A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the survey that is being submitted to ACM CSUR and has been uploaded to arXiv for feedback from stakeholder

Efficient Fully Homomorphic Encryption from (Standard) LWE

A fully homomorphic encryption (FHE) scheme allows anyone to transform an encryption of a message, m, into an encryption of any (efficient) function of that message, f(m), without knowing the secret key. We present a leveled FHE scheme that is based solely on the (standard) learning with errors (LWE) assumption. (Leveled FHE schemes are initialized with a bound on the maximal evaluation depth. However, this restriction can be removed by assuming “weak circular security.”) Applying known results on LWE, the security of our scheme is based on the worst-case hardness of “short vector problems” on arbitrary lattices. Our construction improves on previous works in two aspects: 1. We show that “somewhat homomorphic” encryption can be based on LWE, using a new relinearization technique. In contrast, all previous schemes relied on complexity assumptions related to ideals in various rings. 2. We deviate from the “squashing paradigm” used in all previous works. We introduce a new dimension-modulus reduction technique, which shortens the ciphertexts and reduces the decryption complexity of our scheme, without introducing additional assumptions. Our scheme has very short ciphertexts, and we therefore use it to construct an asymptotically efficient LWE-based single-server private information retrieval (PIR) protocol. The communication complexity of our protocol (in the public-key model) is k·polylog(k)+log |DB| bits per single-bit query, in order to achieve security against 2k-time adversaries (based on the best known attacks against our underlying assumptions). Key words. cryptology, public-key encryption, fully homomorphic encryption, learning with errors, private information retrieva

Separating IND-CPA and Circular Security for Unbounded Length Key Cycles

A public key encryption scheme is said to be n-circular secure if no PPT adversary can distinguish between encryptions of an n length key cycle and n encryptions of zero. One interesting question is whether circular security comes for free from IND-CPA security. Recent works have addressed this question, showing that for all integers n, there exists an IND-CPA scheme that is not n-circular secure. However, this leaves open the possibility that for every IND-CPA cryptosystem, there exists a cycle length l, dependent on the cryptosystem (and the security parameter) such that the scheme is l-circular secure. If this is true, then this would directly lead to many applications, in particular, it would give us a fully homomorphic encryption scheme via Gentry’s bootstrapping. In this work, we show that is not true. Assuming indistinguishability obfuscation and leveled homomorphic encryption, we construct an IND-CPA scheme such that for all cycle lengths l, the scheme is not l-circular secure

On Fully Homomorphic Encryption

Täielikult homomorfne krüpteerimine on krüptosüsteem, mille puhul üks osapool saab enda valdusesse krüpteeritud andmed ning saab nende andmetega tõhusalt sooritada erinevaid operatsioone. Operatsioone saab teha hoolimata sellest, et andmed jäävad krüpteerituks ning seega ei ole ka vajalik teada dekrüpteerimisvõtit. Selline süsteem oleks äärmiselt kasulik, näiteks tagades andmete privaatsuse, mis on saadetud kolmanda osapoole teenusele. Täielikult homomorfne krüpteerimine on vastandiks krüptosüsteemidele nagu Paillier, kus ei ole võimalik teostada krüpteeritud andmete peal korrutamist ilma neid enne dekrüpteerimata, või ElGamal, kus ei saa sooritada krüpteeritud andmete liitmist enne andmete dekrüpteerimist. Täielikult homomorfne krüpteerimine on väga uus uurimisala: esimese taolise süsteemi lõi Gentry aastal 2009. Gentry läbimurdest alates on olnud palju tema tööst inspireeritud edasiminekuid. Kõik viimased täielikult homomorfsed krüptosüsteemid kasutavad avaliku võtmega krüptograafiat ja põhinevad võredel. Võre-põhine krüptograafia äratab üha enam huvi oma turvalisuse püsimisega kvantarvutites ning oma halvima juhu turvagarantiidega. Siiski jääb püsima peamine probleem: süsteemidel ei ole veel tõhusat teostust, mis säilitaks adekvaatsed turvalisuse nõuded. Selles valguses vaadatuna, viimased edasiminekud täielikult homomorfses krüpteerimises kas täiendavad eelnevate süsteemide tõhusust või pakuvad välja uue parema efektiivsusega skeemi. Antud uurimus on ülevaade hiljutistest täielikult homomorfsetest krüptosüsteemidest. Õpime tundma mõningaid viimaseid täielikult homomorfseid krüptosüsteeme, analüüsime ning võrdleme neid. Neil süsteemidel on teatud ühised elemendid: 1. Tõhus võre-põhine krüptosüsteem turvalisusega, mis põhineb üldteada võreprobleemide keerulisusel. 2. Arvutusfunktsioon definitsioonidega homomorfsele liitmisele ja korrutamisele müra kasvu piiramiseks. 3. Meetodid, et muuta süsteem täielikult homomorfseks selle arvutusfunktsiooniga. Niipea kui võimalik, kirjutame nende süsteemide peamised tulemused ümber detailsemas ja loetavamas vormis. Kõik skeemid, mida me arutame, välja arvatud Gentry, on väga uued. Kõige varasem arutletav töö avaldati oktoobris aastal 2011 ning mõningad tööd on veel kättesaadavad ainult elektroonilisel kujul. Loodame, et käesolev töö aitab lugejail olla kursis täielikult homomorfse krüpteerimisega, rajades teed edasistele arengutele selles vallas

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view