a distinguisher based attack of a homomorphic encryption
play

A Distinguisher-Based Attack of a Homomorphic Encryption Scheme - PowerPoint PPT Presentation

Jan 10, 2024 •186 likes •624 views

A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes erie Gauthier 1 , Ayoub Otmani 1 and Jean-Pierre Tillich 2 Val GREYC - Universit e de Caen - Ensicaen SECRET Project - INRIA Rocquencourt

  1. A Distinguisher-Based Attack of a Homomorphic Encryption Scheme Relying on Reed-Solomon Codes erie Gauthier 1 , Ayoub Otmani 1 and Jean-Pierre Tillich 2 Val´ GREYC - Universit´ e de Caen - Ensicaen SECRET Project - INRIA Rocquencourt Code-based Cryptography Workshop, May 2012 V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 1 / 17

  2. Introduction Homomorphic encryption schemes Proposed by Rivest, Adleman and Dertouzos in 1978. V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 2 / 17

  3. Introduction Homomorphic encryption schemes Proposed by Rivest, Adleman and Dertouzos in 1978. Gentry proposed the first homomorphic scheme based in lattices in 2009. V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 2 / 17

  4. Introduction Homomorphic encryption schemes Proposed by Rivest, Adleman and Dertouzos in 1978. Gentry proposed the first homomorphic scheme based in lattices in 2009. Challenge: find Homomorphic schemes based in coding therory. V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 2 / 17

  5. Introduction Homomorphic encryption schemes Proposed by Rivest, Adleman and Dertouzos in 1978. Gentry proposed the first homomorphic scheme based in lattices in 2009. Challenge: find Homomorphic schemes based in coding therory. Two proposals ◮ On Constructing homomorphic Encryption Schemes from Coding Theory. IMACC 2011. Armkent, Augot, Perret and Sadeghi. ◮ Homomorphic encryption from codes (Accepted to STOC 2012) Bogdanov and Lee. V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 2 / 17

  6. Introduction Distingushing problem Introduced in 2001 by Courtois, Finiasz, and Sendrier to formalize a security proof of the McEliece cryptosystem. V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 3 / 17

  7. Introduction Distingushing problem Introduced in 2001 by Courtois, Finiasz, and Sendrier to formalize a security proof of the McEliece cryptosystem. A Distinguisher for High Rate McEliece Cryptosystems (ITW 2011). Faug` ere, Gauthier, Otmani, Perret and Tillich V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 3 / 17

  8. Introduction Distingushing problem Introduced in 2001 by Courtois, Finiasz, and Sendrier to formalize a security proof of the McEliece cryptosystem. A Distinguisher for High Rate McEliece Cryptosystems (ITW 2011). Faug` ere, Gauthier, Otmani, Perret and Tillich Error-correcting pairs for a public-key cryptosystem. Preprint 2012. M´ arquez-Corbella and Pellikaan. V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 3 / 17

  9. Introduction Distingushing problem Introduced in 2001 by Courtois, Finiasz, and Sendrier to formalize a security proof of the McEliece cryptosystem. A Distinguisher for High Rate McEliece Cryptosystems (ITW 2011). Faug` ere, Gauthier, Otmani, Perret and Tillich Error-correcting pairs for a public-key cryptosystem. Preprint 2012. M´ arquez-Corbella and Pellikaan. Two independent attacks ◮ Cryptanalysis of the Bogdanov-Lee Cryptosystem by Gottfried Herold ◮ When Homomorphism Becomes a Liability by Zvika Brakerski. (Cryptology ePrint Archive: Report 2012/225) V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 3 / 17

  10. Bogdanov-Lee Cryptosystem Outline Introduction 1 Bogdanov-Lee Cryptosystem 2 Description of the attack 3 Conclusions and futur work 4 V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencou May 2012 4 / 17

  11. Bogdanov-Lee Cryptosystem Outline Introduction 1 Bogdanov-Lee Cryptosystem 2 Description of the attack 3 Conclusions and futur work 4 V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencou May 2012 4 / 17

  12. Bogdanov-Lee Cryptosystem Key generation A subset L of { 1 , . . . , n } of cardinality 3 ℓ . Generate at random n distinct x i ∈ F q . ( x i , x 2 i , . . . , x ℓ  i , 0 , . . . , 0) if i ∈ L  def G T = i i , x ℓ +1 ( x i , x 2 i , . . . , x ℓ , . . . , x k  i ) if i / ∈ L i Secret key: L , G . Public key: P def = SG where S is a random invertible over F q . V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 5 / 17

