122 research outputs found
Privately Connecting Mobility to Infectious Diseases via Applied Cryptography
Human mobility is undisputedly one of the critical factors in infectious
disease dynamics. Until a few years ago, researchers had to rely on static data
to model human mobility, which was then combined with a transmission model of a
particular disease resulting in an epidemiological model. Recent works have
consistently been showing that substituting the static mobility data with
mobile phone data leads to significantly more accurate models. While prior
studies have exclusively relied on a mobile network operator's subscribers'
aggregated data, it may be preferable to contemplate aggregated mobility data
of infected individuals only. Clearly, naively linking mobile phone data with
infected individuals would massively intrude privacy. This research aims to
develop a solution that reports the aggregated mobile phone location data of
infected individuals while still maintaining compliance with privacy
expectations. To achieve privacy, we use homomorphic encryption, zero-knowledge
proof techniques, and differential privacy. Our protocol's open-source
implementation can process eight million subscribers in one and a half hours.
Additionally, we provide a legal analysis of our solution with regards to the
EU General Data Protection Regulation.Comment: Added differentlial privacy experiments and new benchmark
A Survey on Homomorphic Encryption Schemes: Theory and Implementation
Legacy encryption systems depend on sharing a key (public or private) among
the peers involved in exchanging an encrypted message. However, this approach
poses privacy concerns. Especially with popular cloud services, the control
over the privacy of the sensitive data is lost. Even when the keys are not
shared, the encrypted material is shared with a third party that does not
necessarily need to access the content. Moreover, untrusted servers, providers,
and cloud operators can keep identifying elements of users long after users end
the relationship with the services. Indeed, Homomorphic Encryption (HE), a
special kind of encryption scheme, can address these concerns as it allows any
third party to operate on the encrypted data without decrypting it in advance.
Although this extremely useful feature of the HE scheme has been known for over
30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE)
scheme, which allows any computable function to perform on the encrypted data,
was introduced by Craig Gentry in 2009. Even though this was a major
achievement, different implementations so far demonstrated that FHE still needs
to be improved significantly to be practical on every platform. First, we
present the basics of HE and the details of the well-known Partially
Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which
are important pillars of achieving FHE. Then, the main FHE families, which have
become the base for the other follow-up FHE schemes are presented. Furthermore,
the implementations and recent improvements in Gentry-type FHE schemes are also
surveyed. Finally, further research directions are discussed. This survey is
intended to give a clear knowledge and foundation to researchers and
practitioners interested in knowing, applying, as well as extending the state
of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the
survey that is being submitted to ACM CSUR and has been uploaded to arXiv for
feedback from stakeholder
Confidential Boosting with Random Linear Classifiers for Outsourced User-generated Data
User-generated data is crucial to predictive modeling in many applications.
With a web/mobile/wearable interface, a data owner can continuously record data
generated by distributed users and build various predictive models from the
data to improve their operations, services, and revenue. Due to the large size
and evolving nature of users data, data owners may rely on public cloud service
providers (Cloud) for storage and computation scalability. Exposing sensitive
user-generated data and advanced analytic models to Cloud raises privacy
concerns. We present a confidential learning framework, SecureBoost, for data
owners that want to learn predictive models from aggregated user-generated data
but offload the storage and computational burden to Cloud without having to
worry about protecting the sensitive data. SecureBoost allows users to submit
encrypted or randomly masked data to designated Cloud directly. Our framework
utilizes random linear classifiers (RLCs) as the base classifiers in the
boosting framework to dramatically simplify the design of the proposed
confidential boosting protocols, yet still preserve the model quality. A
Cryptographic Service Provider (CSP) is used to assist the Cloud's processing,
reducing the complexity of the protocol constructions. We present two
constructions of SecureBoost: HE+GC and SecSh+GC, using combinations of
homomorphic encryption, garbled circuits, and random masking to achieve both
security and efficiency. For a boosted model, Cloud learns only the RLCs and
the CSP learns only the weights of the RLCs. Finally, the data owner collects
the two parts to get the complete model. We conduct extensive experiments to
understand the quality of the RLC-based boosting and the cost distribution of
the constructions. Our results show that SecureBoost can efficiently learn
high-quality boosting models from protected user-generated data
SHIELD: Scalable Homomorphic Implementation of Encrypted Data-Classifiers
Homomorphic encryption (HE) systems enable computations on encrypted data, without decrypting and without knowledge of the secret key. In this work, we describe an optimized Ring Learning With Errors (RLWE) based implementation of a variant of the HE system recently proposed by Gentry, Sahai and Waters (GSW). Although this system was widely believed to be less efficient than its contemporaries, we demonstrate quite the opposite behavior for a large class of applications. We first highlight and carefully exploit the algebraic features of the system to achieve significant speedup over the state-of-the-art HE implementation, namely the IBM homomorphic encryption library (HElib). We introduce several optimizations on top of our HE implementation, and use the resulting scheme to construct a homomorphic Bayesian spam filter, secure multiple keyword search, and a homomorphic evaluator for binary decision trees. Our results show a factor of 10× improvement in performance (under the same security settings and CPU platforms) compared to IBM HElib for these applications. Our system is built to be easily portable to GPUs (unlike IBM HElib) which results in an additional speedup of up to a factor of 103.5× to offer an overall speedup of 1,035×
Hintless Single-Server Private Information Retrieval
We present two new constructions for private information retrieval (PIR) in the classical setting where the clients do not need to do any preprocessing or store any database dependent information, and the server does not need to store any client-dependent information.
