# Constructions for the IND-CCA1 Secure Fully Homomorphic Encryption

## Abstract

Homomorphic encryption allows a user to receive encrypted data and to perform arbitrary computation on that data without decrypting it. The homomorphic encryption scheme which supports only a bounded number of homomorphic operations is called “somewhat homomorphic encryption”. The scheme which supports arbitrary number of homomorphic operations is called “fully homomorphic encryption”. We need to construct an fully homomorphic encryption scheme which satisfies strong security for practical use to use a homomorphic encryption scheme practically, but essentially, we cannot construct a scheme which satisfies IND-CCA2 security Thus, one of the strongest security notions for homomorphic encryption is IND-CCA1 security. In this paper, we construct an fully homomorphic encryption scheme which satisfies IND-CCA1 security. Our construction has a restriction that our scheme can compute an arbitrary number of operations, but the arity of circuits is bounded. Our construction is based on the leakage-resilient bounded arity fully homomorphic encryption scheme proposed by Berkoff and Liu (TCC 2014). We show that their general construction can work for our construction.

## Keywords

Fully homomorphic encryption Somewhat homomorphic encryption Multi-key IND-CCA1## Notes

### Acknowledgements

The second author was supported by Grant-in-Aid for JSPS Research Fellow and JSPS KAKENHI Grant Number JP16J10322. The third author was supported by Input Output Hong Kong, I-System, Nomura Research Institute, NTT Secure Platform Laboratories, JST OPERA, and JSPS KAKENHI 16H01705.

## References

- 1.A. Berkoff, F.-H. Liu, Leakage resilient fully homomorphic encryption, in
*TCC*. Lecture Notes in Computer Science, vol. 8349 (Springer, Berlin, 2014), pp. 515–539Google Scholar - 2.D. Boneh, R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption. SIAM J. Comput.
**36**(5), 1301–1328 (2007)MathSciNetCrossRefzbMATHGoogle Scholar - 3.Z. Brakerski, R. Perlman, Lattice-based fully dynamic multi-key FHE with short ciphertexts, in
*CRYPTO (1)*. Lecture Notes in Computer Science, vol. 9814 (Springer, Berlin, 2016), pp. 190–213Google Scholar - 4.Z. Brakerski, V. Vaikuntanathan, Efficient fully homomorphic encryption from (standard) LWE, in
*FOCS*(IEEE Computer Society, New Jersey, 2011), pp. 97–106Google Scholar - 5.R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption, in
*EUROCRYPT*. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 207–222Google Scholar - 6.M. Clear, C. McGoldrick, Multi-identity and multi-key leveled FHE from learning with errors, in
*CRYPTO (2)*. Lecture Notes in Computer Science, vol. 9216 (Springer, Berlin, 2015), pp. 630–656Google Scholar - 7.J.-S. Coron, A. Mandal, D. Naccache, M. Tibouchi, Fully homomorphic encryption over the integers with shorter public keys, in
*CRYPTO*. Lecture Notes in Computer Science, vol. 6841 (Springer, Berlin, 2011)Google Scholar - 8.C. Gentry, Fully homomorphic encryption using ideal lattices, in
*STOC*(ACM, 2009), pp. 169–178Google Scholar - 9.C. Gentry, A. Sahai, B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, in
*CRYPTO (1)*. Lecture Notes in Computer Science, vol. 8042 (Springer, Berlin, 2013), pp. 75–92Google Scholar - 10.J. Loftus, A. May, N.P. Smart, F. Vercauteren, On CCA-secure somewhat homomorphic encryption, in
*Selected Areas in Cryptography*. Lecture Notes in Computer Science, vol. 7118 (Springer, Berlin, 2011), pp. 55–72Google Scholar - 11.A. López-Alt, E. Tromer, V. Vaikuntanathan, On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption, in
*STOC*(ACM, 2012), pp. 1219–1234Google Scholar - 12.R.L. Rivest, L. Adleman, M.L. Dertouzos, On data banks and privacy homomorphisms. Found. Secur. Comput.
**4**(11), 169–180 (1978)MathSciNetGoogle Scholar - 13.N.P. Smart, F. Vercauteren, Fully homomorphic encryption with relatively small key and ciphertext sizes, in
*Public Key Cryptography*. Lecture Notes in Computer Science, vol. 6056 (Springer, Berlin, 2010), pp. 420–443Google Scholar