Let's say I want to perform addition on "small" numbers (if it matters, let's say integers between 1-10K) without decrypting the numbers -- i.e. I have E(A) (the encryption of A in a crypto system under a given key) and E(B) and I want to compute E(A+B) without decrypting A or B.
The state of the art would be to use a homomorphic encryption (like in the Pallier Cryptosystem for addition). However, these are slow by orders of magnitude compared to regular addition and only work for limited operations -- I would need a different crypto system for multiplication, for example. But they do provide well-understood security guarantees in the presence of an adversary who can fully observe the addition operation.
In my case, my threat model is such that while I do want to reduce access to plaintext and the crypto keys, I am not concerned about an adversary accessing the addition operation. So, what if I precompute all 10K x 10K tuples ( E(A), E(B), E(A+B) ), and use them to compute E(A+B)? (Ignore overflow, let's say it's modular arithmetic). I understand this would be very insecure if anyone got a hold of the tuple table, or observed enough additions. None of those are of concern to me. Yes, I need E(A) to be deterministic, which in itself leaks information -- even that is not of concern in my threat model.
My security goal literally is to avoid access to plaintext and keys while still providing operations. Everything else is "someone else's problem"
This seems too obvious and so I'm wondering what I'm missing. If, given my generous assumptions, this works I'm wondering if there is a formal model for this -- what assumptions are essential, what security guarantees I get?
Any help and pointers appreciated.
