Abstract
We give a complete characterization both in terms of security and design of all currently existing group homomorphic encryption schemes, i.e., existing encryption schemes with a group homomorphic decryption function such as ElGamal and Paillier. To this end, we formalize and identify the basic underlying structure of all existing schemes and say that such schemes are of shift-type. Then, we construct an abstract scheme that represents all shift-type schemes (i.e., every scheme occurs as an instantiation of the abstract scheme) and prove its IND-CCA1 (resp. IND-CPA) security equivalent to the hardness of an abstract problem called Splitting Oracle-Assisted Subgroup Membership Problem (SOAP) (resp. Subgroup Membership Problem, SMP). Roughly, SOAP asks for solving an SMP instance, i.e., for deciding whether a given ciphertext is an encryption of the neutral element of the ciphertext group, while allowing access to a certain oracle beforehand. Our results allow for contributing to a variety of open problems such as the IND-CCA1 security of Paillier’s scheme, or the use of linear codes in group homomorphic encryption. Furthermore, we design a new cryptosystem which provides features that are unique up to now: Its IND-CPA security is based on the k-linear problem introduced by Shacham, and Hofheinz and Kiltz, while its IND-CCA1 security is based on a new k-problem that we prove to have the same progressive property, namely that if the k-instance is easy in the generic group model, the (k+1)-instance is still hard.
Similar content being viewed by others
References
Armknecht F., Sadeghi A.R.: A new approach for algebraically homomorphic encryption. Cryptol. ePr. Arch. Report 2008/422. http://eprint.iacr.org/ (2008). Accessed 3 Oct 2010.
Bellare M., Desai A., Pointcheval D., Rogaway P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk H. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 1462, pp. 26–45. Springer, Berlin (1998).
Benaloh J.: Verifiable secret-ballot elections. PhD Thesis, Yale University, New Haven (1987).
Boneh D., Silverberg A.: Applications of multilinear forms to cryptography. Contemp. Math. 324, 71–90 (2002)
Boneh D., Boyen X., Shacham H.: Short group signatures. In: Franklin, M.K. (eds) CRYPTO Lecture Notes in Computer Science vol 3152., pp. 41–55. Springer, Heidelberg (2004)
Boneh D., Goh E.J., Nissim K.: Evaluating 2-dnf formulas on ciphertexts. In: Kilian, J. (eds) TCC Lecture Notes in Computer Science vol 3378., pp. 325–341. Springer, Heidelberg (2005)
Canetti R., Krawczyk H., Nielsen J.B.: Relaxing chosen-ciphertext security. In: Boneh, D. (eds) CRYPTO Lecture Notes in Computer Science vol 2729., pp. 565–582. Springer, Heidelberg (2003)
Catalano D., Gennaro R., Howgrave-Graham N., Nguyen P.Q.: Paillier’s cryptosystem revisited. In: ACM Conference on Computer and Communications Security, pp. 206–214 (2001).
Chung K.M., Kalai Y., Vadhan S.: Improved delegation of computation using fully homomorphic encryption. In: Rabin, T. (eds) Advances in Cryptology CRYPTO 2010., pp. 483–501. Lecture Notes in Computer Science vol 6223. Springer, Berlin (2010)
Cohen J.D., Fischer M.J.: A robust and verifiable cryptographically secure election scheme (extended abstract). In: FOCS, pp. 372–382. IEEE, Oregon (1985).
Cramer R., Shoup V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (eds) EUROCRYPT., pp. 45–64. Lecture Notes in Computer Science vol 2332. Springer, Amsterdam (2002)
Cramer R., Franklin M.K., Schoenmakers B., Yung M.: Multi-autority secret-ballot elections with linear work. In: EUROCRYPT, pp. 72–83 (1996).
Cramer R., Gennaro R., Schoenmakers B.: A secure and optimally efficient multi-authority election scheme. In: EUROCRYPT, pp. 103–118 (1997).
Cramer R., Damgård I., Nielsen J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (eds) EUROCRYPT Lecture Notes in Computer Science vol 2045., pp. 280–299. Springer, Heidelberg (2001)
Damgård I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (eds) CRYPTO Lecture Notes in Computer Science vol 576., pp. 445–456. Springer, New York (1991)
Damgård I., Jurik M.: A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In: Kim, K. (eds) Public Key Cryptography Lecture Notes in Computer Science vol 1992., pp. 119–136. Springer, Berlin (2001)
Fellows M., Koblitz N.: Combinatorial cryptosystems galore! In: Finite Fields: Theory, Applications, and Algorithms. Contemporary Mathematics, vol. 168, pp. 51–61. American Mathematical Society, Providence (1993).
Gamal T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: CRYPTO, pp. 10–18 (1984).
Gennaro R., Gentry C., Parno B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Rabin, T. (eds) CRYPTO Lecture Notes in Computer Science vol 6223., pp. 465–482. Springer, Heidelberg (2010)
Gentry C.: A fully homomorphic encryption scheme. PhD Thesis, Stanford University. http://crypto.stanford.edu/craig (2009a). Accessed 2 Feb 2011.
Gentry C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher M. (ed.) STOC. ACM, pp. 169–178 (2009b).
Gentry C., Halevi S.: Implementing Gentry’s Fully-Homomorphic Encryption Scheme. https://researcher.ibm.com/researcher/files/us-shaih/fhe-implementation.pdf (2010). Accessed 27 Aug 2010.
Gjøsteen K.: Homomorphic cryptosystems based on subgroup membership problems. In: Dawson E., Vaudenay S. (eds.) Mycrypt. Lecture Notes in Computer Science, vol. 3715, pp. 314–327. Springer (2005a).
