Vers une arithmétique efficace pour le chiffrement homomorphe basé sur le Ring-LWE

Fully homomorphic encryption is a kind of encryption offering the ability to manipulate encrypted data directly through their ciphertexts. In this way it is possible to process sensitive data without having to decrypt them beforehand, ensuring therefore the datas' confidentiality. At the numeric and cloud computing era this kind of encryption has the potential to considerably enhance privacy protection. However, because of its recent discovery by Gentry in 2009, we do not have enough hindsight about it yet. Therefore several uncertainties remain, in particular concerning its security and efficiency in practice, and should be clarified before an eventual widespread use. This thesis deals with this issue and focus on performance enhancement of this kind of encryption in practice. In this perspective we have been interested in the optimization of the arithmetic used by these schemes, either the arithmetic underlying the Ring Learning With Errors problem on which the security of these schemes is based on, or the arithmetic specific to the computations required by the procedures of some of these schemes. We have also considered the optimization of the computations required by some specific applications of homomorphic encryption, and in particular for the classification of private data, and we propose methods and innovative technics in order to perform these computations efficiently. We illustrate the efficiency of our different methods through different software implementations and comparisons to the related art.Le chiffrement totalement homomorphe est un type de chiffrement qui permet de manipuler directement des données chiffrées. De cette manière, il est possible de traiter des données sensibles sans avoir à les déchiffrer au préalable, permettant ainsi de préserver la confidentialité des données traitées. À l'époque du numérique à outrance et du "cloud computing" ce genre de chiffrement a le potentiel pour impacter considérablement la protection de la vie privée. Cependant, du fait de sa découverte récente par Gentry en 2009, nous manquons encore de recul à son propos. C'est pourquoi de nombreuses incertitudes demeurent, notamment concernant sa sécurité et son efficacité en pratique, et devront être éclaircies avant une éventuelle utilisation à large échelle.Cette thèse s'inscrit dans cette problématique et se concentre sur l'amélioration des performances de ce genre de chiffrement en pratique. Pour cela nous nous sommes intéressés à l'optimisation de l'arithmétique utilisée par ces schémas, qu'elle soit sous-jacente au problème du "Ring-Learning With Errors" sur lequel la sécurité des schémas considérés est basée, ou bien spécifique aux procédures de calculs requises par certains de ces schémas. Nous considérons également l'optimisation des calculs nécessaires à certaines applications possibles du chiffrement homomorphe, et en particulier la classification de données privées, de sorte à proposer des techniques de calculs innovantes ainsi que des méthodes pour effectuer ces calculs de manière efficace. L'efficacité de nos différentes méthodes est illustrée à travers des implémentations logicielles et des comparaisons aux techniques de l'état de l'art

Large FHE Gates from tensored homomorphic accumulator

The main bottleneck of all known Fully Homomorphic Encryption schemes lies in the bootstrapping procedure invented by Gentry (STOC’09). The cost of this procedure can be mitigated either using Homomorphic SIMD techniques, or by performing larger computation per bootstrapping procedure.In this work, we propose new techniques allowing to perform more operations per bootstrapping in FHEW-type schemes (EUROCRYPT’13). While maintaining the quasi-quadratic Õ(n2) complexity of the whole cycle, our new scheme allows to evaluate gates with Ω(log n) input bits, which constitutes a quasi-linear speed-up. Our scheme is also very well adapted to large threshold gates, natively admitting up to Ω(n) inputs. This could be helpful for homomorphic evaluation of neural networks.Our theoretical contribution is backed by a preliminary prototype implementation, which can perform 6-to-6 bit gates in less than 10s on a single core, as well as threshold gates over 63 input bits even faster.<p

Fast polynomial arithmetic in homomorphic encryption with cyclo-multiquadratic fields

This work provides refined polynomial upper bounds for the condition number of the transformation between RLWE/PLWE for cyclotomic number fields with up to 6 primes dividing the conductor. We also provide exact expressions of the condition number for any cyclotomic field, but under what we call the twisted power basis. Finally, from a more practical perspective, we discuss the advantages and limitations of cyclotomic fields to have fast polynomial arithmetic within homomorphic encryption, for which we also study the RLWE/PLWE equivalence of a concrete non-cyclotomic family of number fields. We think this family could be of particular interest due to its arithmetic efficiency properties

A Summary of the FV Homomorphic Encryption Scheme and the Average-Case Noise Growth

