Survey of Homomorphic schemes

Homomorphic encryption is increasingly becoming popular among researchers due to its future promises.Homomorphic encryption is a solution that allows a third party to process data in encrypted form. The decryption keys need not be shared.This paper summarizes the concept of homomorphic encryption and the work has been done in this field

An Improved Fully Homomorphic Encryption Scheme for Cloud Computing

Business in cloud computing is very popular among Small and Medium Enterprises (SMEs). By leveraging services from the cloud, such companies can migrate all of their in-house operations to cloud at low costs with minimum IT facility requirements such as desktop machines and the Internet. Even though the cloud promises tremendous advantages in terms of computing resources and storage spaces, some of the companies are still reluctant to adopt such a technology because of security concerns. To overcome such problems, a fully homomorphic encryption (FHE) scheme with improved efficiency can be implemented as the scheme allows computation on encrypted data without decryption. In this paper, we propose an improved FHE scheme that uses a symmetric key for encryption together with a protocol to implement the scheme. Furthermore, we also provide an analysis regarding to the noise growth in the processed ciphertext and squashing technique that is required to reduce the noise. This analysis is essential to improve the efficiency of the scheme as the squashing technique is time-consuming

Conditionals in Homomorphic Encryption and Machine Learning Applications

Homomorphic encryption aims at allowing computations on encrypted data without decryption other than that of the final result. This could provide an elegant solution to the issue of privacy preservation in data-based applications, such as those using machine learning, but several open issues hamper this plan. In this work we assess the possibility for homomorphic encryption to fully implement its program without relying on other techniques, such as multiparty computation (SMPC), which may be impossible in many use cases (for instance due to the high level of communication required). We proceed in two steps: i) on the basis of the structured program theorem (Bohm-Jacopini theorem) we identify the relevant minimal set of operations homomorphic encryption must be able to perform to implement any algorithm; and ii) we analyse the possibility to solve -- and propose an implementation for -- the most fundamentally relevant issue as it emerges from our analysis, that is, the implementation of conditionals (requiring comparison and selection/jump operations). We show how this issue clashes with the fundamental requirements of homomorphic encryption and could represent a drawback for its use as a complete solution for privacy preservation in data-based applications, in particular machine learning ones. Our approach for comparisons is novel and entirely embedded in homomorphic encryption, while previous studies relied on other techniques, such as SMPC, demanding high level of communication among parties, and decryption of intermediate results from data-owners. Our protocol is also provably safe (sharing the same safety as the homomorphic encryption schemes), differently from other techniques such as Order-Preserving/Revealing-Encryption (OPE/ORE).Comment: 14 pages, 1 figure, corrected typos, added introductory pedagogical section on polynomial approximatio

