Verifiable Homomorphic Encryption (VHE) is a cryptographic technique that integrates Homomorphic Encryption (HE) with Verifiable Computation (VC). It serves as a crucial technology for ensuring both privacy and integrity in outsourced computation, where a client sends input ciphertexts ct and a function f to a server and verifies the correctness of the evaluation upon receiving the evaluation result f(ct) from the server. At CCS, Chatel et al. introduced two lightweight VHE schemes: Replication Encoding (REP) and Polynomial Encoding (PE). A similar approach to REP was used by Albrecht et al. in Eurocrypt to develop a Verifiable Oblivious PRF scheme (vADDG). A key approach in these schemes is to embed specific secret information within HE ciphertexts to verify homomorphic evaluations. This paper presents efficient attacks that exploit the homomorphic properties of encryption schemes. The one strategy is to retrieve the secret information in encrypted state from the input ciphertexts and then leverage it to modify the resulting ciphertext without being detected by the verification algorithm. The other is to exploit the secret embedding structure to modify the evaluation function f into f' which works well on input values for verification purposes. Our forgery attack on vADDG demonstrates that the proposed 80-bit security parameters in fact offer less than 10-bits of concrete security. Our attack on REP and PE achieves a probability 1 attack with linear time complexity when using fully homomorphic encryption.

翻译：可验证同态加密（VHE）是一种将同态加密（HE）与可验证计算（VC）相结合的技术。在外包计算中，客户端向服务器发送输入密文ct和函数f，并在收到服务器的计算结果f(ct)后验证其正确性，VHE是确保隐私性和完整性的关键技术。在CCS会议上，Chatel等人提出了两种轻量级VHE方案：复制编码（REP）和多项式编码（PE）。Albrecht等人在Eurocrypt上采用类似REP的方法构建了可验证不经意伪随机函数方案（vADDG）。这些方案的一个核心思路是在HE密文中嵌入特定的秘密信息以验证同态计算。本文提出了利用加密方案同态性质的高效攻击方法。一种策略是从输入密文中提取加密状态下的秘密信息，并利用其修改结果密文而不被验证算法检测；另一种是利用秘密嵌入结构将计算函数f篡改为f'，使其在验证所需的输入值上有效工作。我们对vADDG的伪造攻击表明，其提出的80比特安全参数实际提供的具体安全性低于10比特。在使用全同态加密时，我们对REP和PE的攻击在线性时间复杂度下实现了概率为1的成功攻击。