Plaintext recovery attacks against linearly decryptable fully homomorphic encryption schemes

Homomorphic encryption primitives have the potential to be the main enabler of privacy preserving computation delegation to cloud environments. One of the strategies which has been explored to reduce their significant computational overhead with respect to cleartext computation is the one of the so-called noise-free homomorphic encryption schemes. In this work, we present an attack against fully homomorphic encryption primitives where a distinguisher for a single plaintext value exists. As our case studies, we employ two noise-free homomorphic encryption schemes where such a property holds, providing detailed attack procedure against them. We validate the effectiveness and performance of our attacks on prototype implementations of the said schemes, and suggest a countermeasure tailored to the schemes at hand.