Comment by _verandaguy

Comment by _verandaguy 3 days ago

3 replies

View on Hacker News

I'm not an expert in homomorphic encryption by any stretch (and I'm arguably the target audience for this blog post — a curious novice), but there's one thing I don't quite get from this post.

In the "appeal to cryptographers" section (which I really look forward to being fulfilled by someone, hopefully soon!), HE is equated to post-quantum cryptography. As far as I know, most current post-quantum encryption focuses on the elimination of Diffie-Hellman schemes (both over finite fields and over elliptic curves) since those are vulnerable to Shor's algorithm.

However, it's clear from the code samples later in the post (and not explained in the text, afaict) that a public key gets used to re-encrypt the resultant value of a homomorphic add or multiply.

Is this a case of false equivalence (in the sense that HE != post-quantum), or is it more the case that there's some new asymmetric cryptography scheme that's not vulnerable to Shor's?

j2kun 3 days ago

All modern HE schemes rely on post-quantum crypto. For example, the ring-LWE problem used by BFV is the same as Kyber (ML-KEM) but with different parameters.

The twist in FHE is that the server also has an encryption of the user's secret key, which adds an assumption called "circular security", and that's needed to do some homomorphic operations like key switching.

Reply View 2 replies
  • _verandaguy 3 days ago

    Right on, thanks for the explanation!

    So what gets called the "public key" in the blog post is just the (self?-)encrypted secret key from the user?

    I'll read up on your other points after work -- appreciate the search ledes :)

    Reply View 1 reply
    • j2kun 3 days ago

      The public key is also just like a normal public key, but the encrypted secret key is often called an evaluation key or a key switching key, or some other names. (It's also public in the security sense)

      Reply View 0 replies