This study clarifies the minimum number of queries necessary for a reaction attack on the fully homomorphic encryption over the torus (TFHE). Homomorphic encryption is crucial to ensure both the confidentiality of data and the flexibility for computation. The unique usage of homomorphic encryption allows a reaction attack by a malicious homomorphic server, in which a legitimate client is abused as a ciphertext verification oracle. This study uses an information-theoretical approach to derive a lower bound on the number of queries, an essential measure of the threat of a reaction attack. The tightness of the lower bound is then shown by constructing a nearly optimum attacking scheme that almost achieves the bound. The lower bound is numerically calculated for a commonly used implementation of TFHE, where the computed value clearly and explicitly indicates the borderline which a TFHE client should not pass.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Reaction Attack on TFHE: Minimum Number of Oracle Queries and Nearly Optimum Attacking Scheme

  • Remma Kumazaki,
  • Yuichi Kaji

摘要

This study clarifies the minimum number of queries necessary for a reaction attack on the fully homomorphic encryption over the torus (TFHE). Homomorphic encryption is crucial to ensure both the confidentiality of data and the flexibility for computation. The unique usage of homomorphic encryption allows a reaction attack by a malicious homomorphic server, in which a legitimate client is abused as a ciphertext verification oracle. This study uses an information-theoretical approach to derive a lower bound on the number of queries, an essential measure of the threat of a reaction attack. The tightness of the lower bound is then shown by constructing a nearly optimum attacking scheme that almost achieves the bound. The lower bound is numerically calculated for a commonly used implementation of TFHE, where the computed value clearly and explicitly indicates the borderline which a TFHE client should not pass.