Paper 2016/164
Sanitization of FHE Ciphertexts
Abstract
By definition, fully homomorphic encryption (FHE) schemes support homomorphic decryption, and all known FHE constructions are bootstrapped from a Somewhat Homomorphic Encryption (SHE) scheme via this technique. Additionally, when a public key is provided, ciphertexts are also re-randomizable, e.g., by adding to them fresh encryptions of 0. From those two operations we devise an algorithm to sanitize a ciphertext, by making its distribution canonical. In particular, the distribution of the ciphertext does not depend on the circuit that led to it via homomorphic evaluation, thus providing circuit privacy in the honest-but-curious model. Unlike the previous approach based on noise flooding, our approach does not degrade much the security/efficiency trade-off of the underlying FHE. The technique can be applied to all lattice-based FHE proposed so far, without substantially affecting their concrete parameters.
Note: As pointed out in [SW25/eprint 2025/275], the sanitization definition is incorrect. It should only require correct bootstrapping for honestly generated ciphertexts. The strong definition is neither achieved by the sanitization algorithm, nor required for the application (honest-but curious circuit privacy). The weakened definition is achieved by the algorithm and suffices for the application.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published by the IACR in EUROCRYPT 2016
- Contact author(s)
- damien stehle @ gmail com
- History
- 2025-03-17: revised
- 2016-02-19: received
- See all versions
- Short URL
- https://ia.cr/2016/164
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2016/164,
author = {Léo Ducas and Damien Stehlé},
title = {Sanitization of {FHE} Ciphertexts},
howpublished = {Cryptology {ePrint} Archive, Paper 2016/164},
year = {2016},
url = {https://eprint.iacr.org/2016/164}
}
