Secure and Efficient Multi-Key FHE Scheme Supporting Multi-bit Messages from LWE Preserving Non-Interactive Decryption

We consider multi-key fully homomorphic encryption (multi-key FHE) which is the richest variant of fully homomorphic encryption (FHE) that allows complex computation on encrypted data under different keys. Since its introduction by Lopez-Alt, Tromer and Vaikuntanathan in 2012, numerous proposals have been presented yielding various improvements in security and efficiency. However, most of these multi-key FHE schemes encrypt a single-bit message. Constructing a multi-key FHE scheme encrypting multi-bit messages have been notoriously difficult without loosing efficiency for homomorphic evaluation and ciphertext extension under additional keys. In this work, we study multi-key FHE that can encrypt multi-bit messages. Motivated by the goals of improving the efficiency, we propose a new construction with non-interactive decryption and security against chosen-plaintext attack (IND-CPA) from the standard learning with errors (LWE) assumption. We consider a binary matrix as plaintext instead of a single-bit. Our approach supports efficient homomorphic matrix addition and multiplication. Another interesting feature is that our technique of extending a ciphertext under additional keys yields significant reduction in the computational overhead. More interestingly, when contrasted with the previous multi-key FHE schemes for multi-bit messages, our candidates exhibits favorable results in the length of the secret key, public key and ciphertext preserving non-interactive decryption. Keywords: lattice based cryptosystem, multi-key fully homomorphic encryption, learning with errors, multi-bit message

Enhanced fully homomorphic encryption scheme using modified key generation for cloud environment

Fully homomorphic encryption (FHE) is a special class of encryption that allows performing unlimited mathematical operations on encrypted data without decrypting it. There are symmetric and asymmetric FHE schemes. The symmetric schemes suffer from the semantically security property and need more performance improvements. While asymmetric schemes are semantically secure however, they pose two implicit problems. The first problem is related to the size of key and ciphertext and the second problem is the efficiency of the schemes. This study aims to reduce the execution time of the symmetric FHE scheme by enhancing the key generation algorithm using the Pick-Test method. As such, the Binary Learning with Error lattice is used to solve the key and ciphertext size problems of the asymmetric FHE scheme. The combination of enhanced symmetric and asymmetric algorithms is used to construct a multi-party protocol that allows many users to access and manipulate the data in the cloud environment. The Pick-Test method of the Sym-Key algorithm calculates the matrix inverse and determinant in one instance requires only n-1 extra multiplication for the calculation of determinant which takes 0(N3) as a total cost, while the Random method in the standard scheme takes 0(N3) to find matrix inverse and 0(N!) to calculate the determinant which results in 0(N4) as a total cost. Furthermore, the implementation results show that the proposed key generation algorithm based on the pick-test method could be used as an alternative to improve the performance of the standard FHE scheme. The secret key in the Binary-LWE FHE scheme is selected from {0,1}n to obtain a minimal key and ciphertext size, while the public key is based on learning with error problem. As a result, the secret key, public key and tensored ciphertext is enhanced from logq , 0(n2log2q) and ((n+1)n2log2q)2log q to n, (n+1)2log q and (n+1)2log q respectively. The Binary-LWE FHE scheme is a secured but noise-based scheme. Hence, the modulus switching technique is used as a noise management technique to scale down the noise from e and c to e/B and c/B respectively thus, the total cost for noise management is enhanced from 0(n3log2q) to 0(n2log q) . The Multi-party protocol is constructed to support the cloud computing on Sym-Key FHE scheme. The asymmetric Binary-LWE FHE scheme is used as a small part of the protocol to verify the access of users to any resource. Hence, the protocol combines both symmetric and asymmetric FHE schemes which have the advantages of efficiency and security. FHE is a new approach with a bright future in cloud computing

Breaking the t<n/3t< n/3 Consensus Bound: Asynchronous Dynamic Proactive Secret Sharing under Honest Majority

