International Association for Cryptologic Research

International Association
for Cryptologic Research

Crypto 2024

On the practical CPAD security of "exact" and threshold FHE schemes and libraries


Marina Checri
Université Paris-Saclay

Renaud Sirdey
Université Paris-Saclay

Aymen Boudguiga
Université Paris-Saclay

Jean-Paul Bultel
Université Paris-Saclay


Keywords: FHE, CPAD, threshold FHE, CCA security


Abstract

In their 2021 seminal paper, Li and Micciancio presented a passive attack against the CKKS approximate FHE scheme and introduced the notion of CPAD security. The current status quo is that this line of attacks does not apply to "exact" FHE. In this paper, we challenge this status quo by exhibiting a CPAD key recovery attack on the linearly homomorphic Regev cryptosystem which easily generalizes to other xHE schemes such as BFV, BGV and TFHE showing that these cryptosystems are not CPAD secure in their basic form. We also show that existing threshold variants of BFV, BGV and CKKS are particularily exposed to CPAD attackers and would be CPAD-insecure without smudging noise addition after partial decryption. Finally we successfully implement our attack against several mainstream FHE libraries and discuss a number of natural countermeasures as well as their consequences in terms of FHE practice, security and efficiency. The attack itself is quite practical as it typically takes less than an hour on an average laptop PC, requiring a few thousand ciphertexts as well as up to around a million evaluations/decryptions, to perform a full key recovery.

Publication

Crypto 2024

Paper

Artifact

Artifact number
crypto/2024/a11

Artifact published
August 15, 2024

README

ZIP (7.3 MB)  

View on Github

License
This work is licensed under the CeCILL-C Free Software License Agreement licence.

Some files in this archive are licensed under a different license. See the contents of this archive for more information.


BibTeX How to cite

Checri., M, Sirdey, R., Boudguiga, A., Bultel, J. (2024). On the practical CPAD security of “exact” and threshold FHE schemes and libraries. In: Reyzin, L., Stebila, D. (eds) Advances in Cryptology – Crypto 2024. Lecture Notes in Computer Science, vol. 14922. Springer, Cham. https://doi.org/10.1007/978-3-031-68382-4_1. Artifact available at https://artifacts.iacr.org/crypto/2024/a11