|
|
|
|
|
|
by blincoln
2170 days ago
|
|
|
Are there any existing FHE algorithms with that property, or is it just a theoretical goal for the field? Every time I've heard FHE mentioned, I've had the same "this sounds like it has all the problems of ECB mode plus some new ones" reaction. This article (like all of the ones I've read) doesn't seem to cover how what you're describing would be achieved. What is the input to the algorithm that makes two identical cleartexts encrypt to different ciphertexts? In a traditional block cipher, it would be an IV or a "confounder", but IVs are included with the ciphertext, so I'm assuming it's more like a "confounder". If an FHE algorithm that exists today has this property, how does essentially randomizing the ciphertext not break the ability to perform calculations on it? It seems like whatever does the randomizing would need to be known to all parties in order to take it into account, and so anyone could factor it out in some way to get back to ciphertexts that are identical for identical cleartexts. |
|
|
If you want to see how this works on a bit more technical level, look at the ElGamal cryptosystem [1]. It is in fact partially homomorphic (you can add ciphertexts, but cannot multiply), and it's probably the easiest to understand system with this property.
https://en.wikipedia.org/wiki/ElGamal_encryption