|
|
|
|
|
|
by bondarchuk
2208 days ago
|
|
|
>and the ability to encrypt chosen plaintext values Isn't this a big assumption? The way I envision it is 1. client encrypts data with their key 2. server computes on data without decrypting and without needing the key 3. client decrypts computation output with their key. Or is it always required at step 2 that the server also has the key needed for encryption (but not decryption obviously)? |
|
|
The standard resilience criteria for modern multi-purpose encryption suppose that your scheme should be resistant to adaptive chosen-cipher attack. Chosen plaintext is a way weaker attack (the hierarchy being: known plaintext < chosen plaintext < chosen cipher < adaptative chosen cipher).
It may be OK for some situations, but it requires to be much more cautious than with regular crypto (which is already error-prone…).