A custom accelerator for homomorphic encryption applications

After the introduction of first fully homomorphic encryption scheme in 2009, numerous research work has been published aiming at making fully homomorphic encryption practical for daily use. The first fully functional scheme and a few others that have been introduced has been proven difficult to be utilized in practical applications, due to efficiency reasons. Here, we propose a custom hardware accelerator, which is optimized for a class of reconfigurable logic, for Lopez-Alt, Tromer and Vaikuntanathan’s somewhat homomorphic encryption based schemes. Our design is working as a co-processor which enables the operating system to offload the most compute–heavy operations to this specialized hardware. The core of our design is an efficient hardware implementation of a polynomial multiplier as it is the most compute–heavy operation of our target scheme. The presented architecture can compute the product of very–large polynomials in under 6.25 ms which is 102 times faster than its software implementation. In case of accelerating homomorphic applications; we estimate the per block homomorphic AES as 442 ms which is 28.5 and 17 times faster than the CPU and GPU implementations, respectively. In evaluation of Prince block cipher homomorphically, we estimate the performance as 52 ms which is 66 times faster than the CPU implementation

HOMOMORPHIC AUTOCOMPLETE

With the rapid progress in fully homomorpic encryption (FHE) and somewhat homomorphic encryption (SHE) schemes, we are wit- nessing renewed efforts to revisit privacy preserving protocols. Several works have already appeared in the literature that provide solutions to these problems by employing FHE or SHE techniques. These applications range from cloud computing to computation over confidential patient data to several machine learning problems such as classifying privatized data. One application where privacy is a major concern is web search – a task carried out on a daily basis by billions of users around the world. In this work, we focus on a more surmountable yet essential version of the search problem, i.e. autocomplete. By utilizing a SHE scheme we propose concrete solutions to a homomorphic autocomplete problem. To investigate the real-life viability, we tackle a number of problems in the way towards a practical implementation such as communication and computational efficiency

Blind Web Search: How far are we from a privacy preserving search engine?

Recent rapid progress in fully homomorphic encryption (FHE) and somewhat homomorphic encryption (SHE) has catalyzed renewed efforts to develop efficient privacy preserving protocols. Several works have already appeared in the literature that provide solutions to these problems by employing FHE or SHE techniques. In this work, we focus on a natural application where privacy is a major concern: web search. An estimated 5 billion web queries are processed by the world\u27s leading search engines each day. It is no surprise, then, that privacy-preserving web search was proposed as the paragon FHE application in Gentry\u27s seminal FHE paper. Indeed, numerous proposals have emerged in the intervening years that attack various privatized search problems over encrypted user data, e.g. private information retrieval (PIR). Yet, there is no known work that focuses on implementing a completely blind web search engine using an FHE/SHE construction. In this work, we focus first on single keyword queries with exact matches, aiming toward real-world viability. We then discuss multiple-keyword searches and tackle a number of issues currently hindering practical implementation, such as communication and computational efficiency

Efficient Multiplication Architectures for Truncated Polynomial Ring

In this thesis, four efficient multiplication architectures, named as Multipliers I, II, III, and IV, respectively, for truncated polynomial ring are proposed. Their FPGA implementation results are presented. All of the four proposed multipliers can be used for implementation of NTRUEncrypt public key system. All new multiplication architectures are based on certain extensions to Linear Feedback Shift Register (LFSR). Multiplier I uses x^2-net structure for LFSR, which scans two consecutive coefficients in the control input polynomial r(x) during one clock cycle. In Multiplier II, three consecutive zeros in the control input polynomial r(x) can be processed during one clock cycle. Multiplier III takes advantage of consecutive zeros in the control input polynomial r(x). Multiplier IV is resistant to certain side-channel attacks through controlling the operations for each clock cycle. An FPGA complexity comparison among the proposed multipliers and the existing similar works is made, including number of adaptive logic modules (ALMs), number of registers, number of cycles, maximum operating frequency (FMax) and latency. The FPGA comparison results are given as follows. Multiplier I has smaller latency than any existing works when the first set of parameters from every security level is used (ees401ep1, ees449ep1, ees677ep1, ees1087ep2). Multiplier II is the second best in speed compared to existing works, but has better area-latency product compared to the fastest existing work for the first set of parameters at security level 112-bit, 128-bit and 192-bit. As an enhanced version of Multiplier II, Multiplier III is faster than any existing works in comparison for all IEEE recommended parameter sets. Multiplier IV, designed to be resistant to side channel attacks, also has high speed property that it outperforms all the existing works in terms of latency for all three parameter sets to which it is applicable

Fully Homomorphic Encryption from the Finite Field Isomorphism Problem

If $q$ is a prime and $n$ is a positive integer then any two finite fields of order $q^n$ are isomorphic. Elements of these fields can be thought of as polynomials with coefficients chosen modulo $q$, and a notion of length can be associated to these polynomials. A non-trivial isomorphism between the fields, in general, does not preserve this length, and a short element in one field will usually have an image in the other field with coefficients appearing to be randomly and uniformly distributed modulo $q$. This key feature allows us to create a new family of cryptographic constructions based on the difficulty of recovering a secret isomorphism between two finite fields. In this paper we describe a fully homomorphic encryption scheme based on this new hard problem