[franknstein]

This is common misconception. The truth is that in HE every plaintext can be encrypted to (exponentially iirc) many different ciphertexts. During encryption one of those is chosen randomly. This makes dictionary attacks practically impossible.

Edit: HE scheme (lwe) works on individual bits. Meaning there are only two plaintexts (0,1). Each has exponentially many ciphertexts, only one chosen at random. They also share ciphertext space, meaning each ciphertext could be either encrypted zero or one.

[sjducb]

Maybe I'm missing something, but surely a dictionary based attack will work because you have to be able to know that your key has already been submitted by another user. That's the point of the application.

1) Initial report is filed.

2) Second report is filed by a user who only knows the attackers details.

3) Match is found

Therefore you can just keep iterating through names till you get a match.

Another way of saying it is that the application won't work if a second user can't tell that the first user has entered an attackers name.

The vulnerability is in the application specification, not HE.