Fully homomorphic encryption schemes allow one to evaluate any arbitrary computa

Question

Fully homomorphic encryption schemes allow one to evaluate any arbitrary computation over encrypted data. Intuitively this seems to be too weak, irrespective of how we achieve this.

An adversary who has access to the cipher text only could do variety of operations. For example, duplicates in the cipher text could be found easily. No separate trapdoors are required apart from Public Key. Variety of further operations could be performed on the given corpus of cipher text, so identifying prefixes, suffixes etc. among the cipher words by simply running their respective circuits.

Also with additional information like if an adversary could guess if the column in the encrypted database is an integer. He can do operations like < or > among the encrypted values to further deduce interesting information.

Is this true with homomorphic schemes ? or am i missing some thing ?

Explanation / Answer

Even though all the operations you described can be performed homomorphically, the result remains encrypted, i.e., the attacker cannot "see" it. So homomorphic computation is not useful (on its own) as an attack, because the results remain unknown to the attacker.

For example, given two ciphertexts c,c?, an attacker can homomorphically compute whether they encrypt the same message. The result is a ciphertext c?? that is an encryption of either 1 ("same message") or 0 ("different messages"). But the attacker cannot decrypt c??, so the 0/1 answer remains hidden to him.

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.