International Association
for Cryptologic Research

Fully homomorphic encryption (FHE) is a form of public-key encryption that

enables arbitrary computation over encrypted data.

The past few years have seen several realizations of

FHE under different assumptions, and FHE has been used as a building block in many cryptographic

applications.

\\emph{Adaptive security} for public-key encryption schemes is an important security notion that was proposed

by Canetti et al.\\ over 15 years ago. It is intended to ensure security when encryption is used within an

interactive protocol, and parties may be \\emph{adaptively} corrupted by an adversary

during the course of the protocol execution. Due to the extensive applications of FHE to protocol design, it is natural

to understand whether adaptively secure FHE is achievable.

In this paper we show two contrasting results in this direction. First, we show that adaptive security

is \\emph{impossible} for FHE satisfying the (standard) \\emph{compactness} requirement. On the other hand,

we show a construction of adaptively secure FHE that is not compact, but which does achieve circuit privacy.