Welcome to the resource topic for 2025/382
Title:
On the Security and Privacy of CKKS-based Homomorphic Evaluation Protocols
Authors: Intak Hwang, Seonhong Min, Jinyeong Seo, Yongsoo Song
Abstract:CKKS is a homomorphic encryption (HE) scheme that supports arithmetic over complex numbers in an approximate manner.
Despite its utility in PPML protocols, formally defining the security of CKKS-based protocols is challenging due to its approximate nature.
To be precise, in a sender-receiver model, where the receiver holds input ciphertexts and the sender evaluates its private circuit, it is difficult to define sender’s privacy in terms of indistinguishability, whereas receiver’s privacy is easily achieved through the semantic security of CKKS.
In this paper, we present a new definition for CKKS-based protocols, called Differentially Private Homomorphic Evaluation (DPHE) protocols, along with a general method to achieve this.
In our definition, we relax the sender’s privacy condition from indistinguishability to differential privacy notion.
We focus on the fact that most security concern for PPML protocols is differential privacy on evaluation results, rather than the simulatability of the evaluation.
We prove that if the ideal functionality satisfies differential privacy and a protocol satisfies DPHE, then the output of the protocol also satisfies differential privacy.
Next, we provide a general compiler that transforms a plain CKKS-based protocol into a DPHE one.
We achieve this by mixing the Laplace mechanism and zero-knowledge argument of knowledge (ZKAoK) for CKKS.
This approach allows us to achieve sender’s privacy with a moderate noise, whereas the previous indistinguishability-based approach requires exponentially large overhead.
Finally, we provide a concrete instantiation of ZKAoK for CKKS in the form of PIOP.
To prove the well-formedness of CKKS ciphertexts and public keys, we devise new proof techniques that use homomorphic evaluation during verification.
We also provide an implementation to demonstrate the practicality of our ZKAoK for CKKS by compiling PIOPs using the HSS polynomial commitment scheme (Crypto’24).
ePrint: https://eprint.iacr.org/2025/382
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .