Isomorphic encryption or homomorphic encryption?

Question

Many encryption functions are said to be homomorphic:

http://en.wikipedia.org/wiki/Homomorphic_encryption

As encryption functions are invertible, they can be considered one-to-one and onto on properly defined domains and ranges.

So, my basic question is why we don't use the term "isomorphic encryption" rather than "homomorphic encryption"?

Answer 1

First, consider the definition of group isomorphism:

Given two groups $(G, \otimes)$ and $(H, \odot)$, a group isomorphism from $(G, \otimes)$ to $(H, \odot)$ is a bijective function $f : G \to H$ such that for all $u$ and $v$ in $G$ it holds that $f(u \otimes v) = f(u) \odot f(v)$.

Now, consider a homomorphic encryption such as ElGamal cryptosystem: It takes a message from a cyclic group $G$, and outputs a pair $(c_1, c_2) \in G^2$. That is, $\mathcal{E} \colon G \to G^2$.

Notice that under this definition, $\mathcal{E}$ is not a bijection from the message space $G$ to the ciphertext space $G^2$. However, the decryption of ElGamal is unique.

Answer 2

Homomorphic Encryption does not necessarily mean that the encryption function is a group homomorphism.

Let $E: M \rightarrow C$ be the encryption function where $M$ and $C$ are the plaintext and ciphertext space respectively. Now $E$ is said to be homomorphic if $E(m_1 * m_2)=E(m_1)\cdot E(m_2)$, where $*$ and $\cdot$ are binray operations on $M$ and $C$ respectively. However, $M$ and $C$ are not necessarily possessing an algebraic structure like groups, rings etc. Thus, even though the encryption function $E$ is invertible, the question of isomorphism does not arise.