Cryptanalysis on Lightweight Verifiable Homomorphic Encryption
摘要
Verifiable Homomorphic Encryption (VHE) is a cryptographic technique that integrates Homomorphic Encryption (HE) with Verifiable Computation (VC). It serves as a crucial technology for ensuring both privacy and integrity in outsourced computation, where a client sends input ciphertexts \(\textsf {ct} \) and a function f to a server and verifies the correctness of the evaluation upon receiving the evaluation result \(f(\textsf {ct} )\) from the server. Chatel et al. [CKP+24] (CCS’24) introduced two VHE schemes: Replication Encoding (REP) and Polynomial Encoding (PE). A similar approach to REP was used by Albrecht et al. [ADDG24] (EUROCRYPT’24) to develop a Verifiable Oblivious PRF scheme (vADDG). A key approach in these schemes is to embed specific secret information within ciphertexts and use them to verify homomorphic evaluations. This paper presents efficient forgery attacks against the verifiability guarantees of these VHE schemes. We introduce two attack strategies. The first targets \(\textsf {REP} \) and vADDG, extracting secret information in encrypted form from input ciphertexts and leveraging it to forge output ciphertexts without being detected by the verification algorithm. The second targets \(\textsf {PE} \) , exploiting its secret embedding structure to forge output ciphertexts that remain valid on input values for verification, yet violate the verifiability property. Our forgery attack on vADDG demonstrates that the proposed 80-bit security parameters provide at most 10 bits of concrete security. Our attack on REP and PE achieves a probability 1 attack with linear time complexity when using fully homomorphic encryption.