Since most of our asymmetric encryption algorithms are going to be out-of-date in a couple of year due to Shor's algorithm, I was wondering about the future of FHE schemes. I have found this paper, which states:
"It is impossible to construct secure group homomorphic encryption in the quantum world, if the plain-text and cipher-text spaces form abelian groups."
And I'm asking: are there any candidates which are also quantum resistant?
Actually, most of the primitives that are currently believed to be secure FHE methods would appear to be quantum resistant; a partial list would include Craig Gentry's original scheme based on ideal lattices, BGV (based on ring-LWE), and this NTRU-based approach. All three are based on hard problems that are not susceptible to Shor's algorithm.
There are quantum homomorphic encryption (QHE) schemes with information-theoretic security. While such QHE schemes do not perform arbitrary computations, and indeed, there are no-go results for fully QHE schemes. However, if one is willing to input sufficient resources, one can nonetheless have a sufficiently complex QHE scheme that has information-theoretic security.
Relevant QHE papers with information-theoretic security:
I do believe that none of the existent FHE is actually IND-CCA1 quantum resistant...the black-box group homomorphic proofs should work in the LWE world as well. The ring structure is hard to tackle in this setting, but I conjecture it will be done.
