Chin Ho Lee

Limits of Provable Security for Homomorphic Encryption

We show that public-key bit encryption schemes which support weak (i.e., compact) homomorphic evaluation of any sufficiently “sensitive” collection of functions cannot be proved message indistinguishable beyond AM ∩ coAM via general (adaptive) reductions, and beyond statistical zero-knowledge via reductions of constant query complexity. Examples of sensitive collections include parities, majorities, and the class consisting of all AND and OR functions.

Homomorphic Evaluation Requires Depth

We show that homomorphic evaluation of any non-trivial functionality of sufficiently many inputs with respect to any CPA secure homomorphic encryption scheme cannot be implemented by circuits of polynomial size and constant depth, i.e., in the class

Bounded Independence vs. Moduli

\mathrm {AC}^0

Some limitations of the sum of small-bias distributions.

. In contrast, we observe that there exist ordinary public-key encryption schemes of quasipolynomial security in

On the depth complexity of homomorphic encryption schemes.

\mathrm {AC}^0

The coin problem for product tests.

assuming noisy parities are exponentially hard to learn. We view this as evidence that homomorphic evaluation is inherently more complex than basic operations in encryption schemes.