1, in the standard model assuming a lattice based knowledge assumption. We also examine the security of the scheme against another security notion, namely security in the presence of ciphertext validity checking oracles; and show why CCA-like notions are important in applications in which multiple parties submit encrypted data to the "cloud" for secure processing.