A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the survey that is being submitted to ACM CSUR and has been uploaded to arXiv for feedback from stakeholder

A Non-commutative Cryptosystem Based on Quaternion Algebras

We propose BQTRU, a non-commutative NTRU-like cryptosystem over quaternion algebras. This cryptosystem uses bivariate polynomials as the underling ring. The multiplication operation in our cryptosystem can be performed with high speed using quaternions algebras over finite rings. As a consequence, the key generation and encryption process of our cryptosystem is faster than NTRU in comparable parameters. Typically using Strassen's method, the key generation and encryption process is approximately $16/7$ times faster than NTRU for an equivalent parameter set. Moreover, the BQTRU lattice has a hybrid structure that makes inefficient standard lattice attacks on the private key. This entails a higher computational complexity for attackers providing the opportunity of having smaller key sizes. Consequently, in this sense, BQTRU is more resistant than NTRU against known attacks at an equivalent parameter set. Moreover, message protection is feasible through larger polynomials and this allows us to obtain the same security level as other NTRU-like cryptosystems but using lower dimensions.Comment: Submitted for possible publicatio

Quantum attacks on Bitcoin, and how to protect against them

The key cryptographic protocols used to secure the internet and financial transactions of today are all susceptible to attack by the development of a sufficiently large quantum computer. One particular area at risk are cryptocurrencies, a market currently worth over 150 billion USD. We investigate the risk of Bitcoin, and other cryptocurrencies, to attacks by quantum computers. We find that the proof-of-work used by Bitcoin is relatively resistant to substantial speedup by quantum computers in the next 10 years, mainly because specialized ASIC miners are extremely fast compared to the estimated clock speed of near-term quantum computers. On the other hand, the elliptic curve signature scheme used by Bitcoin is much more at risk, and could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates. We analyze an alternative proof-of-work called Momentum, based on finding collisions in a hash function, that is even more resistant to speedup by a quantum computer. We also review the available post-quantum signature schemes to see which one would best meet the security and efficiency requirements of blockchain applications.Comment: 21 pages, 6 figures. For a rough update on the progress of Quantum devices and prognostications on time from now to break Digital signatures, see https://www.quantumcryptopocalypse.com/quantum-moores-law

A New Provably Secure Cryptosystem Using Dedekind Domain Direct Product Approach

We would like to prevent, detect, and protect communication and information systems' attacks, which include unauthorized reading of a message of file and traffic analysis or active attacks, such as modification of messages or files, and denial of service by providing cryptographic techniques. If we prove that an encryption algorithm is based on mathematical NP-hard problems, we can prove its security. In this paper, we present a new NTRU-Like public-key cryptosystem with security provably based on the worst-case hardness of the approximate lattice problems (NP-hard problems) in some structured lattices (ideal lattices) in order to attain the applicable objectives of preserving the confidentiality of communication and information system resources (includes hardware, software, firmware, information/data, and telecommunications). Our proposed scheme is an improvement of ETRU cryptosystem. ETRU is an NTRU-Like public-key cryptosystem based on the Eisenstein integers Z [f_3 ] where f_3 is a primitive cube root of unity. ETRU has heuristic security and it has no proof of security. We show that our cryptosystem has security stronger than that of ETRU, over cartesian product of dedekind domains and extended cyclotomic polynomials. We prove the security of our main algorithm from the R-SIS and R-LWE problems as NP-hard problems

Performance and Efficiency Exploration of Hardware Polynomial Multipliers for Post-Quantum Lattice-Based Cryptosystems

The significant effort in the research and design of large-scale quantum computers has spurred a transition to post-quantum cryptographic primitives worldwide. The post-quantum cryptographic primitive standardization effort led by the US NIST has recently selected the asymmetric encryption primitive Kyber as its candidate for standardization and indicated NTRU, as a valid alternative if intellectual property issues are not solved. Finally, a more conservative alternative to NTRU, NTRUPrime was also considered as an alternate candidate, due to its design choices that remove the possibility for a large set of attacks preemptively. All the aforementioned asymmetric primitives provide good performances, and are prime choices to provide IoT devices with post-quantum confidentiality services. In this work, we present a comprehensive exploration of hardware designs for the computation of polynomial multiplications, the workhorse operation in all the aforementioned cryptosystems, with a thorough analysis of performance, compactness and efficiency. The presented designs cope with the differences in the arithmetics of polynomial rings employed by distinct cryptosystems, benefiting from configurations and optimizations that are applicable at synthesis time and/or run time. In this context, we target a use case scenario where long-term key pairs are used, such as the ones for VPNs (e.g., over IPSec), secure shell protocols and instant messaging applications. Our high-performance design variants exhibit figures of latency comparable to the ones needed for the execution of the symmetric cryptographic primitives also included in the Post-Quantum schemes. Notably, the performance figures of the designs proposed for NTRU and NTRU Prime surpass the ones described in the related literature

Performance Evaluation of Round 2 Submission for the NIST Post-Quantum Cryptography Project

This paper looks at the submissions for round 2 of a competition held by National Institute of Standards and Technology (NIST) to find an encryption standard resistant to attacks by post-quantum computers. NIST announced its call for submissions in February 2016 with a deadline of November 2017 and announced the 69 algorithms that made the cut for round 1. In January 2019 the candidates for round 2 were announced with round 3 projected for 2020/2021