Ind-cpa-d insecurity of approximate and exact homomorphic encryption schemes

Fully Homomorphic Encryption enables the evaluation of arbitrary circuits over encrypted data while maintaining the confidentiality of the underlying messages. It greatly enhances functionality but also comes with security challenges for some applications like Threshold FHE. While the standard IND-CPA security is sufficient against honest but curious adversaries, a stronger security notion called IND-CPA-D is required when the adversary can learn some decryption of ciphertexts obtained through honest encryptions and homomorphic evaluations. We present how such non-malicious adversary can recover the secret key of some popular exact and approximate FHE schemes, discuss mitigation strategies for such attacks and explore the close relationship between IND-CPA-D security and correctness. We successfully experimented our key-recovery-D attacks using the public API of libraries such as TFHE-rs and OpenFHE for ind-cpa secure parameters and demonstrate how to attack Threshold FHE schemes like Noah’s Ark.