Homomorphic encryption is a method of encryption that allows for secure computation of data. Many industries are moving away from owning expensive high-powered computers and instead delegating costly computations to the cloud. In an age of data breaches, there is an inherent risk when putting sensitive data on the cloud. Homomorphic encryption allows one to securely perform computations on the cloud without allowing the host or any other party access to the raw data itself. One application being explored is encrypting health data on low-powered embedded devices, uploading it to a cloud application, performing computations to assess health risks, and send the results back to the user’s device for decryption and interpretation. Another application being explored is digital voting. This thesis aims to provide a summary of the current state-of-the-art of homomorphic encryption. We will begin by providing the reader with sources for the current main im- plementations and schemes they are based on. We will then present the mathematical background used in existing schemes. This includes a background on lattices, cyclotomic fields, rings of integers, and the underlying believed-to-be-hard problems existing schemes take advantage of. We will then shift our attention to the FV scheme which is based on the ring-LWE problem and is one of the main schemes used today. We will then briefly discuss some optimizations used in FV implementations. Finally, we will look at some probabilistic experiments which suggest the noise growth in FV is significantly lower than the theoretical maximum in the average case, and will explore some of the benefits that can be gained

Efficient reductions in cyclotomic rings - Application to R-LWE based FHE schemes

With Fully Homomorphic Encryption (FHE), it is possible to process encrypted data without having an access to the private-key. This has a wide range of applications, most notably the offloading of sensitive data processing. Most research on FHE has focused on the improvement of its efficiency, namely by introducing schemes based on the Ring-Learning With Errors (R-LWE) problem, and techniques such as batching, which allows for the encryption of multiple messages in the same ciphertext. Much of the related research has focused on RLWE relying on power-of-two cyclotomic polynomials. While it is possible to achieve efficient arithmetic with such polynomials, one cannot exploit batching. Herein, the efficiency of ring arithmetic underpinned by non-power-of-two cyclomotic polynomials is analysed and improved. Two methods for polynomial reduction are proposed, one based on the Barrett reduction and the other on a Montgomery representation. Speed-ups up to 2.66 are obtained for the reduction operation using an i7-5960X processor when compared with a straightforward implementation of the Barrett reduction. Moreover, the proposed methods are exploited to enhance homomorphic multiplication of FV and BGV encryption schemes, producing experimental speed-ups up to 1.37

NFLlib: NTT-based Fast Lattice Library

International audienceRecent years have witnessed an increased interest in lattice cryptography. Besides its strong security guarantees, its simplicity and versatility make this powerful theoretical tool a promising competitive alternative to classical cryptographic schemes. In this paper, we introduce NFLlib, an efficient and open-source C++ library dedicated to ideal lattice cryptography in the widely-spread polynomial ring Zp[x]/(x n + 1) for n a power of 2. The library combines al-gorithmic optimizations (Chinese Remainder Theorem, optimized Number Theoretic Transform) together with programming optimization techniques (SSE and AVX2 specializations, C++ expression templates, etc.), and will be fully available under the GPL license. The library compares very favorably to other libraries used in ideal lattice cryptography implementations (namely the generic number theory libraries NTL and flint implementing polynomial arithmetic, and the optimized library for lattice homomorphic encryption HElib): restricting the library to the aforementioned polynomial ring allows to gain several orders of magnitude in efficiency

Applying Fully Homomorphic Encryption: Practices and Problems

Fully homomorphic encryption (FHE) has been regarded as the "holy grail" of cryptography for its versatility as a cryptographic primitive and wide range of potential applications. Since Gentry published the first theoretically feasible FHE design in 2008, there has been a lot of new discoveries and inventions in this particular field. New schemes significantly reduce the computational cost of FHE and make practical deployment within reach. As a result, FHE schemes have come off the paper and been explored and tested extensively in practice. However, FHE is made possible with many new problems and assumptions that are not yet well studied. In this thesis we present a comprehensive and intuitive overview of the current applied FHE landscape, from design to implementation, and draw attention to potential vulnerabilities both in theory and in practice. In more detail, we show how to use currently available FHE libraries for aggregation and select parameters to avoid weak FHE instances

Towards practical fully homomorphic encryption

Fully homomorphic encryption (FHE) allows for computation of arbitrary func- tions on encrypted data by a third party, while keeping the contents of the encrypted data secure. This area of research has exploded in recent years following Gentry’s seminal work. However, the early realizations of FHE, while very interesting from a theoretical and proof-of-concept perspective, are unfortunately far too inefficient to provide any use in practice. The bootstrapping step is the main bottleneck in current FHE schemes. This step refreshes the noise level present in the ciphertexts by homomorphically evaluating the scheme’s decryption function over encryptions of the secret key. Bootstrapping is necessary in all known FHE schemes in order to allow an unlimited amount of computation, as without bootstrapping, the noise in the ciphertexts eventually grows to a point where decryption is no longer guaranteed to be correct. In this work, we present two new bootstrapping algorithms for FHE schemes. The first works on packed ciphertexts, which encrypt many bits at a time, while the second works on unpacked ciphertexts, which encrypt a single bit at a time. Our algorithms lie at the heart of the fastest currently existing implementations of fully homomorphic encryption for packed ciphertexts and for single-bit encryptions, respectively, running hundreds of times as fast for practical parameters as the previous best implementations.Ph.D