mediaTUM - Medien- und Publikationsserver

INF 5 - Institut für Anwendungssicherheit

Zurück
Zurück zum Anfang der Trefferliste
Dauerhafter Link zum angezeigten Objekt

Wenn Sie Schwierigkeiten haben, das Dokument zu öffnen, versuchen Sie auch bitte diesen Link

Autorinnen/Autoren:: Nguyen, Jerome
Dokumenttyp:: Sonstiges / Other Publication
Titel:: GG-GSW: Chosen-Ciphertext Secure Leveled FHE From Gadget Trapdoors
Jahr:: 2026
Umfang (Seiten):: 2026/316
Sprache:: Englisch
Abstract:: We build a leveled fully homomorphic encryption (FHE) scheme that achieves IND-CCA1 security under the learning with errors (LWE) assumption in the standard model. It is the first scheme of this kind that does not rely on succinct non-interactive arguments of knowledge (SNARK) to obtain security against active adversaries. Instead, we use the gadget lattice trapdoors introduced by Micciancio and Peikert [Eurocrypt 2012] in combination with a dual version of the GSW FHE scheme [Gentry, Sahai, Waters, Crypto 2013]. Instead of proving the integrity of a ciphertext with a SNARK, we use the gadget trapdoor to recover the LWE noise of a ciphertext. This ensures IND-CCA1 security because it allows us to determine whether a ciphertext queried to the decryption oracle will reveal information about the secret key to an adversary. Our scheme is fully compact, multi-hop and requires very few changes to the original GSW scheme beyond the key generation and decryption algorithm. In particular, the homomorphic operations remain unchanged. We also follow ideas from Bourse et al. [Crypto 2016] to obtain IND-CPA-D security almost for free, without requiring correctness. Note: The proof of Theorem 4.1 is incorrect, therefore the claims of IND-CCA1 security are currently unsupported. In short, game G3 and G4 are statistically distinguishable. We give more detail on the issue in Section 4.3. We thank an anonymous CRYPTO reviewer for pointing this out. The randomized evaluation algorithm from Section 5 may still be used with dual-GSW or GG-GSW to obtain IND-CPA-D security, but the proof of IND-CCA1-D security from Theorem 5.1 does not hold for the same reasons. A revised proof is in the works. «
We build a leveled fully homomorphic encryption (FHE) scheme that achieves IND-CCA1 security under the learning with errors (LWE) assumption in the standard model. It is the first scheme of this kind that does not rely on succinct non-interactive arguments of knowledge (SNARK) to obtain security against active adversaries. Instead, we use the gadget lattice trapdoors introduced by Micciancio and Peikert [Eurocrypt 2012] in combination with a dual version of the GSW FHE scheme [Gentry, Sahai, Wa... »
Article-ID:: 2026/316
URL zum Inhalt:: https://ia.cr/2026/316
Fakultät:: Fakultät für Informatik
Institut:: INF 5 - Institut für Anwendungssicherheit
Professorin/Professor:: Manulis, Mark
Forschungszentrum:: CODE
Open Access:: Ja / Yes
Open-Access-Lizenz:: CC BY 4.0
Sonstige Angaben:: Preprint veröffentlicht über Cryptology ePrint Archive
BibTeX

Vorkommen:

Home / Alle Inhalte Publikationen Fakultäten (univ.)Fakultät für Informatik INF 5 - Institut für Anwendungssicherheit

Home / Alle Inhalte Open-Access-Publikationen Fakultäten (univ.)Fakultät für Informatik INF 5 - Institut für Anwendungssicherheit

Home / Alle Inhalte Publikationen Forschungszentren und -initiativen CODE

Home / Alle Inhalte Open-Access-Publikationen Forschungszentren CODE