2

On the BFV fully homomorphic scheme, given a polynomial secret key, we can encrypt polynomial plaintexts and generate polynomial ciphertexts.

So, for example, if we have 2 ciphertexts, we can compare them with the less than function, which is 1 if the left polynomial coefficient is less than or equal to the right one, and 0 otherwise. HOWEVER, the result is also an encrypted polynomial, which when decrypted, gives these 0 and 1 numbers.

The question is: how to extract information? How to learn from encrypted data without decrypting it?

Suppose I want to store encrypted latitudes of clients, and learn if they traveled more than 100km in one day. How would I extract such information? I can certainly calculate the difference between the 2 latitudes, but it would be an encrypted difference. Then what?

Paprika
  • 81
  • 5

1 Answers1

1

In general, you cannot learn from ciphertexts without decryption, and this is what we want. The ability to extract small amounts of information combined with a general computational ability will typically break confidentiality completely.

What you do depends on exactly what you want to do and what your setting is.

One approach is the one you allude to in the comments, where one party creates encryptions of (presumably) secret data, the other party applies a (presumably) secret circuit to the ciphertexts, so the the first party can decrypt the results. This is why strong notions of circuit privacy exist.

In other settings, there may be a trusted third party that can decrypt.

If it is possible to distribute the decryption operation, we can replace the trusted third party with a collection of parties that are less trusted.

These are general approaches. There would be more specialised approaches for more specialised situations.

K.G.
  • 4,947
  • 19
  • 34