CCA1
Chosen Ciphertext Attack 1
Non-adaptive chosen ciphertext attack where the adversary has access to a decryption oracle only before the challenge ciphertext is published.
Pre-challenge decryption oracle FHE-compatible
Security Notions Zoo
A taxonomy of cryptographic security notions, focusing on Fully Homomorphic Encryption (FHE).
Because most FHE constructions rely on lattices, interesting things happen due to ciphertext malleability and inherent noise. This has led to the definition of a wide variety of specialized attacks and security notions. The relationship map below illustrates this landscape of alternative security definitions tailored for FHE. Directed arrows indicate theoretical implications (A → B means A implies B, i.e. that A is (usually) a strictly stronger notion than B). Click on any notion in the graph or the list below for more information.
For more information on the different game variations, see the flavors page, which describes the differences between security games such as IND, KR, and others for the same security notion. If you are new to provable security, the security primer introduces the core vocabulary: PPT adversaries, negligible functions, game-based definitions, reductions, and hybrid arguments.
Relation Map
All Notions (16)
View Detailed List →CCA1.5
Adaptive Chosen Ciphertext Decryption/Verification Attack
Strengthens CCA1 with a post-challenge ciphertext verification oracle; strictly between CCA1 and CCA2, and strictly stronger than CCVA2.
Pre-challenge decryption oracle Post-challenge verification oracle FHE-compatible
CCA2
Chosen Ciphertext Attack 2
Adaptive chosen ciphertext attack where the adversary has access to a decryption oracle both before and after the challenge ciphertext is published.
Full adaptive decryption oracle FHE-incompatible
CCVA1
Chosen Ciphertext Verification Attack 1
CPA extended with a pre-challenge ciphertext verification oracle; equivalent to CPA for full-domain schemes, strictly stronger when invalid ciphertexts exist.
Pre-challenge verification oracle FHE-compatible
CCVA2
Chosen Ciphertext Verification Attack 2
CPA plus a ciphertext verification oracle in both phases; strictly between CCVA1 and CCA2, and not trivially implied by CCA1.
Adaptive verification oracle FHE-compatible
CPA
Chosen Plaintext Attack
Passive security notion where the adversary can only query an encryption oracle.
No decryption oracle FHE-compatible
CPAD
Chosen Plaintext Attack with Decryption
Passive security notion extending CPA with a constrained decryption oracle restricted to legitimate ciphertexts.
Constrained decryption oracle FHE-compatible Noise Probing
funcCPA
Functional Chosen Plaintext Attack
Extends CPA with a re-encryption oracle modeling interactive bootstrapping delegation; strictly stronger than CPA.
Re-encryption oracle FHE-compatible
gCCA
Generalized Chosen Ciphertext Attack
Slight CCA2 relaxation: the decryption oracle refuses any ciphertext related to the challenge by an efficient decryption-respecting equivalence relation.
Filtered adaptive decryption oracle FHE-incompatible
HCCA
Homomorphic Chosen Ciphertext Attack
CCA notion for univariate homomorphic schemes using a rigged-ciphertext game structure instead of two-plaintext challenges; generalizes IND-CCA, gCCA, and RCCA.
Filtered adaptive decryption oracle FHE-compatible Univariate only
IV-CCA
Input-Verifiable Chosen Ciphertext Attack
CCA notion between CCA1 and vCCA using explicit input verification instead of SNARKs; achievable from LWE without non-falsifiable assumptions.
Filtered adaptive decryption oracle FHE-compatible
RCCA
Replayable Chosen Ciphertext Attack
Relaxation of CCA2 where the decryption oracle refuses any ciphertext decrypting to either challenge plaintext, not just the exact challenge ciphertext.
Filtered adaptive decryption oracle FHE-incompatible
SA
Semi-Active Security
CPAD-style FHE notion: CPA plus a decryption oracle accepting adversary-supplied ciphertexts together with a declared derivation from encryption-oracle inputs.
Constrained decryption oracle FHE-compatible
sCPAD
Strong Chosen Plaintext Attack with Decryption
Passive security notion strengthening CPAD by granting the adversary control over encryption randomness for non-challenge ciphertexts.
Constrained decryption oracle FHE-compatible Noise Probing
vCCA
Verifiable Chosen Ciphertext Attack
CCA2 relaxation for FHE using a SNARK-based extractor to filter post-challenge decryption queries derived from the challenge ciphertext.
Filtered adaptive decryption oracle FHE-compatible SNARK-based
vCCAD
Verifiable Chosen Ciphertext Attack with Decryption
Strengthens vCCA to cover approximate FHE by combining semantic malleability filtering with CPAD-style noise-leakage protection.
Filtered adaptive decryption oracle FHE-compatible SNARK-based Noise Probing