[aildours]

As KenoFischer says, they are not the same ciphertext, even if we consider a non homomorphic encryption system. Enc is basically a random algorithm, and we need it to return different ciphertexts for the same plaintext, otherwise it would be easy to break - if I know Enc(1) and the scheme is additive, then I'd know Enc(n) for all n...

[blincoln]

Are there any existing FHE algorithms with that property, or is it just a theoretical goal for the field?

Every time I've heard FHE mentioned, I've had the same "this sounds like it has all the problems of ECB mode plus some new ones" reaction. This article (like all of the ones I've read) doesn't seem to cover how what you're describing would be achieved.

What is the input to the algorithm that makes two identical cleartexts encrypt to different ciphertexts? In a traditional block cipher, it would be an IV or a "confounder", but IVs are included with the ciphertext, so I'm assuming it's more like a "confounder".

If an FHE algorithm that exists today has this property, how does essentially randomizing the ciphertext not break the ability to perform calculations on it? It seems like whatever does the randomizing would need to be known to all parties in order to take it into account, and so anyone could factor it out in some way to get back to ciphertexts that are identical for identical cleartexts.

[y7]

Yes, all existing FHE schemes have this property (called semantic security). The encryption algorithm is a randomized algorithm, which takes the plaintext and a random value as input (just like an IV). Note that we're talking about public-key crypto here, which is a different primitive from the symmetric crypto you're thinking of. Each key is actually a key pair consisting of a secret key and a public key. Such cryptosystems are based on some mathematical trapdoor: only with the secret key are you able to "undo" the randomization and learn the plaintext. It therefore doesn't matter if you want to undo the randomization on a direct encryption of a plaintext, or whether the ciphertext is the sum of several ciphertexts.

If you want to see how this works on a bit more technical level, look at the ElGamal cryptosystem [1]. It is in fact partially homomorphic (you can add ciphertexts, but cannot multiply), and it's probably the easiest to understand system with this property.

https://en.wikipedia.org/wiki/ElGamal_encryption

[bawolff]

The article includes semantic security in the definition of FHE, so i would assume this implies that all the existing FHE scheme have this property.