抵抗自适应密钥恢复攻击的层级全同态加密
Leveled Fully Homomorphic Encryption Against Adaptive Key Recovery Attacks
-
摘要: 由于攻击者可以通过自适应攻击的方式获得私钥,因此目前一个重要的公开问题是如何保护层级全同态加密(fully homomorphic encryption, FHE)免受自适应攻击.在该问题的研究中,为实现抵抗自适应密钥恢复攻击的目标,近来,李增鹏等人(PROVSEC’16)在容错学习(learning with errors, LWE)假设下,提出了一个多私钥的全同态加密方案,该方案并不依赖于Loftus等人(SAC’11)利用的“有效密文”概念.然而尽管该方案能抵抗私钥信息的泄漏,但利用噪声信息仍然能够实现自适应的密钥恢复攻击.基于李增鹏等人(EPRINT’16)的工作,给出对李增鹏等人方案的一种新的自适应攻击方法,并提出了一种不同于EPRINT’16的对偶的多私钥全同态加密方案以抵抗该自适应攻击.其核心思想是采用对偶的加密方式,并在每次解密算法运行时,都生成一个“一次”私钥,因此即使攻击者能够从每个解密查询中得到该一次私钥的某些比特,但却无法获得噪声的某些比特,因此,攻击者仍不能计算出一个有效的私钥.Abstract: A major open problem is to protect leveled homomorphic encryption from adaptive attacks that allow an adversary to learn the private key. In order to achieve the goal of preventing key recovery attacks on fully homomorphic encryption (FHE), Li Zengpeng et al (PROVSEC’16) proposed an multiple secret keys fully homomorphic encryption scheme under the learning with errors (LWE) assumption to prevent key recovery attacks on FHE, which did not use the notion of “valid ciphertexts” of Loftus et al (SAC’11). However, utilizing the information of noise, the attacks can still recover the information of the secret key. Li Zengpeng et al.’s scheme cannot provide an efficient method to protect the secret key. In this paper, Inspired by the work of Li Zengpeng et al (EPRINT’16), we first give a new method of key recovery attacks to Li Zengpeng et al.’s scheme; then, we propose a new FHE scheme with multiple secret keys which differs from EPRINT’16, and prove our new scheme against key recovery attacks. Our main idea is to adopt the dual version of encryption algorithm and generate a “one-time” secret key every time, so that even if an attacker can learn some bits of the one-time private key from each decryption query and cannot obtain some bits of noise, the scheme still does not allow them to compute a valid private key.