CryptoDB
IND-CPA-D and KR-D Security with Reduced Noise from the HintLWE Problem
| Authors: |
|
|---|---|
| Download: | |
| Conference: | ASIACRYPT 2025 |
| Abstract: | Approximate Homomorphic Encryption (AHE), introduced by Cheon et al.~\cite{AC:CKKS17} offers a powerful solution for encrypting real-valued data by relaxing the correctness requirement and allowing small decryption errors. Existing constructions from (Ring) Learning with Errors achieve standard IND-CPA security, but this does not fully capture scenarios where an adversary observes decrypted outputs. Li and Micciancio~\cite{EC:LiMic21} showed that when decryptions are passively leaked, these schemes become vulnerable to practical key recovery attacks even against honest-but-curious attackers. They formalise security when decryptions are shared with new notions of IND-CPA-D and KR-D security. We propose new techniques to achieve provable IND-CPA-D and KR-D security for AHE, while adding substantially less additional decryption noise than the prior provable results. Our approach hinges on refined ``game-hopping" tools in the bit-security framework, which allow bounding security loss with a lower noise overhead. We also give a noise-adding strategy independent of the number of oracle queries, removing a costly dependence inherent in the previous solution. Beyond generic noise-flooding, we show that leveraging the recently introduced HintLWE problem~\cite{C:KLSS23b} can yield particularly large security gains for AHE ciphertexts that are the result of “rescaling,” a common operation in CKKS. Our analysis uses the fact that that rescale-induced noise amounts to a linear ``hint" on the secret to enable a tighter reduction to LWE (via HintLWE). In many practical parameter regimes where the rescaling noise dominates, our results imply an additional precision loss of as little as two bits is sufficient to restore a high level of security against passive key-recovery attacks for standard parameters. Overall, our results enable a provably secure and efficient real-world deployment of Approximate Homomorphic Encryption in scenarios with realistic security requirements. |
BibTeX
@inproceedings{asiacrypt-2025-36021,
title={IND-CPA-D and KR-D Security with Reduced Noise from the HintLWE Problem},
publisher={Springer-Verlag},
author={Tabitha Ogilvie},
year=2025
}