효율적인 정수 기반 동형 암호

학위논문 (박사)-- 서울대학교 대학원 : 수리과학부, 2015. 2. 천정희.Fully homomorphic encryption allows a worker to perform additions and multiplications on encrypted plaintext values without decryption. The first construction of a fully homomorphic scheme (FHE) based on ideal lattices was described by Gentry in 2009. Since Gentry's breakthrough result, many improvements have been made, introducing new variants, improving efficiency, and providing new features. The most FHE schemes still have very large ciphertexts (millions of bits for a single ciphertext). This presents a considerable bottleneck in practical deployments. To improve the efficiency of FHE schemes, especially ciphertext size, we can consider the following two observations. One is to improve the ratio of plaintext and ciphertext by packing many messages in one ciphertext and the other is to reduce the size of FHE-ciphertext by combining FHE with existing public-key encryption. In the dissertation, we study on construction of efficient FHE over the integers. First, we propose a new variant DGHV fully homomorphic encryption to extend message space. Using Chinese remainder theorem, our scheme reduces the overheads (ratio of ciphertext computation and plaintext computation) from $\tilde{O}(\lambda^4)$ to $\tilde{O}(\lambda)$. We reduce the security of our Somewhat Homomorphic Encryption scheme to a decisional version of Approximate GCD problem (DACD). To reduce the ciphertext size, we propose a hybrid scheme that combines public key encryption (PKE) and somewhat homomorphic encryption (SHE). In this model, messages are encrypted with a PKE and computations on encrypted data are carried out using SHE or FHE after homomorphic decryption. Our approach is suitable for cloud computing environments since it has small bandwidth, low storage requirement, and supports efficient computing on encrypted data. We also give alternative approach to reduce the FHE ciphertext size. Some of recent SHE schemes possess two properties, the public key compression and the key switching. By combining them, we propose a hybrid encryption scheme in which a block of messages is encrypted by symmetric version of the SHE and its secret key is encrypted by the (asymmetric) SHE. The ciphertext under the symmetric key encryption is compressed by using the public key compression technique and we convert the ciphertext into asymmetric encryption to enable homomorphic computations using key switching technique.Contents Abstract 1 Introduction 1 1.1 A Brief Overview of this Thesis 3 2 CRT-based FHE over the Integers 8 2.1 Preliminaries 12 2.2 Our Somewhat Homomorphic Encryption Scheme 14 2.2.1 Parameters 14 2.2.2 The Construction 15 2.2.3 Correctness 17 2.3 Security 19 2.4 FullyHomomorphicEncryption 27 2.4.1 BitMessageSpace 28 2.4.2 LargeMessageSpace 29 2.5 Discussion 35 2.5.1 SecureLargeIntegerArithmetic 35 2.5.2 Public key compression 35 3 A Hybrid Scheme of PKE and SHE 37 3.1 Preliminaries 39 3.1.1 HardProblems 40 3.1.2 Homomorphic Encryption Schemes 41 3.2 Encrypt with PKE and Compute with SHE 43 3.2.1 A Hybrid Scheme of PKE and SHE 44 3.2.2 Additive Homomorphic Encryptions for PKE in the HybridScheme 48 3.2.3 Multiplicative Homomorphic Encryptions for PKE in theHybridScheme 51 3.3 Homomorphic Evaluation of Exponentiation 56 3.3.1 Improved Exponentiation using Vector Decomposition 56 3.3.2 Improve the Bootstrapping without Squashing 59 3.4 Discussions 62 3.4.1 ApplicationModel 62 3.4.2 Advantages 63 3.5 Generic Conversion of SHE from Private-Key to Public-Key 68 4 A Hybrid Asymmetric Homomorphic Encryption 70 4.1 Preliminaries 72 4.2 A Hybrid Approach to Asymmetric FHE with Compressed Ciphertext 73 4.2.1 MainTools 73 4.2.2 Hybrid Encryption with Compressed Ciphertexts 76 4.3 ConcreteHybridConstructions 77 4.3.1 Hybrid Encryptions based on DGHV and Its Variants 77 4.3.2 Hybrid Encryptions based on LWE 87 4.4 Discussion 93 4.4.1 Comparison to Other Approaches 93 4.4.2 Other Fully Homomorphic Encryptions 94 5 Conclusion 95 Abstract (in Korean) 105 Acknowledgement (in Korean) 106Docto

Enhanced fully homomorphic encryption scheme using modified key generation for cloud environment

Fully homomorphic encryption (FHE) is a special class of encryption that allows performing unlimited mathematical operations on encrypted data without decrypting it. There are symmetric and asymmetric FHE schemes. The symmetric schemes suffer from the semantically security property and need more performance improvements. While asymmetric schemes are semantically secure however, they pose two implicit problems. The first problem is related to the size of key and ciphertext and the second problem is the efficiency of the schemes. This study aims to reduce the execution time of the symmetric FHE scheme by enhancing the key generation algorithm using the Pick-Test method. As such, the Binary Learning with Error lattice is used to solve the key and ciphertext size problems of the asymmetric FHE scheme. The combination of enhanced symmetric and asymmetric algorithms is used to construct a multi-party protocol that allows many users to access and manipulate the data in the cloud environment. The Pick-Test method of the Sym-Key algorithm calculates the matrix inverse and determinant in one instance requires only n-1 extra multiplication for the calculation of determinant which takes 0(N3) as a total cost, while the Random method in the standard scheme takes 0(N3) to find matrix inverse and 0(N!) to calculate the determinant which results in 0(N4) as a total cost. Furthermore, the implementation results show that the proposed key generation algorithm based on the pick-test method could be used as an alternative to improve the performance of the standard FHE scheme. The secret key in the Binary-LWE FHE scheme is selected from {0,1}n to obtain a minimal key and ciphertext size, while the public key is based on learning with error problem. As a result, the secret key, public key and tensored ciphertext is enhanced from logq , 0(n2log2q) and ((n+1)n2log2q)2log q to n, (n+1)2log q and (n+1)2log q respectively. The Binary-LWE FHE scheme is a secured but noise-based scheme. Hence, the modulus switching technique is used as a noise management technique to scale down the noise from e and c to e/B and c/B respectively thus, the total cost for noise management is enhanced from 0(n3log2q) to 0(n2log q) . The Multi-party protocol is constructed to support the cloud computing on Sym-Key FHE scheme. The asymmetric Binary-LWE FHE scheme is used as a small part of the protocol to verify the access of users to any resource. Hence, the protocol combines both symmetric and asymmetric FHE schemes which have the advantages of efficiency and security. FHE is a new approach with a bright future in cloud computing

