An RNS variant of fully homomorphic encryption over integers

In 1978, the concept of privacy homomorphism was introduced by Rivest et al. Since then, homomorphic cryptosystems have gathered researchers' attention. Most of the early schemes were either partially homomorphic or not secure. The question then arose: was fully homomorphic encryption (FHE) scheme possible? And if so, would it have a practical worth? About thirty years later, Gentry, in his pioneering work, constructed the first fully homomorphic encryption scheme. The scheme's security was based on worst-case problems over ideal lattices along with a sparse subset-sum problem. A conceptually simpler scheme was proposed in 2010 by Dijk, Gentry, Halevi, and Vaikuntanathan (DGHV). The scheme is over integers instead of ideal lattices, and its security is based on the hardness of the approximate great common divisor problem (A-GCD). Afterward, different techniques were proposed to reduce ciphertext noise growth and to compress the public key size in order to enhance the practicality of FHE. Moreover, Coron et al. proposed and implemented a scale-invariant of the DGHV scheme (SI-DGHV) and a number of optimization techniques including modulus switching (MS). However, FHE over integers is still far from practical. To this end, this work proposes a residue number system (RNS) variant to FHE of SI-DGHV, which is also applicable to the DGHV scheme. The proposed scheme exploits properties of RNS to perform the required operations over relatively small moduli in parallel. The RNS variant enhances the timing of the original scheme. The variant scheme also improves the original scheme's security, since the former relies only on the hardness of the A-GCD problem and eliminates the need for the sparse-subset-sum problem used in the original MS procedure. Moreover, the public key elements that are required for the MS method is slightly reduced in the RNS variant. Finally, our analysis of the RNS variant reveals a different linear relationship between the noise and the multiplication depth

The Giant Flare of 1998 August 27 from SGR 1900+14: II. Radiative Mechanism and Physical Constraints on the Source

(ABBREVIATED) The extraordinary 1998 August 27 giant flare places strong constraints on the physical properties of its source, SGR 1900+14. We make detailed comparisons of the published data with the magnetar model. The giant flare evolved through three stages, whose radiative mechanisms we address in turn. A triggering mechanism is proposed, whereby a helical distortion of the core magnetic field induces large-scale fracturing in the crust and a twisting deformation of the crust and exterior magnetic field. The envelope of the pulsating tail of the August 27 flare can be accurately fit, after ~40 s, by the contracting surface of a relativistically hot, but inhomogeneous, trapped fireball. We quantify the effects of direct neutrino-pair emission, thereby deducing a lower bound ~ 10^{32} G-cm^3 to the magnetic moment of the confining field. The radiative flux during the intermediate ~40 s of the burst appears to exceed the trapped fireball fit. The spectrum and lightcurve of this smooth tail are consistent with heating in an extended pair corona, possibly powered by continuing seismic activity in the star. We consider in detail the critical luminosity, below which a stable balance can be maintained between heating and radiative cooling in a confined, magnetized pair plasma; but above which the confined plasma runs away to local thermodynamic equilibrium. In the later pulsating tail, the best fit temperature equilibrates at a value which agrees well with the regulating effect of photon splitting. The remarkable four-peaked substructure within each 5.16-s pulse provides strong evidence for the presence of higher magnetic multipoles in SGR 1900+14. The corresponding collimation of the X-ray flux is related to radiative transport in a super-QED magnetic field.Comment: 11 July 2001, accepted for publication in the Astrophysical Journa

Vers une arithmétique efficace pour le chiffrement homomorphe basé sur le Ring-LWE

