On Extension of Evaluation Algorithms in Keyed-Homomorphic Encryption

Shinoki, Hirotomo; Nuida, Koji

doi:10.1007/978-3-031-15255-9_10

Cited by 1 publication

(1 citation statement)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The present paper is the full version of a conference paper presented at IWSEC 2022 [36]. The main differences are that here we add the detailed proofs for the main theorems, which were just sketched in [36], and add the conversion from a d-level KH-PKE scheme to a 2d-level one, omitted in [36].…”

Section: Publication Informationmentioning

confidence: 99%

On Extension of Evaluation Algorithms in Keyed-Homomorphic Encryption

Shinoki

Nuida

2024

IEICE Trans. Fundamentals

Self Cite

View full text Add to dashboard Cite

Homomorphic encryption (HE) is public key encryption that enables computation over ciphertexts without decrypting them. To overcome an issue that HE cannot achieve IND-CCA2 security, the notion of keyed-homomorphic encryption (KH-PKE) was introduced (Emura et al., PKC 2013), which has a separate homomorphic evaluation key and can achieve stronger security named KH-CCA security. The contributions of this paper are twofold. First, recall that the syntax of KH-PKE assumes that homomorphic evaluation is performed for single operations, and KH-CCA security was formulated based on this syntax. Consequently, if the homomorphic evaluation algorithm is enhanced in a way of gathering up sequential operations as a single evaluation, then it is not obvious whether or not KH-CCA security is preserved. In this paper, we show that KH-CCA security is in general not preserved under such modification, while KH-CCA security is preserved when the original scheme additionally satisfies circuit privacy. Secondly, Catalano and Fiore (ACM CCS 2015) proposed a conversion method from linearly HE schemes into two-level HE schemes, the latter admitting addition and a single multiplication for ciphertexts. In this paper, we extend the conversion to the case of linearly KH-PKE schemes to obtain two-level KH-PKE schemes. Moreover, based on the generalized version of Catalano-Fiore conversion, we also construct a similar conversion from d-level KH-PKE schemes into 2d-level KH-PKE schemes.

show abstract

Section: Publication Informationmentioning

confidence: 99%