Paper 2025/2005

Reactive Correctness, sINDCPA-D-Security and Deterministic Evaluation for TFHE

Nigel Smart, KU Leuven, Zama
Michael Walter
Abstract

We examine the relationship between correctness definitions for Fully Homomorphic Encryption (FHE) and the associated security definitions. We show that reactive notions of correctness imply INDCPA-D and sINDCPA-D security. But that to obtain both INDCPA-D and sINDCPA-D security we need to use a randomized version of the evaluation procedure. Such randomized evaluation procedures cause problems in real life deployments of FHE solutions, so we then go on to show how one can de-randomize the evaluation procedure and still obtain sINDCPA-D security in the random oracle model for the specific FHE scheme of TFHE.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Homomorphic Encryption
Contact author(s)
nigel @ zama ai
michael walter @ zama ai
History
2025-10-30: approved
2025-10-27: received
See all versions
Short URL
https://ia.cr/2025/2005
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/2005,
      author = {Nigel Smart and Michael Walter},
      title = {Reactive Correctness, {sINDCPA}-D-Security and Deterministic Evaluation for {TFHE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/2005},
      year = {2025},
      url = {https://eprint.iacr.org/2025/2005}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.