International Association for Cryptologic Research
In this paper, the authors present adaptive key recovery attacks on NTRU-based somewhat homomorphic encryption schemes. Among such schemes, the authors study the proposal by the researcher. Given access to a decryption oracle, the attack allows them to compute the private key for all parameter choices. Such attacks show that one must be very careful about the use of homomorphic encryption in practice. The existence of a key recovery attack means that the scheme is not CCA1-secure.