Attacks Against the IND-CPAD Security of Exact FHE Schemes

A recent security model for fully homomorphic encryption (FHE), called IND-CPAD security and introduced by Li and Micciancio [Eurocrypt'21], strengthens IND-CPA security by giving the attacker access to a decryption oracle for ciphertexts for which it should know the underlying plaintexts. This includes ciphertexts that it (honestly) encrypted and those obtained from the latter by evaluating circuits that it chose. Li and Micciancio singled out the CKKS FHE scheme for approximate data [Asiacrypt'17] by giving an IND-CPAD attack on it and claiming that IND-CPA security and IND-CPAD security coincide for exact FHE schemes.