swanhong
commented
3 years ago Of course, it can be decrypted easily if you encrypt m in a such way. In fact, the public key is multiplied by a polynomial v from ZO(0.5). So, the ciphertext forms v * (b, a) + (m, 0) + (e1, e2). Page 11 of the paper can help you more.
Hello, I'm a person who studies Homomorphic Encryption.
I have a question about the public key. If I assume pk=(b,a) in R^2_q and and a plaintext m from your paper, isn't it possible to decrypt (m+b,a) by simply extracting (b,a) from (m+b,a) ? I guess there exists an additive inverse(-b,-a) for each public key in the polynomial ring space. Is there any misunderstanding in my idea..?
Thank you for your reply in advance.