Fully homomorphic encryption is a kind of encryption offering the ability to manipulate encrypted data directly through their ciphertexts. In this way it is possible to process sensitive data without having to decrypt them beforehand, ensuring therefore the datas' confidentiality. At the numeric and cloud computing era this kind of encryption has the potential to considerably enhance privacy protection. However, because of its recent discovery by Gentry in 2009, we do not have enough hindsight about it yet. Therefore several uncertainties remain, in particular concerning its security and efficiency in practice, and should be clarified before an eventual widespread use. This thesis deals with this issue and focus on performance enhancement of this kind of encryption in practice. In this perspective we have been interested in the optimization of the arithmetic used by these schemes, either the arithmetic underlying the Ring Learning With Errors problem on which the security of these schemes is based on, or the arithmetic specific to the computations required by the procedures of some of these schemes. We have also considered the optimization of the computations required by some specific applications of homomorphic encryption, and in particular for the classification of private data, and we propose methods and innovative technics in order to perform these computations efficiently. We illustrate the efficiency of our different methods through different software implementations and comparisons to the related art.Le chiffrement totalement homomorphe est un type de chiffrement qui permet de manipuler directement des données chiffrées. De cette manière, il est possible de traiter des données sensibles sans avoir à les déchiffrer au préalable, permettant ainsi de préserver la confidentialité des données traitées. À l'époque du numérique à outrance et du "cloud computing" ce genre de chiffrement a le potentiel pour impacter considérablement la protection de la vie privée. Cependant, du fait de sa découverte récente par Gentry en 2009, nous manquons encore de recul à son propos. C'est pourquoi de nombreuses incertitudes demeurent, notamment concernant sa sécurité et son efficacité en pratique, et devront être éclaircies avant une éventuelle utilisation à large échelle.Cette thèse s'inscrit dans cette problématique et se concentre sur l'amélioration des performances de ce genre de chiffrement en pratique. Pour cela nous nous sommes intéressés à l'optimisation de l'arithmétique utilisée par ces schémas, qu'elle soit sous-jacente au problème du "Ring-Learning With Errors" sur lequel la sécurité des schémas considérés est basée, ou bien spécifique aux procédures de calculs requises par certains de ces schémas. Nous considérons également l'optimisation des calculs nécessaires à certaines applications possibles du chiffrement homomorphe, et en particulier la classification de données privées, de sorte à proposer des techniques de calculs innovantes ainsi que des méthodes pour effectuer ces calculs de manière efficace. L'efficacité de nos différentes méthodes est illustrée à travers des implémentations logicielles et des comparaisons aux techniques de l'état de l'art

SoK: Fully Homomorphic Encryption Accelerators

Fully Homomorphic Encryption~(FHE) is a key technology enabling privacy-preserving computing. However, the fundamental challenge of FHE is its inefficiency, due primarily to the underlying polynomial computations with high computation complexity and extremely time-consuming ciphertext maintenance operations. To tackle this challenge, various FHE accelerators have recently been proposed by both research and industrial communities. This paper takes the first initiative to conduct a systematic study on the 14 FHE accelerators -- cuHE/cuFHE, nuFHE, HEAT, HEAX, HEXL, HEXL-FPGA, 100$\times$, F1, CraterLake, BTS, ARK, Poseidon, FAB and TensorFHE. We first make our observations on the evolution trajectory of these existing FHE accelerators to establish a qualitative connection between them. Then, we perform testbed evaluations of representative open-source FHE accelerators to provide a quantitative comparison on them. Finally, with the insights learned from both qualitative and quantitative studies, we discuss potential directions to inform the future design and implementation for FHE accelerators

NeuJeans: Private Neural Network Inference with Joint Optimization of Convolution and Bootstrapping

Fully homomorphic encryption (FHE) is a promising cryptographic primitive for realizing private neural network inference (PI) services by allowing a client to fully offload the inference task to a cloud server while keeping the client data oblivious to the server. This work proposes NeuJeans, an FHE-based solution for the PI of deep convolutional neural networks (CNNs). NeuJeans tackles the critical problem of the enormous computational cost for the FHE evaluation of convolutional layers (conv2d), mainly due to the high cost of data reordering and bootstrapping. We first propose an encoding method introducing nested structures inside encoded vectors for FHE, which enables us to develop efficient conv2d algorithms with reduced data reordering costs. However, the new encoding method also introduces additional computations for conversion between encoding methods, which could negate its advantages. We discover that fusing conv2d with bootstrapping eliminates such computations while reducing the cost of bootstrapping. Then, we devise optimized execution flows for various types of conv2d and apply them to end-to-end implementation of CNNs. NeuJeans accelerates the performance of conv2d by up to 5.68 times compared to state-of-the-art FHE-based PI work and performs the PI of a CNN at the scale of ImageNet (ResNet18) within a mere few secondsComment: 16 pages, 9 figure