  13. Bogdanov-Lee Cryptosystem Key generation - Example A subset L of { 1 , . . . , n } of cardinality 3 ℓ . Generate at random n distinct x i ∈ F q .  x 1 . . . x 3 ℓ x 3 ℓ +1 . . . x n  . . . . . .   . . .    x ℓ x ℓ x ℓ x ℓ  . . . . . .  1 3 ℓ 3 ℓ +1 n  G =  x ℓ +1 x ℓ +1  0 . . . 0 . . .   3 ℓ +1 n  . . .  . . .   . . .   x k x k 0 . . . 0 . . . 3 ℓ +1 n Secret key: L , G . Public key: P def = SG where S is a random invertible over F q . V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 5 / 17

  14. Bogdanov-Lee Cryptosystem Encryption → c ∈ F n m ∈ F q − q 1 Pick z ∈ F k q uniformly at random. 2 Pick e ∈ F n � � q s.t. Proba e i = 0 ∀ i ∈ L is close to one. 3 Compute c def = zP + m 1 + e where 1 ∈ F n q is the all-ones row vector. V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencou May 2012 6 / 17

  15. Bogdanov-Lee Cryptosystem Decryption 1 Find y def = ( y 1 , . . . , y n ) ∈ F n q that solves:  Gy T = 0   �  = 1 y i (1) i ∈ L   y i = 0 for all i / ∈ L .  2 For any solution y of (1): m = cy T V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencou May 2012 7 / 17

  16. Bogdanov-Lee Cryptosystem Correctness of the Decryption cy T ( zP + m 1 + e ) y T = ( zP + m 1 ) y T = (since e i = 0 if i ∈ L and y i = 0 if i / ∈ L ) n zSGy T + m � = y i i =1 n (since Gy T = 0 and � = y i = 1) m i =1 V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 8 / 17

  17. Description of the attack Outline Introduction 1 Bogdanov-Lee Cryptosystem 2 Description of the attack 3 Conclusions and futur work 4 V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencou May 2012 9 / 17

  18. Description of the attack Preliminary Find y ∈ F n q s.t. Py T  = 0   �  y i = 1 (2) i ∈ L   y i = 0 for all i / ∈ L .  Remarks: Py T = 0 ⇔ SGy T = 0 then system (2) ⇔ system (1). For any y solution of (2): m = cy T . = ⇒ L is the only secret key. V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 10 / 17

  19. Description of the attack Definitions Star product: a ⋆ b def = ( a 1 b 1 , . . . , a n b n ). Star product of two codes: < A ⋆ B > is the vector space spanned by all products a ⋆ b where a ∈ A and b ∈ B . Square code: < A 2 > = < A ⋆ A > Restriction of a code A , I ⊂ { 1 , . . . , n } def � � v ∈ F | I | = q | ∃ a ∈ A , v = ( a i ) i ∈ I . A I V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 11 / 17

  20. Description of the attack Main result: Proposition: ◮ Choose I ⊂ { 1 , . . . , n } . def ◮ Denote J = I ∩ L and C the code generated by G .  | J | � ℓ − 1  dim( < C 2 = ⇒ I > ) = 2 k − 1 + | J | if | I | − | J | � 2 k  V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencour May 2012 12 / 17

  21. Description of the attack Recover L : dim ( < C 2 I > ) = 2 k − 1 + | J | 1 Recover J = L ∩ I : choose i ∈ I , consider I ′ def = I \ { i } . � � ◮ If i ∈ L then dim( < C 2 I ′ > ) = 2 k − 1 + | J | − 1. ◮ If i / ∈ L then dim( < C 2 I ′ > ) = 2 k − 1 + | J | . V. Gauthier, A. Otmani and J-P. Tillich Attack of a Homomorphic Scheme ( GREYC - Universit´ e de Caen - Ensicaen, SECRET Project - INRIA Rocquencou May 2012 13 / 17

Recommend

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic

Homomorphic Encryption Lecture 18 And some applications Homomorphic Encryption Homomorphic Encryption Group Homomorphism: Two groups G and G are homomorphic if there exists a function (homomorphism) f:G G such that for all x,y G,

1.79k views • 165 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California,

Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California,

Parameters for Homomorphic Encryption Kim Laine and Kristin Lauter University of California, Berkeley and Microsoft Research September 3, 2015 Homomorphic Encryption Homomorphic Encryption Consider a public key cryptosystem, and operations

777 views • 35 slides
Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin

Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin

Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin ztrk, Erkay Sava , Berk Sunar Worcester Polytechnic Institute 100 Institute Road, Worcester, MA, USA, 01609 1 Homomorphic Encryption

534 views • 24 slides
Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption

Homomorphic Encryption for Genomic Analysis Hoon Cho (MIT) and David Wu (Stanford) March, 2015 Homomorphic Encryption Homomorphic encryption (HE): encryption schemes that support computation on ciphertexts Consists of three functions: m c

548 views • 26 slides
CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1

CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1

CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes Mariya Georgieva 1 , 2 1 2 Joint work with: C. Boura, N. Gama, D. Jetchev 1 / 30 Homomorphic encryption Given ( c 1 , c 2 , . . . , c k ) = ( E ( m 1 ) , E ( m 2 ) , . . .

497 views • 48 slides
Berkeley CS276 &amp; MIT 6.875 Specialized homomorphic encryption, commitments and applications

Berkeley CS276 &amp; MIT 6.875 Specialized homomorphic encryption, commitments and applications

Berkeley CS276 &amp; MIT 6.875 Specialized homomorphic encryption, commitments and applications Lecturer: Raluca Ada Popa Announcements Starting to record Specialized/partial homomorphic encryption An encryption scheme that is

990 views • 53 slides
Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt

Fully Homomorphic Encryption from the ground up Daniele Micciancio (UC San Diego) Eurocrypt 2019 (Fully Homomorphic) Encryption Encryption: used to protect data at rest or in transit Enc( m ) Enc( m ) Enc( m ) Fully Homomorphic

2.2k views • 39 slides
Homomorphic Secret Sharing &amp; Applications from Lattice-Based Assumptions Elette Boyle Many

Homomorphic Secret Sharing &amp; Applications from Lattice-Based Assumptions Elette Boyle Many

Homomorphic Secret Sharing &amp; Applications from Lattice-Based Assumptions Elette Boyle Many slides taken/adapted from Geoffroy Couteau, Lisa Kohl, &amp; Peter Scholl Fully Homomorphic Encryption (FHE) Supports homomorphic

791 views • 40 slides
Parameter Selection in Ring-LWE-based Fully Homomorphic Encryption Rachel Player Information

Parameter Selection in Ring-LWE-based Fully Homomorphic Encryption Rachel Player Information

Motivation Security Correctness Performance Bibliography Parameter Selection in Ring-LWE-based Fully Homomorphic Encryption Rachel Player Information Security Group, Royal Holloway, University of London based on joint works with Martin R.

851 views • 64 slides
Homomorphic Encryption Based Secure Genome Data Analysis Miran Kim and Kristin Lauter

Homomorphic Encryption Based Secure Genome Data Analysis Miran Kim and Kristin Lauter

Homomorphic Encryption Based Secure Genome Data Analysis Miran Kim and Kristin Lauter Seoul National University Microsoft Research iDASH Privacy&amp;Security Workshop, March 16, 2015 1 / 16 Secure Outsourcing GWAS 2 / 16 Minor

622 views • 24 slides
Approximate Homomorphic Encryption and Privacy Preserving Machine Learning Jung Hee Cheon (SNU,

Approximate Homomorphic Encryption and Privacy Preserving Machine Learning Jung Hee Cheon (SNU,

Approximate Homomorphic Encryption and Privacy Preserving Machine Learning Jung Hee Cheon (SNU, CryptoLab) Thanks to YongSoo Song, Kiwoo Lee, Andrey KIM Outline 1. Homomorphic Encryption 2. HEAAN 3. Bootstrapping of HEAAN 4. Toolkit for

981 views • 50 slides
Fully Homomorphic Encryption Francisco Vial-Prado ASCrypto - LatinCrypt 19 IMFD Chile, Ecole

Fully Homomorphic Encryption Francisco Vial-Prado ASCrypto - LatinCrypt 19 IMFD Chile, Ecole

Fully Homomorphic Encryption Francisco Vial-Prado ASCrypto - LatinCrypt 19 IMFD Chile, Ecole Polytechnique, Universit e Paris-Saclay Applied Cryptography @ ProtonMail Generic homomorphic encryption Gentrys blueprint Second generation

