1,997 research outputs found
A Survey on Homomorphic Encryption Schemes: Theory and Implementation
Legacy encryption systems depend on sharing a key (public or private) among
the peers involved in exchanging an encrypted message. However, this approach
poses privacy concerns. Especially with popular cloud services, the control
over the privacy of the sensitive data is lost. Even when the keys are not
shared, the encrypted material is shared with a third party that does not
necessarily need to access the content. Moreover, untrusted servers, providers,
and cloud operators can keep identifying elements of users long after users end
the relationship with the services. Indeed, Homomorphic Encryption (HE), a
special kind of encryption scheme, can address these concerns as it allows any
third party to operate on the encrypted data without decrypting it in advance.
Although this extremely useful feature of the HE scheme has been known for over
30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE)
scheme, which allows any computable function to perform on the encrypted data,
was introduced by Craig Gentry in 2009. Even though this was a major
achievement, different implementations so far demonstrated that FHE still needs
to be improved significantly to be practical on every platform. First, we
present the basics of HE and the details of the well-known Partially
Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which
are important pillars of achieving FHE. Then, the main FHE families, which have
become the base for the other follow-up FHE schemes are presented. Furthermore,
the implementations and recent improvements in Gentry-type FHE schemes are also
surveyed. Finally, further research directions are discussed. This survey is
intended to give a clear knowledge and foundation to researchers and
practitioners interested in knowing, applying, as well as extending the state
of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the
survey that is being submitted to ACM CSUR and has been uploaded to arXiv for
feedback from stakeholder
Efficient public-key cryptography with bounded leakage and tamper resilience
We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions.
The model of bounded tamper resistance was recently put forward by Damgård et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack
Chasing diagrams in cryptography
Cryptography is a theory of secret functions. Category theory is a general
theory of functions. Cryptography has reached a stage where its structures
often take several pages to define, and its formulas sometimes run from page to
page. Category theory has some complicated definitions as well, but one of its
specialties is taming the flood of structure. Cryptography seems to be in need
of high level methods, whereas category theory always needs concrete
applications. So why is there no categorical cryptography? One reason may be
that the foundations of modern cryptography are built from probabilistic
polynomial-time Turing machines, and category theory does not have a good
handle on such things. On the other hand, such foundational problems might be
the very reason why cryptographic constructions often resemble low level
machine programming. I present some preliminary explorations towards
categorical cryptography. It turns out that some of the main security concepts
are easily characterized through the categorical technique of *diagram
chasing*, which was first used Lambek's seminal `Lecture Notes on Rings and
Modules'.Comment: 17 pages, 4 figures; to appear in: 'Categories in Logic, Language and
Physics. Festschrift on the occasion of Jim Lambek's 90th birthday', Claudia
Casadio, Bob Coecke, Michael Moortgat, and Philip Scott (editors); this
version: fixed typos found by kind reader
- …