TY - GEN
T1 - On Extension of Evaluation Algorithms in Keyed-Homomorphic Encryption
AU - Shinoki, Hirotomo
AU - Nuida, Koji
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Homomorphic encryption (HE) is public key encryption that enables computation over ciphertexts without decrypting them, while it is known that HE cannot achieve IND-CCA2 security. To overcome this issue, the notion of keyed-homomorphic encryption (KH-PKE) was introduced, which has a separate homomorphic evaluation key and can achieve stronger security (Emura et al., PKC 2013). The contributions of this paper are twofold. First, the syntax of KH-PKE assumes that homomorphic evaluation is performed for single operations, and its security notion called KH-CCA security was formulated based on this syntax. Consequently, if the homomorphic evaluation algorithm is enhanced in a way of gathering up sequential operations as a single evaluation, then it is not obvious whether or not KH-CCA security is preserved. In this paper, we show that KH-CCA security is in general not preserved under such modification, while KH-CCA security is preserved when the original scheme additionally satisfies circuit privacy. Secondly, Catalano and Fiore (ACM CCS 2015) proposed a conversion method from linearly HE schemes into two-level HE schemes, the latter admitting addition and a single multiplication for ciphertexts. In this paper, we extend the conversion to the case of linearly KH-PKE schemes to obtain two-level KH-PKE schemes.
AB - Homomorphic encryption (HE) is public key encryption that enables computation over ciphertexts without decrypting them, while it is known that HE cannot achieve IND-CCA2 security. To overcome this issue, the notion of keyed-homomorphic encryption (KH-PKE) was introduced, which has a separate homomorphic evaluation key and can achieve stronger security (Emura et al., PKC 2013). The contributions of this paper are twofold. First, the syntax of KH-PKE assumes that homomorphic evaluation is performed for single operations, and its security notion called KH-CCA security was formulated based on this syntax. Consequently, if the homomorphic evaluation algorithm is enhanced in a way of gathering up sequential operations as a single evaluation, then it is not obvious whether or not KH-CCA security is preserved. In this paper, we show that KH-CCA security is in general not preserved under such modification, while KH-CCA security is preserved when the original scheme additionally satisfies circuit privacy. Secondly, Catalano and Fiore (ACM CCS 2015) proposed a conversion method from linearly HE schemes into two-level HE schemes, the latter admitting addition and a single multiplication for ciphertexts. In this paper, we extend the conversion to the case of linearly KH-PKE schemes to obtain two-level KH-PKE schemes.
UR - http://www.scopus.com/inward/record.url?scp=85137004421&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85137004421&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-15255-9_10
DO - 10.1007/978-3-031-15255-9_10
M3 - Conference contribution
AN - SCOPUS:85137004421
SN - 9783031152542
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 189
EP - 207
BT - Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings
A2 - Cheng, Chen-Mou
A2 - Akiyama, Mitsuaki
PB - Springer Science and Business Media Deutschland GmbH
T2 - 17th International Workshop on Security, IWSEC 2022
Y2 - 31 August 2022 through 2 September 2022
ER -