On the IND-CCA1 Security of FHE Schemes

Fully homomorphic encryption (FHE) is a powerful tool in cryptography that allows one to perform arbitrary computations on encrypted material without having to decrypt it first. There are numerous FHE schemes, all of which are expanded from somewhat homomorphic encryption (SHE) schemes, and some of which are considered viable in practice. However, while these FHE schemes are semantically (IND-CPA) secure, the question of their IND-CCA1 security is much less studied, and we therefore provide an overview of the IND-CCA1 security of all acknowledged FHE schemes in this paper. To give this overview, we grouped the SHE schemes into broad categories based on their similarities and underlying hardness problems. For each category, we show that the SHE schemes are susceptible to either known adaptive key recovery attacks, a natural extension of known attacks, or our proposed attacks. Finally, we discuss the known techniques to achieve IND-CCA1-secure FHE and SHE schemes. We concluded that none of the proposed schemes were IND-CCA1-secure and that the known general constructions all had their shortcomings.publishedVersio

More Than Error Correction: Cryptography from Codes

The first code-based cryptosystem, McEliece, was invented in the very early development of public-key cryptography, yet code-based cryptosystems received little attention for decades due to their relatively large key-sizes. But recently they are re-discovered for their potentials to provide efficient post-quantum cryptographic tools and homomorphic encryption schemes, and the development of large storage and fast Internet have made these schemes closer to practice than ever. Through our review of the revolution of code-based cryptography, we will demonstrate the usage of codes in cryptographic applicaitons. We will follow the path of the development, from the design, analysis, and implementation of McEliece cryptosystem and the quantum attack resistance to the latest fully homomorphic encryption scheme based on Learning with Errors, a code-related problem, designed by Brakerski et al. We will also cover algebraic manipulation detection codes, a newly proposed extension of error-correcting codes and a lightweight alternative to MACs as an authentication component embedded in security protocols

CRT-based fully homomorphic encryption over the integers

In 1978, Rivest, Adleman and Dertouzos introduced the basic concept of privacy homomorphism that allows computation on encrypted data without decryption. It was an interesting work whose idea precedes the recent development of fully homomorphic encryption, although actual example schemes proposed in the paper are all susceptible to simple known-plaintext attacks. In this paper, we revisit one of their proposals, in particular the third scheme which is based on the Chinese Remainder Theorem and is ring homomorphic. It is known that only a single pair of known plaintext/ciphertext is needed to break this scheme. However, by exploiting the standard technique to insert an error to a message before encryption, we can cope with this problem. We present a secure modification of their proposal by showing that the proposed scheme is fully homomorphic and secure against the chosen plaintext attacks under the approximate GCD assumption and the sparse subset sum assumption when the message space is restricted to Z(2)(k). Interestingly, the proposed scheme can be regarded as a generalization of the DGHV scheme with larger plaintext space. Our scheme has (O) over tilde(lambda(5)) ciphertext expansion overhead while the DGHV has (O) over tilde(lambda(8)) for the security parameter lambda. When restricted to the homomorphic encryption scheme with depth of O(log lambda), the overhead is reduced to (O) over tilde(lambda). Our scheme can be used in applications requiring a large message space Z(Q) for log Q = (O) over tilde(lambda(4))or SIMD style operations on Z(Q)(k) for log Q = O(lambda), k = O(lambda(3)), with (O) over tilde(lambda(5)) ciphertext size as in the DGHV.close0