Bootstrapping for HElib

Gentry\u27s bootstrapping technique is still the only known method of obtaining fully homomorphic encryption where the system\u27s parameters do not depend on the complexity of the evaluated functions. Bootstrapping involves a *recryption* procedure where the scheme\u27s decryption algorithm is evaluated homomorphically. Prior to this work there were very few implementations of recryption, and fewer still that can handle ``packed ciphertexts\u27\u27 that encrypt vectors of elements. In the current work, we report on an implementation of recryption of fully-packed ciphertexts using the HElib library for somewhat-homomorphic encryption. This implementation required extending previous recryption algorithms from the literature, as well as many aspects of the HElib library. Our implementation supports bootstrapping of packed ciphertexts over many extension fields/rings. One example that we tested involves ciphertexts that encrypt vectors of 1024 elements from $GF(2^{16})$. In that setting, the recryption procedure takes under 3 minutes (at security-level $\approx 80$) on a single core, and allows a multiplicative depth-11 computation before the next recryption is needed. This report updates the results that we reported in Eurocrypt 2015 in several ways. Most importantly, it includes a much more robust method for deriving the parameters, ensuring that recryption errors only occur with negligible probability. Many aspects of this analysis are proven, and for the few well-specified heuristics that we made, we report on thorough experimentation to validate them. The procedure that we describe here is also significantly more efficient than in the previous version, incorporating many optimizations that were reported elsewhere (such as more efficient linear transformations) and adding a few new ones. Finally, our implementation now also incorporates Chen and Han\u27s techniques from Eurocrypt 2018 for more efficient digit extraction (for some parameters), as well as for ``thin bootstrapping\u27\u27 when the ciphertext is only sparsely packed

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the survey that is being submitted to ACM CSUR and has been uploaded to arXiv for feedback from stakeholder

HEIDE: An IDE for the Homomorphic Encryption Library HElib

Work in the field of Homomorphic Encryption has exploded in the past 5 years, after Craig Gentry proposed the first encryption scheme capable of performing Homomorphic Encryption. Under the scheme one can encrypt data, perform computations on the encrypted result (without needing the original data), and then decrypt the data to get the result as if the computations had been run on the unencrypted data. Such a scheme has wide reaching implications for cloud computing. Computations on sensitive data, just like regular data, could now be performed in the cloud with the added security that even the cloud service provider couldn\u27t see the secure data. With such a benefit one might ask why the encryption scheme is not used currently? It is because, while Craig Gentry\u27s scheme was theoretically sound, it was not quick. As such, recent work has been in finding ways to speed up the scheme. Several improvements in speed have been made and several implementations of those improved schemes have been developed: one being HElib. As of now HElib is self described as an assembly language for HE . Our work focused on creating HEIDE, a Homomorphic Encryption IDE, where researchers could write tests at a high-level. This high-level code is then compiled into the operations provided by HElib. HElib, like most encryption schemes, can be configured using different setup parameters. These parameters change the run-time and security of the scheme. As such we have also provided an easy way for researchers to simultaneously run their tests using different setup parameters. To support that, timing and memory metrics are provided for each test so that researchers can determine which parameters worked best

On the Explanation and Implementation of Three Open-Source Fully Homomorphic Encryption Libraries

While fully homomorphic encryption (FHE) is a fairly new realm of cryptography, it has shown to be a promising mode of information protection as it allows arbitrary computations on encrypted data. The development of a practical FHE scheme would enable the development of secure cloud computation over sensitive data, which is a much-needed technology in today\u27s trend of outsourced computation and storage. The first FHE scheme was proposed by Craig Gentry in 2009, and although it was not a practical implementation, his scheme laid the groundwork for many schemes that exist today. One main focus in FHE research is the creation of a library that allows users without much knowledge of the complexities of FHE to use the technology securely. In this paper, we will present the concepts behind FHE, together with the introduction of three open-source FHE libraries, in order to bring better understanding to how the libraries function

GPUHElib and DistributedHElib: Distributed Computing Variants of HElib, a Homomorphic Encryption Library

Homomorphic Encryption, an encryption scheme only developed in the last five years, allows for arbitrary operations to be performed on encrypted data. Using this scheme, a user can encrypt data, and send it to an online service. The online service can then perform an operation on the data and generate an encrypted result. This encrypted result is then sent back to the user, who decrypts it. This decryption produces the same data as if the operation performed by the online service had been performed on the unencrypted data. This is revolutionary because it allows for users to rely on online services, even untrusted online services, to perform operations on their data, without the online service gaining any knowledge from their data. A prominent implementation of homomorphic encryption is HElib. While one is able to perform homomorphic encryption with this library, there are problems with it. It, like all other homomorphic encryption libraries, is slow relative to other encryption systems. Thus there is a need to speed it up. Because homomorphic encryption will be deployed on online services, many of them distributed systems, it is natural to modify HElib to utilize some of the tools that are available on them in an attempt to speed up run times. Thus two modified libraries were designed: GPUHElib, which utilizes a GPU, and DistributedHElib, which utilizes a distributed computing design. These designs were then tested against the original library to see if they provided any speed up

Efficient implementation of LowMC in HElib

Postponed access: the file will be accessible after 2019-05-29LowMC is a symmetric block cipher designed for fully homomorphic encryption. This thesis focuses on Martin Albrecht’s implementation of the cipher in the FHE library HElib, and how his implementation can be improved when encrypting a single plaintext. We have succeeded in getting faster encryption by changing the packing of the plaintext bits and focusing on a rotation-based linear layer. When only encrypting a single plaintext Albrecht’s implementation takes 217.17 seconds, while our alternative implementation takes 11.53 seconds.Masteroppgave i informatikkINF39