Gjøsteen K.: Symmetric subgroup membership problems. In: Vaudenay, S. (eds) Public Key Cryptography Lecture Notes in Computer Science vol 3386., pp. 104–119. Springer, Berlin (2005)
Gjøsteen K.: A new security proof for Damgård’s ElGamal. In: Pointcheval, D. (eds) CT-RSA Lecture Notes in Computer Science vol 3860., pp. 150–158. Springer, Heidelberg (2006)
Goldwasser S., Micali S.: Probabilistic encryption. J. Comput. Syst. Sci 28(2), 270–299 (1984)
Groth J., Ostrovsky R., Sahai A.: Non-interactive zaps and new techniques for nizk. In: Dwork, C. (eds) CRYPTO Lecture Notes in Computer Science vol 4117., pp. 97–111. Springer, Heidelberg (2006)
Hemenway B., Ostrovsky R.: Lossy trapdoor functions from smooth homomorphic hash proof systems. Electron. Colloq. Comput. Complex. 16, 127 (2009)
Hofheinz D., Kiltz E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes A. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 4622, pp. 553–571. Springer, Heidelberg (2007).
Joux A., Nguyen K.: Separating decision Diffie–Hellman from computational Diffie–Hellman in cryptographic groups. J. Cryptol. 16(4), 239–247 (2003)
Kiltz E.: Chosen-ciphertext security from tag-based encryption. In: Halevi, S., Rabin, T. (eds) TCC Lecture Notes in Computer Science vol 3876., pp. 581–600. Springer, Berlin (2006)
Kurzweil H., Stellmacher B.: The Theory of Finite Groups An Introduction. Springer, Berlin (2004)
Kushilevitz E., Ostrovsky R.: Replication is not needed: single database, computationally-private information retrieval. In: FOCS, pp. 364–373 (1997).
Lang S.: Algebra Graduate Texts in Mathematics vol 211. Springer-Verlag, New York (2002)
Lewko, A.B., Waters, B.: Efficient pseudorandom functions from the decisional linear assumption and weaker variants. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) ACM Conference on Computer and Communications Security, pp. 112–120. ACM (2009)
Lipmaa H.: On the cca1-security of ElGamal and Damgård’s ElGamal. In: Proceedings of Inscrypt 2010. Springer. http://research.cyber.ee/~lipmaa/papers/lip10/ (2010). Accessed 20 Oct 2010.
Maurer U.M.: Abstract models of computation in cryptography. In: Smart N.P. (ed.) IMA Int. Conf. Lecture Notes in Computer Science, vol. 3796, pp. 1–12. Springer (2005).
Naccache D., Stern J.: A new public key cryptosystem based on higher residues. In: ACM Conference on Computer and Communications Security, pp. 59–66 (1998).
Naor M., Pinkas B.: Oblivious polynomial evaluation. SIAM J. Comput 35(5), 1254–1281 (2006)
Naor M., Segev G.: Public-key cryptosystems resilient to key leakage. In: Halevi S. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 5677, pp. 18–35. Springer (2009).
Okamoto T., Uchiyama S.: A new public-key cryptosystem as secure as factoring. In: EUROCRYPT, pp. 308–318 (1998).
Paillier P.: Public-key cryptosystems based on composite degree residuosity classes. In: EUROCRYPT, pp. 223–238 (1999).
Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Dwork, C. (ed.) STOC, pp. 187–196. ACM (2008)
Prabhakaran M., Rosulek M.: Homomorphic encryption with cca security. In: Aceto L., Damgård I., Goldberg L.A., Halldórsson M.M., Ingólfsdóttir A., Walukiewicz I. (eds.) ICALP (2). Lecture Notes in Computer Science, vol. 5126, pp. 667–678. Springer (2008).
Shacham H.: A cramer-shoup encryption scheme from the linear assumption and from progressively weaker linear variants. Cryptol. ePr. Arch. Report 2007/074. http://eprint.iacr.org/ (2007). Accessed 10 Nov 2010.
Shoup V.: Lower bounds for discrete logarithms and related problems. In: EUROCRYPT, pp. 256–266 (1997).
Smart N.P., Vercauteren F.: Fully homomorphic encryption with relatively small key and ciphertext sizes. In: Nguyen P.Q., Pointcheval D. (eds.) Public Key Cryptography. Lecture Notes in Computer Science, vol. 6056, pp. 420–443. Springer, Berlin (2010).
Tsiounis Y., Yung M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds) Public Key Cryptography Lecture Notes in Computer Science vol 1431., pp. 117–134. Springer, Berlin (1998)
van Dijk M., Gentry C., Halevi S., Vaikuntanathan V.: Fully homomorphic encryption over the integers. In: Gilbert H. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 6110, pp. 24–43. Springer, Berlin (2010).
Wu J., Stinson D.: On the security of the ElGamal encryption scheme and damgards variant. Cryptol. ePr. Arch. Report 2008/200. http://eprint.iacr.org/(2008). Accessed 10 Nov 2010.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by C. Boyd.
Rights and permissions
About this article
Cite this article
Armknecht, F., Katzenbeisser, S. & Peter, A. Group homomorphic encryption: characterizations, impossibility results, and applications. Des. Codes Cryptogr. 67, 209–232 (2013). https://doi.org/10.1007/s10623-011-9601-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-011-9601-2
Keywords
- Foundations
- Homomorphic encryption
- Public-key cryptography
- IND-CCA1 security
- Subgroup membership problem
- k-Linear problem