A proactive secret sharing scheme (PSS), expressed in the dynamic-membership setting, enables a committee of n holders of secret-shares, dubbed as players, to securely hand-over new shares of the same secret to a new committee. We dub such a sub-protocol as a Refresh. All existing PSS under an honest majority, require the use of a broadcast (BC) in each refresh. BC is costly to implement, and its security relies on timing assumptions on the network. So the privacy of the secret and/or its guaranteed delivery, either depend on network assumptions, or, on the reliability of a public ledger. By contrast, PSS over asynchronous channels do not have these constraints. However, all of them (but one, with exponential complexity) use asynchronous verifiable secret sharing (AVSS) and consensus (MVBA and/or ACS), which are impossible under asynchrony beyond t<n/3 corruptions, whatever the setup. We present a PSS, named asynchronous-proactive secret sharing (APSS), which is the first PSS under honest majority with guaranteed output delivery in a completely asynchronous network. More generally, APSS allows any flexible threshold $t<n$, such that privacy and correctness are guaranteed up to t corruptions, and liveness as soon as $t+1$ players behave honestly. Correctness can be lifted to any number of corruptions, provided a linearly homomorphic commitment scheme. Moreover, each refresh completes at the record speed of $2\delta$, where $\delta$ is the actual message delivery delay. APSS demonstrates that proactive refreshes are possible as long as players of the initial committee only, have a common view on a set of (publicly committed or encrypted) shares. Despite not providing consensus on a unique set of shares, APSS surprisingly enables the opening of any linear map over secrets { non-interactively, without consensus }. This, in turn, applies to threshold signing, decryption and randomness generation. APSS can also be directly integrated into the asynchronous Schnorr threshold signing scheme Roast [CCS\u2722]. Of independent interest, we: - provide the first UC formalization (and proof) of proactive AVSS, furthermore for arbitrary thresholds; - provide additional mechanisms enabling players of a committee to start a refresh then erase their old shares, synchronously up to $\delta$ from each other; - improve by 50x the verification speed of the NIZKs of encrypted re-sharing of [Cascudo et al, Asiacrypt\u2722], by using novel optimizations of batch Schnorr proofs of knowledge. We demonstrate efficiency of APSS with an implementation which uses this optimization as baseline

Identity-Based Key Aggregate Cryptosystem from Multilinear Maps

The key-aggregate cryptosystem~(KAC) proposed by Chu et al. in 2014 offers a solution to the flexible access delegation problem in shared data environments such as the cloud. KAC allows a data owner, owning $N$ classes of encrypted data, to securely grant access to any subset $S$ of these data classes among a subset $\hat{S}$ of data users, via a single low overhead \emph{aggregate key} $K_{\mathcal{S}}$. Existing constructions for KAC are efficient in so far they achieve constant size ciphertexts and aggregate keys. But they resort to a public parameter that has size linear in the number of data classes $N$, and require $O(M\u27M)$ secure channels for distribution of aggregate keys in a system with $M\u27$ data owners and $M$ data users. In this paper, we propose three different multilinear-map based KAC constructions that have at most polylogarithmic overhead for both ciphertexts and public parameters, and generate constant size aggregate keys. We further demonstrate how the aggregate keys may be efficiently broadcast among any arbitrary size subset of $M$ data users using only $O(M\u27+M)$ secure channels, in a system with $M\u27$ data owners. Our constructions are secure in the generic multilinear group model and are fully collusion resistant against any number of colluding parties. In addition, they naturally give rise to \emph{identity based} secure access delegation schemes

Dynamic Decentralized Functional Encryption

International audienceWe introduce Dynamic Decentralized Functional Encryption (DDFE), a generalization ofFunctional Encryption which allows multiple users to join the system dynamically, without relying on atrusted third party or on expensive and interactive Multi-Party Computation protocols.This notion subsumes existing multi-user extensions of Functional Encryption, such as Multi-Input, Multi-Client, and Ad Hoc Multi-Input Functional Encryption.We define and construct schemes for various functionalities which serve as building-blocks for latter primitivesand may be useful in their own right, such as a scheme for dynamically computing sums in any Abeliangroup. These constructions build upon simple primitives in a modular way, and have instantiations fromwell-studied assumptions, such as DDH or LWE.Our constructions culminate in an Inner-Product scheme for computing weighted sums on aggregatedencrypted data, from standard assumptions in prime-order groups in the Random Oracle Model

Using Large-Scale Empirical Methods to Understand Fragile Cryptographic Ecosystems

Cryptography is a key component of the security of the Internet. Unfortunately, the process of using cryptography to secure the Internet is fraught with failure. Cryptography is often fragile, as a single mistake can have devastating consequences on security, and this fragility is further complicated by the diverse and distributed nature of the Internet. This dissertation shows how to use empirical methods in the form of Internet-wide scanning to study how cryptography is deployed on the Internet, and shows this methodology can discover vulnerabilities and gain insights into fragile cryptographic ecosystems that are not possible without an empirical approach. I introduce improvements to ZMap, the fast Internet-wide scanner, that allow it to fully utilize a 10 GigE connection, and then use Internet-wide scanning to measure cryptography on the Internet. First, I study how Diffie-Hellman is deployed, and show that implementations are fragile and not resilient to small subgroup attacks. Next, I measure the prevalence of ``export-grade'' cryptography. Although regulations limiting the strength of cryptography that could be exported from the United States were lifted in 1999, Internet-wide scanning shows that support for various forms of export cryptography remains widespread. I show how purposefully weakening TLS to comply with these export regulations led to the FREAK, Logjam, and DROWN vulnerabilities, each of which exploits obsolete export-grade cryptography to attack modern clients. I conclude by discussing how empirical cryptography improved protocol design, and I present further opportunities for empirical research in cryptography.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/149809/1/davadria_1.pd