1.07k views • 63 slides
Bootstrapping for Approximate Homomorphic Encryption Jung Hee Cheon, Kyoohyung Han, Andrey Kim

Bootstrapping for Approximate Homomorphic Encryption Jung Hee Cheon, Kyoohyung Han, Andrey Kim

Bootstrapping for Approximate Homomorphic Encryption Jung Hee Cheon, Kyoohyung Han, Andrey Kim (Seoul National University) Miran Kim, Yongsoo Song (University of California, San Diego) Landscape of Homomorphic Encryption Landscape of

412 views • 38 slides
References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford

References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford

References Gentry, C., A fully homomorphic encryption scheme , Ph.D. Thesis, 1 Standford University, 2009. http://crypto.stanford.edu/craig/craig-thesis.pdf Fully Homomorphic Encryption Gentry, C., Computing arbitrary functions of encrypted

233 views • 7 slides
Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for

Symmetric Encryption Scheme adapted to Fully Homomorphic Encryption Scheme: New Criteria for Boolean functions Pierrick M AUX cole normale suprieure, INRIA, CNRS, PSL Boolean Functions and their Applications (BFA) Os, Norway Tuesday

1.23k views • 101 slides
Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment

Some applications and protocols Internet Casino Identity-based encryption Commitment Functional encryption Shared coin flips Fully-homomorphic encryption APPLICATIONS AND PROTOCOLS Threshold cryptography Searchable

399 views • 11 slides
CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi

CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi

Introduction CCA-Secure Keyed-Fully Homomorphic Encryption Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi Sakurai and Jian Weng 1 / 26 Introduction Outline Background Related Work CCA-Secure Keyed-Fully Homomorphic Encryption Conclusion

686 views • 26 slides
Homomorphic Encryption for Arithmetic of Approximate Numbers Jung Hee Cheon , Andrey Kim ,

Homomorphic Encryption for Arithmetic of Approximate Numbers Jung Hee Cheon , Andrey Kim ,

Homomorphic Encryption for Arithmetic of Approximate Numbers Homomorphic Encryption for Arithmetic of Approximate Numbers Jung Hee Cheon , Andrey Kim , Miran Kim , Yongsoo Song Seoul National University University of

601 views • 29 slides
Homomorphic Encryption for Arithmetic of Approximate Numbers Jung Hee Cheon , Andrey Kim ,

Homomorphic Encryption for Arithmetic of Approximate Numbers Jung Hee Cheon , Andrey Kim ,

Homomorphic Encryption for Arithmetic of Approximate Numbers Homomorphic Encryption for Arithmetic of Approximate Numbers Jung Hee Cheon , Andrey Kim , Miran Kim , Yongsoo Song Seoul National University University of

871 views • 22 slides
homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT

homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT

Accelerating lattice-based and homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT is a Research Centre of the ECIT Institute @CSIT_QUB Overview 1. Introduction 2. SAFEcrypto project overview 3.

1.18k views • 54 slides
An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester

An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester

An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester Institute of Technology Rochester, NY 14623 May 9, 2011 Alexander Lange (RIT) Homomorphic Encryption May 9, 2011 1 / 22 Outline Algebraic

452 views • 22 slides
Privacy-friendly Forecasting for the Smart Grid using Homomorphic Encryption J. Bos 1 , W.

Privacy-friendly Forecasting for the Smart Grid using Homomorphic Encryption J. Bos 1 , W.

Privacy-friendly Forecasting for the Smart Grid using Homomorphic Encryption J. Bos 1 , W. Castryck 2 , 3 , I. Iliashenko 2 and F . Vercauteren 2 , 4 1 NXP Semiconductors 2 COSIC, KU Leuven and imec 3 Universit de Lille-1 4 Open Security Research

853 views • 72 slides
Fully Homomorphic Encryption Lecture 21 Recall Learning With Errors -s = A b A r A

Fully Homomorphic Encryption Lecture 21 Recall Learning With Errors -s = A b A r A

Fully Homomorphic Encryption Lecture 21 Recall Learning With Errors -s = A b A r A b e 1 LWE (decision version): (A,A s + e ) (A, r ), where A random m n , s uniform, e has small entries from a matrix in A Z q

514 views • 12 slides

More recommend