General Impossibility of Group Homomorphic Encryption in the Quantum World

  • Frederik Armknecht
  • Tommaso Gagliardoni
  • Stefan Katzenbeisser
  • Andreas Peter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8383)


Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widely-used, more sophisticated primitives, such as CCA2-secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly due to Shor’s algorithm). This leads to the challenge of constructing quantum-resistant group homomorphic cryptosystems.

In this work, we prove the general impossibility of (abelian) group homomorphic encryption in the presence of quantum adversaries, when assuming the IND-CPA security notion as the minimal security requirement. To this end, we prove a new result on the probability of sampling generating sets of finite (sub-)groups if sampling is done with respect to an arbitrary, unknown distribution. Finally, we provide a sufficient condition on homomorphic encryption schemes for our quantum attack to work and discuss its satisfiability in non-group homomorphic cases. The impact of our results on recent fully homomorphic encryption schemes poses itself as an open question.


Public-Key Cryptography Homomorphic Encryption Semantic Security Quantum Algorithms Sampling Group Generators 


  1. 1.
    Armknecht, F., Augot, D., Perret, L., Sadeghi, A.R.: On constructing homomorphic encryption schemes from coding theory. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 23–40. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Armknecht, F., Gagliardoni, T., Katzenbeisser, S., Peter, A.: General impossibility of group homomorphic encryption in the quantum world. Cryptology ePrint Archive, Report 2014/029 (2014),
  3. 3.
    Armknecht, F., Katzenbeisser, S., Peter, A.: Group homomorphic encryption: characterizations, impossibility results, and applications. Designs, Codes and Cryptography, 1–24, 10.1007/s10623-011-9601-2Google Scholar
  4. 4.
    Armknecht, F., Katzenbeisser, S., Peter, A.: Shift-type homomorphic encryption and its application to fully homomorphic encryption. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 234–251. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Babai, L.: Local expansion of vertex-transitive graphs and random generation in finite groups. In: STOC, pp. 164–174. ACM (1991)Google Scholar
  6. 6.
    Boneh, D., Lipton, R.J.: Algorithms for black-box fields and their application to cryptography (extended abstract). In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 283–297. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. In: ITCS. pp. 309–325. ACM (2012)Google Scholar
  8. 8.
    Cramer, R., Damgård, I., Nielsen, J.B.: Multiparty computation from threshold homomorphic encryption. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 280–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  10. 10.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    van Dam, W., Hallgren, S., Ip, L.: Quantum algorithms for some hidden shift problems. SIAM J. Comput. 36(3), 763–778 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Damgård, I., Geisler, M., Krøigaard, M.: Homomorphic encryption and secure comparison. IJACT 1(1), 22–31 (2008)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  15. 15.
    Erdös, P., Rényi, A.: Probabilistic methods in group theory. J. Analyse Math. 14, 127–138 (1965)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC. pp. 169–178. ACM (2009)Google Scholar
  17. 17.
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the aes circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Gjøsteen, K.: Homomorphic cryptosystems based on subgroup membership problems. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 314–327. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Goldreich, O.: The Foundations of Cryptography, vol. 2, Basic Applications. Cambridge University Press (2004)Google Scholar
  20. 20.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Hallgren, S., Kolla, A., Sen, P., Zhang, S.: Making classical honest verifier zero knowledge protocols secure against quantum attacks. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 592–603. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Hallgren, S., Smith, A., Song, F.: Classical cryptographic protocols in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 411–428. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. 23.
    Hemenway, B., Ostrovsky, R.: On homomorphic encryption and chosen-ciphertext security. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 52–65. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single database, computationally-private information retrieval. In: FOCS. pp. 364–373 (1997)Google Scholar
  25. 25.
    Mosca, M.: Quantum computing, cryptography and compilers. In: ISMVL. pp. 154–156. IEEE (2012)Google Scholar
  26. 26.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  27. 27.
    Pak, I., Bratus, S.: On sampling generating sets of finite groups and product replacement algorithm (extended abstract). In: ISSAC, pp. 91–96. ACM (1999)Google Scholar
  28. 28.
    Peter, A., Kronberg, M., Trei, W., Katzenbeisser, S.: Additively homomorphic encryption with a double decryption mechanism, revisited. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 242–257. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  29. 29.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: FOCS, pp. 124–134. IEEE Computer Society (1994)Google Scholar
  31. 31.
    Watrous, J.: Quantum algorithms for solvable groups. In: STOC, pp. 60–67. ACM (2001)Google Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  • Frederik Armknecht
    • 1
  • Tommaso Gagliardoni
    • 2
  • Stefan Katzenbeisser
    • 2
  • Andreas Peter
    • 3
  1. 1.Universität MannheimGermany
  2. 2.CASEDTechnische Universität DarmstadtGermany
  3. 3.University of TwenteThe Netherlands

Personalised recommendations