{"title":"基于剩余系统的两个同态加密的不安全性研究","authors":"L. Babenko, A. Trepacheva","doi":"10.15622/SP.18.1.230-262","DOIUrl":null,"url":null,"abstract":"The security of two recently proposed symmetric homomorphic encryption schemes based on residue system is analyzed. \nBoth schemes have a high computational efficiency since using residue system naturally allows parallelizing computations. So they could be good candidates to protect the data in clouds. But to the best of our knowledge there is a lack of security analysis for these encryption schemes. \nIt should be noted that the first cryptosystem under our consideration was already considered in literature. \nThe sketch of adaptive chosen-plaintext attack was proposed and estimation of its success was given. \nIn this paper the attack is analyzed and it is shown that in some cases it may work incorrectly. Also more general algorithm of known-plaintext attack is presented. Theoretical estimations of probability to recover the key using it and practical estimations of this probability obtained during the experiments are provided. \nThe security of the second cryptosystem has not been analyzed yet and we fill this gap for known-plaintext attack. The dependency between the number of «plaintext, ciphertext» pairs required to recover the key and parameters of the cryptosystem is analyzed. Also some recommendations for increasing the security level are provided. \nThe final conclusion of our analysis is that both cryptosystems are vulnerable to known-plaintext attack. And it may be dangerous to encrypt private data using them. \nFinally it should be noted that the key element of the proposed attacks is the algorithm of computing the greatest common divisor. So their computational complexity depends polynomially on the size of input data.","PeriodicalId":53447,"journal":{"name":"SPIIRAS Proceedings","volume":"70 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards Unsecurity of Two Homomorphic Encryptions Based on Residue System\",\"authors\":\"L. Babenko, A. Trepacheva\",\"doi\":\"10.15622/SP.18.1.230-262\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security of two recently proposed symmetric homomorphic encryption schemes based on residue system is analyzed. \\nBoth schemes have a high computational efficiency since using residue system naturally allows parallelizing computations. So they could be good candidates to protect the data in clouds. But to the best of our knowledge there is a lack of security analysis for these encryption schemes. \\nIt should be noted that the first cryptosystem under our consideration was already considered in literature. \\nThe sketch of adaptive chosen-plaintext attack was proposed and estimation of its success was given. \\nIn this paper the attack is analyzed and it is shown that in some cases it may work incorrectly. Also more general algorithm of known-plaintext attack is presented. Theoretical estimations of probability to recover the key using it and practical estimations of this probability obtained during the experiments are provided. \\nThe security of the second cryptosystem has not been analyzed yet and we fill this gap for known-plaintext attack. The dependency between the number of «plaintext, ciphertext» pairs required to recover the key and parameters of the cryptosystem is analyzed. Also some recommendations for increasing the security level are provided. \\nThe final conclusion of our analysis is that both cryptosystems are vulnerable to known-plaintext attack. And it may be dangerous to encrypt private data using them. \\nFinally it should be noted that the key element of the proposed attacks is the algorithm of computing the greatest common divisor. So their computational complexity depends polynomially on the size of input data.\",\"PeriodicalId\":53447,\"journal\":{\"name\":\"SPIIRAS Proceedings\",\"volume\":\"70 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-02-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SPIIRAS Proceedings\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.15622/SP.18.1.230-262\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Mathematics\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SPIIRAS Proceedings","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15622/SP.18.1.230-262","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Mathematics","Score":null,"Total":0}
Towards Unsecurity of Two Homomorphic Encryptions Based on Residue System
The security of two recently proposed symmetric homomorphic encryption schemes based on residue system is analyzed.
Both schemes have a high computational efficiency since using residue system naturally allows parallelizing computations. So they could be good candidates to protect the data in clouds. But to the best of our knowledge there is a lack of security analysis for these encryption schemes.
It should be noted that the first cryptosystem under our consideration was already considered in literature.
The sketch of adaptive chosen-plaintext attack was proposed and estimation of its success was given.
In this paper the attack is analyzed and it is shown that in some cases it may work incorrectly. Also more general algorithm of known-plaintext attack is presented. Theoretical estimations of probability to recover the key using it and practical estimations of this probability obtained during the experiments are provided.
The security of the second cryptosystem has not been analyzed yet and we fill this gap for known-plaintext attack. The dependency between the number of «plaintext, ciphertext» pairs required to recover the key and parameters of the cryptosystem is analyzed. Also some recommendations for increasing the security level are provided.
The final conclusion of our analysis is that both cryptosystems are vulnerable to known-plaintext attack. And it may be dangerous to encrypt private data using them.
Finally it should be noted that the key element of the proposed attacks is the algorithm of computing the greatest common divisor. So their computational complexity depends polynomially on the size of input data.
期刊介绍:
The SPIIRAS Proceedings journal publishes scientific, scientific-educational, scientific-popular papers relating to computer science, automation, applied mathematics, interdisciplinary research, as well as information technology, the theoretical foundations of computer science (such as mathematical and related to other scientific disciplines), information security and information protection, decision making and artificial intelligence, mathematical modeling, informatization.