Public-Key Cryptography – PKC 2013

Volume 7778 of the series Lecture Notes in Computer Science pp 14-31

Feasibility and Infeasibility of Adaptively Secure Fully Homomorphic Encryption

  • Jonathan KatzAffiliated withDepartment of Computer Science, University of Maryland
  • , Aishwarya ThiruvengadamAffiliated withDepartment of Computer Science, University of Maryland
  • , Hong-Sheng ZhouAffiliated withDepartment of Computer Science, University of Maryland

* Final gross prices may vary according to local VAT.

Get Access


Fully homomorphic encryption (FHE) is a form of public-key encryption that enables arbitrary computation over encrypted data. The past few years have seen several realizations of FHE under different assumptions, and FHE has been used as a building block in many cryptographic applications.

Adaptive security for public-key encryption schemes is an important security notion proposed by Canetti et al. It is intended to ensure security when encryption is used within an interactive protocol and parties may be adaptively corrupted by an adversary during the course of the protocol execution. Due to the extensive applications of FHE to protocol design, it is natural to understand whether adaptively secure FHE is achievable.

In this paper we show two contrasting results in this direction. First, we show that adaptive security is impossible for FHE satisfying the (standard) compactness requirement. On the other hand, we show a construction of adaptively secure FHE that is not compact, but that does achieve circuit privacy.