[Resource Topic] 2015/012: Cryptanalysis of a (Somewhat) Additively Homomorphic Encryption Scheme Used in PIR

Welcome to the resource topic for 2015/012

Cryptanalysis of a (Somewhat) Additively Homomorphic Encryption Scheme Used in PIR

Authors: Tancrède Lepoint, Mehdi Tibouchi


Private Information Retrieval (PIR) protects users’ privacy in outsourced storage applications and can be achieved using additively homomorphic encryption schemes. Several PIR schemes with a “real world” level of practicality, both in terms of computational and communication complexity, have been recently studied and implemented. One of the possible building block is a conceptually simple and computationally efficient protocol proposed by Trostle and Parrish at ISC 2010, that relies on an underlying secret-key (somewhat) additively homomorphic encryption scheme, and has been reused in numerous subsequent works in the PIR community (PETS 2012, FC 2013, NDSS 2014, etc.). In this paper, we show that this encryption scheme is not one-way: we present an attack that decrypts arbitrary ciphertext without the secret key, and is quite efficient: it amounts to applying the LLL algorithm twice on small matrices. Used against existing practical instantiations of PIR protocols, it allows the server to recover the users’ access pattern in a matter of seconds.

ePrint: https://eprint.iacr.org/2015/012

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .