Efficient Computation and FPGA implementation of Fully Homomorphic Encryption with Cloud Computing Significance

Homomorphic Encryption provides unique security solution for cloud computing. It ensures not only that data in cloud have confidentiality but also that data processing by cloud server does not compromise data privacy. The Fully Homomorphic Encryption (FHE) scheme proposed by Lopez-Alt, Tromer, and Vaikuntanathan (LTV), also known as NTRU(Nth degree truncated polynomial ring) based method, is considered one of the most important FHE methods suitable for practical implementation. In this thesis, an efficient algorithm and architecture for LTV Fully Homomorphic Encryption is proposed. Conventional linear feedback shift register (LFSR) structure is expanded and modified for performing the truncated polynomial ring multiplication in LTV scheme in parallel. Novel and efficient modular multiplier, modular adder and modular subtractor are proposed to support high speed processing of LFSR operations. In addition, a family of special moduli are selected for high speed computation of modular operations. Though the area keeps the complexity of O(Nn^2) with no advantage in circuit level. The proposed architecture effectively reduces the time complexity from O(N log N) to linear time, O(N), compared to the best existing works. An FPGA implementation of the proposed architecture for LTV FHE is achieved and demonstrated. An elaborate comparison of the existing methods and the proposed work is presented, which shows the proposed work gains significant speed up over existing works

On Multivariate Algorithms of Digital Signatures on Secure El Gamal Type Mode.

The intersection of Non-commutative and Multivariate cryptography contains studies of cryptographic applications of subsemigroups and subgroups of affine Cremona semigroups defined over finite commutative ring K with the unit. We consider special subsemigroups (platforms) in a semigroup of all endomorphisms of K[x_1, x_2, …, x_n]. Efficiently computed homomorphisms between such platforms can be used in Post Quantum key exchange protocols when correspondents elaborate common transformation of (K*)^n. The security of these schemes is based on a complexity of decomposition problem for an element of a semigroup into a product of given generators. We suggest three such protocols (with a group and with two semigroups as platforms) for their usage with multivariate digital signatures systems. The usage of protocols allows to convert public maps of these systems into private mode, i.e. one correspondent uses the collision map for safe transfer of selected multivariate rule to his/her partner. The ‘’ privatisation’’ of former publicly given map allows the usage of digital signature system for which some of cryptanalytic instruments were found ( estimation of different attacks on rainbow oil and vinegar system, cryptanalytic studies LUOV) with the essentially smaller size of hashed messages. Transition of basic multivariate map to safe El Gamal type mode does not allow the usage of cryptanalytic algorithms for already broken Imai - Matsumoto cryptosystem or Original Oil and Vinegar signature schemes proposed by J.Patarin. So even broken digital signatures schemes can be used in the combination with protocol execution during some restricted ‘’trust interval’’ of polynomial size. Minimal trust interval can be chosen as a dimension n of the space of hashed messages, i. e. transported safely multivariate map has to be used at most n times. Before the end of this interval correspondents have to start the session of multivariate protocol with modified multivariate map. The security of such algorithms rests not on properties of quadratic multivariate maps but on the security of the protocol for the map delivery and corresponding NP hard problem

Tamper-Resistant Arithmetic for Public-Key Cryptography

Cryptographic hardware has found many uses in many ubiquitous and pervasive security devices with a small form factor, e.g. SIM cards, smart cards, electronic security tokens, and soon even RFIDs. With applications in banking, telecommunication, healthcare, e-commerce and entertainment, these devices use cryptography to provide security services like authentication, identification and confidentiality to the user. However, the widespread adoption of these devices into the mass market, and the lack of a physical security perimeter have increased the risk of theft, reverse engineering, and cloning. Despite the use of strong cryptographic algorithms, these devices often succumb to powerful side-channel attacks. These attacks provide a motivated third party with access to the inner workings of the device and therefore the opportunity to circumvent the protection of the cryptographic envelope. Apart from passive side-channel analysis, which has been the subject of intense research for over a decade, active tampering attacks like fault analysis have recently gained increased attention from the academic and industrial research community. In this dissertation we address the question of how to protect cryptographic devices against this kind of attacks. More specifically, we focus our attention on public key algorithms like elliptic curve cryptography and their underlying arithmetic structure. In our research we address challenges such as the cost of implementation, the level of protection, and the error model in an adversarial situation. The approaches that we investigated all apply concepts from coding theory, in particular the theory of cyclic codes. This seems intuitive, since both public key cryptography and cyclic codes share finite field arithmetic as a common foundation. The major contributions of our research are (a) a generalization of cyclic codes that allow embedding of finite fields into redundant rings under a ring homomorphism, (b) a new family of non-linear arithmetic residue codes with very high error detection probability, (c) a set of new low-cost arithmetic primitives for optimal extension field arithmetic based on robust codes, and (d) design techniques for tamper resilient finite state machines

On Noncommutative Cryptography and homomorphism of stable cubical multivariate transformation groups of infinite dimensional affine spaces

Noncommutative cryptography is based on applications of algebraic structures like noncommutative groups, semigroups and non-commutative rings. Its inter-section with Multivariate cryptography contains studies of cryptographic applications of subsemigroups and subgroups of affine Cremona semigroups defined overfinite commutative rings. Efficiently computed homomorphisms between stable subsemigroups of affine Cremona semigroups can be used in tame homomorphisms protocols schemes and their inverse versions. The implementation scheme with the sequence of subgroups of affine Cremona group, which defines projective limit was already suggested. We present the implementation of other scheme which uses two projective limits which define two different infinite groups and the homomorphism between them. The security of corresponding algorithm is based on a complexity of decomposition problem for an element of affine Cremona semigroup into product of given generators. These algorithms may be used in postquantum technologies

Ring-LWE: Enhanced Foundations and Applications

Ring Learning With Errors assumption has become an important building block in many modern cryptographic applications, such as (fully) homomorphic encryption and post-quantum cryptosystems like the recently announced NIST CRYSTALS-Kyber public key encryption scheme. In this thesis, we provide an enhanced security foundation for Ring-LWE based cryptosystems and demonstrate their practical potential in real world applications. Enhanced Foundation. We extend the known pseudorandomness of Ring-LWE to be based on ideal lattices of non Dedekind domains. In earlier works of Lyubashevsky, Perkert and Regev (EUROCRYPT 2010), and Peikert, Regev and Stephens-Davidowitz (STOC 2017), the hardness of RLWE was established on ideal lattices of ring of integers of number fields, which are known to be Dedekind domains. These works extended Regev's (STOC 2005) quantum polynomial-time reduction for LWE, thus allowing more efficient and more structured cryptosystems. However, the additional algebraic structure of ideals of Dedekind domains leaves open the possibility that such ideal lattices are not as hard as general lattices. We show that, the Ring-LWE hardness can be based on the polynomial ring, which is potentially be a strict sub-ring of the ring of integers of a number field, and hence not be a Dedekind domain. We present a novel proof technique that builds an algebraic theory for general such rings that also include cyclotomic rings. We also recommend a ``twisted'' cyclotomic field as an alternative for the cyclotomic field used in CRYSTALS-Kyber, as it leads to a more efficient implementation and is based on hardness of ideals in a non Dedekind domain. We leverages the polynomial nature of Ring-LWE, and introduce XSPIR, a new symmetrically private information retrieval (SPIR) protocol, which provides a stronger security guarantee than existing efficient PIR protocols. Like other PIR protocol, XSPIR allows a client to retrieve a specific entry from a server's database without revealing which entry is retrieved. Moreover, the semi-honest client learns no additional information about the database except for the retrieved entry. We demonstrate through analyses and experiments that XSPIR has only a slight overhead compared to state-of-the-art PIR protocols, and provides a stronger security guarantee while enabling the client to perform more complicated queries than simple retrievals

Secure Quantized Training for Deep Learning

We have implemented training of neural networks in secure multi-party computation (MPC) using quantization commonly used in the said setting. To the best of our knowledge, we are the first to present an MNIST classifier purely trained in MPC that comes within 0.2 percent of the accuracy of the same convolutional neural network trained via plaintext computation. More concretely, we have trained a network with two convolution and two dense layers to 99.2% accuracy in 25 epochs. This took 3.5 hours in our MPC implementation (under one hour for 99% accuracy).Comment: 17 page

Analysis and Applications of Two Group-Theoretic Problems in Post-Quantum Cryptography

This thesis makes significant contributions to the analysis of two computational problems arising from a cryptosystem in group-based, post-quantum cryptography, and proposes a novel application of the underlying mathematical structure. After an introductory Chapter 1 setting the historical context in which our research appears, Chapter 2 begins by introducing Semidirect Product Key Exchange (SDPKE), a generalisation of the famous Diffie-Hellman Key Exchange. Various cryptosystems are discussed in this framework and their respective cryptanalyses are systematised and interpreted as analysis of the complexity of a computational problem called the Semidirect Computational Diffie-Hellman problem. We also augment some of this analysis with our own results, and fill out technical gaps implicit in the literature. SDPKE also naturally gives rise to an analogue of the Discrete Logarithm Problem, called the Semidirect Discrete Logarithm Problem (SDLP). Almost nothing was known about this problem - partially because of a misunderstanding of its importance in the literature - but in Chapter 3 we classify its quantum complexity by proving that the structure of SDPKE occurs as an example of a so-called cryptographic group action. Doing so requires the development of a bespoke quantum algorithm to get around certain technical difficulties; this is the first example of a quantum algorithm constructed for use in the cryptanalysis of group-based cryptography. The structure of a cryptographic group action gives us access to a surprisingly rich variety of work, including an idea for an efficient Digital Signature Scheme based on the structure of cryptographic group actions. In Chapter 4 we define this scheme, christened SPDH-Sign; we prove its security, and show that the SDPKE-type group action offers advantages with respect to efficient sampling compared to other group actions. We also propose a particular group for use with SPDH-Sign, taking into account the cryptanalytic work discussed throughout the rest of the thesis

Toward practical and private online services

Today's common online services (social networks, media streaming, messaging, email, etc.) bring convenience. However, these services are susceptible to privacy leaks. Certainly, email snooping by rogue employees, email server hacks, and accidental disclosures of user ratings for movies are some sources of private information leakage. This dissertation investigates the following question: Can we build systems that (a) provide strong privacy guarantees to the users, (b) are consistent with existing commercial and policy regimes, and (c) are affordable? Satisfying all three requirements simultaneously is challenging, as providing strong privacy guarantees usually necessitates either sacrificing functionality, incurring high resource costs, or both. Indeed, there are powerful cryptographic protocols---private information retrieval (PIR), and secure two-party computation (2PC)---that provide strong guarantees but are orders of magnitude more expensive than their non-private counterparts. This dissertation takes these protocols as a starting point and then substantially reduces their costs by tailoring them using application-specific properties. It presents two systems, Popcorn and Pretzel, built on this design ethos. Popcorn is a Netflix-like media delivery system, that provably hides, even from the content distributor (for example, Netflix), which movie a user is watching. Popcorn tailors PIR protocols to the media domain. It amortizes the server-side overhead of PIR by batching requests from the large number of concurrent users retrieving content at any given time; and, it forms large batches without introducing playback delays by leveraging the properties of media streaming. Popcorn is consistent with the prevailing commercial regime (copyrights, etc.), and its per-request dollar cost is 3.87 times that of a non-private system. The other system described in this dissertation, Pretzel, is an email system that encrypts emails end-to-end between senders and intended recipients, but allows the email service provider to perform content-based spam filtering and targeted advertising. Pretzel refines a 2PC protocol. It reduces the resource consumption of the protocol by replacing the underlying encryption scheme with a more efficient one, applying a packing technique to conserve invocations of the encryption algorithm, and pruning the inputs to the protocol. Pretzel's costs, versus a legacy non-private implementation, are estimated to be up to 5.4 times for the email provider, with additional but modest client-side requirements. Popcorn and Pretzel have fundamental connections. For instance, the cryptographic protocols in both systems securely compute vector-matrix products. However, we observe that differences in the vector and matrix dimensions lead to different system designs. Ultimately, both systems represent a potentially appealing compromise: sacrifice some functionality to build in strong privacy properties at affordable costs.Computer Science