mirrors/lattigo
1
0
Fork 0
mirror of https://github.com/tuneinsight/lattigo.git synced 2025-09-13 03:27:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: fix broken latex

Browse Source
This commit is contained in:
lehugueni
2025-02-25 14:45:11 +01:00
parent 8f31cca540
commit be2286757b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY.md
View File

@@ -60,6 +60,6 @@ It is important to clarify that, for many applications, IND-CPA is sufficient.Th
Fully Homomorphic Encryption (FHE) ciphertexts are malleable by design. This malleability, when combined with vulnerabilities such as circular security and decision-to-search attacks, can result in trivial key-recovery reaction attacks. This implies that FHE schemes are **not** secure against chosen ciphertext attacks (CCA security). Many intermediate security notions between IND-CPA and IND-CCA exist; an extensive summary can be found in the work of [Canard et al.](https://eprint.iacr.org/2024/812).
# Circuit Privacy
As discussed above, the FHE schemes proposed in Lattigo guarantee some notion of confidentiality (e.g. IND-CPA) but they do not necessarily hide information about the underlying computation. In other words, they do not provide **circuit privacy**. More precisely, schemes like CKKS and BFV/BGV leak information on the computation performed because the homomorphic operations introduce some structure in the ciphertext. Then, an adversary with knowledge of ciphertexts can infer details about the circuit (e.g. its depth, the type of operations, constants…). For instance, given a ciphertext ct$_1$ and its transformed version ct$_2$ after a homomorphic multiplication by a constant $C$, an adversary can deduce $C$.
As discussed above, the FHE schemes proposed in Lattigo guarantee some notion of confidentiality (e.g. IND-CPA) but they do not necessarily hide information about the underlying computation. In other words, they do not provide **circuit privacy**. More precisely, schemes like CKKS and BFV/BGV leak information on the computation performed because the homomorphic operations introduce some structure in the ciphertext. Then, an adversary with knowledge of ciphertexts can infer details about the circuit (e.g. its depth, the type of operations, constants…). For instance, given a ciphertext $\text{ct}_1$ and its transformed version $\text{ct}_2$ after a homomorphic multiplication by a constant $C$, an adversary can deduce $C$.
Circuit privacy usually requires techniques such as noise flooding or rerandomization, which in turn implies a significant loss in performance.