CryptoDB
Drifting Towards Better Error Probabilities in Fully Homomorphic Encryption Schemes
| Authors: |
|
|---|---|
| Download: | |
| Conference: | EUROCRYPT 2025 |
| Abstract: | There are two security notions for FHE schemes the traditional notion of IND-CPA, and a more stringent notion of IND-CPA^D. The notions are equivalent if the FHE schemes are perfectly correct, however for schemes with negligible failure probability the FHE parameters needed to obtain IND-CPA^D security can be much larger than those needed to obtain IND-CPA security. This paper uses the notion of ciphertext drift in order to understand the practical difference between IND-CPA and IND-CPA^D security in schemes such as FHEW, TFHE and FINAL. This notion allows us to define a modulus switching operation (the main culprit for the difference in parameters) such that one does not require adapting IND-CPA cryptographic parameters to meet the IND-CPA^D security level. Further, the extra cost incurred by the new techniques has no noticeable performance impact in practical applications. The paper also formally defines a stronger version for IND-CPA^D security called sIND-CPA^D, which is proved to be strictly separated from the IND-CPA^D notion. Criterion for turning an IND-CPA^D secure public-key encryption into an sIND-CPA^D one is also provided. |
BibTeX
@inproceedings{eurocrypt-2025-35006,
title={Drifting Towards Better Error Probabilities in Fully Homomorphic Encryption Schemes},
publisher={Springer-Verlag},
author={Olivier Bernard and Marc Joye and Nigel Smart and Michael Walter},
year=2025
}