Our first construction HintlessPIR eliminates the client preprocessing step from the recent LWE-based SimplePIR (Henzinger et. al., USENIX Security 2023) by outsourcing the hint related computation to the server, leveraging a new concept of homomorphic encryption with composable preprocessing.
We realize this concept on RLWE encryption schemes, and thanks to the composibility of this technique we are able to preprocess almost all the expensive parts of the homomorphic computation and reuse across multiple executions.
As a concrete application, we achieve very efficient matrix vector multiplication that allows us to build HintlessPIR. For a database of size 8GB, HintlessPIR achieves throughput about 3.7GB/s without requiring any client or server state.
We additionally formalize the matrix vector multiplication protocol as LinPIR primitive, which may be of independent interests.
In our second construction TensorPIR we reduce the communications of HintlessPIR from square root to cubic root in the database size.
For this purpose we extend our HE with preprocessing techniques to composition of key-switching keys and the query expansion algorithm.
We show how to use RLWE encryption with preprocessing to outsource LWE decryption for ciphertexts generated by homomorphic multiplications.
This allows the server to do more complex processing using a more compact query under LWE.
We implement and benchmark HintlessPIR which achieves better concrete costs than TensorPIR for a large set of databases of interest.
We show that it improves the communication of recent preprocessing constructions when clients do not have large numbers of queries or database updates frequently.
The computation cost for removing the hint is small and decreases as the database becomes larger, and it is always more efficient than other constructions with client hints such as Spiral PIR (Menon and Wu, S&P 2022).
In the setting of anonymous queries we also improve on Spiral\u27s communication
On Fully Homomorphic Encryption
Täielikult homomorfne krüpteerimine on krüptosüsteem, mille puhul üks osapool saab enda valdusesse krüpteeritud andmed ning saab nende andmetega tõhusalt sooritada erinevaid operatsioone.
Operatsioone saab teha hoolimata sellest, et andmed jäävad krüpteerituks ning seega ei ole ka vajalik teada dekrüpteerimisvõtit.
Selline süsteem oleks äärmiselt kasulik, näiteks tagades andmete privaatsuse, mis on saadetud kolmanda osapoole teenusele.
Täielikult homomorfne krüpteerimine on vastandiks krüptosüsteemidele nagu Paillier, kus ei ole võimalik teostada krüpteeritud andmete peal korrutamist ilma neid enne dekrüpteerimata, või ElGamal, kus ei saa sooritada krüpteeritud andmete liitmist enne andmete dekrüpteerimist.
Täielikult homomorfne krüpteerimine on väga uus uurimisala: esimese taolise süsteemi lõi Gentry aastal 2009.
Gentry läbimurdest alates on olnud palju tema tööst inspireeritud edasiminekuid.
Kõik viimased täielikult homomorfsed krüptosüsteemid kasutavad avaliku võtmega krüptograafiat ja põhinevad võredel.
Võre-põhine krüptograafia äratab üha enam huvi oma turvalisuse püsimisega kvantarvutites ning oma halvima juhu turvagarantiidega.
Siiski jääb püsima peamine probleem: süsteemidel ei ole veel tõhusat teostust, mis säilitaks adekvaatsed turvalisuse nõuded.
Selles valguses vaadatuna, viimased edasiminekud täielikult homomorfses krüpteerimises kas täiendavad eelnevate süsteemide tõhusust või pakuvad välja uue parema efektiivsusega skeemi.
Antud uurimus on ülevaade hiljutistest täielikult homomorfsetest krüptosüsteemidest.
Õpime tundma mõningaid viimaseid täielikult homomorfseid krüptosüsteeme, analüüsime ning võrdleme neid.
Neil süsteemidel on teatud ühised elemendid:
1. Tõhus võre-põhine krüptosüsteem turvalisusega, mis põhineb üldteada võreprobleemide keerulisusel.
2. Arvutusfunktsioon definitsioonidega homomorfsele liitmisele ja korrutamisele müra kasvu piiramiseks.
3. Meetodid, et muuta süsteem täielikult homomorfseks selle arvutusfunktsiooniga.
Niipea kui võimalik, kirjutame nende süsteemide peamised tulemused ümber detailsemas ja loetavamas vormis.
Kõik skeemid, mida me arutame, välja arvatud Gentry, on väga uued.
Kõige varasem arutletav töö avaldati oktoobris aastal 2011 ning mõningad tööd on veel kättesaadavad ainult elektroonilisel kujul.
Loodame, et käesolev töö aitab lugejail olla kursis täielikult homomorfse krüpteerimisega, rajades teed edasistele arengutele selles vallas
Large-Plaintext Functional Bootstrapping in FHE with Small Bootstrapping Keys
Functional bootstrapping is a core technique in Fully Homomorphic Encryption
(FHE). For large plaintext, to evaluate a general function homomorphically over
a ciphertext, in the FHEW/TFHE approach, since the function in look-up table
form is encoded in the coefficients of a test polynomial, the degree of the
polynomial must be high enough to hold the entire table. This increases the
bootstrapping time complexity and memory cost, as the size of bootstrapping
keys and keyswitching keys need to be large accordingly. In this paper, we
propose to encode the look-up table of any function in a polynomial vector,
whose coefficients can hold more data. The corresponding representation of the
additive group Zq used in the RGSW-based bootstrapping is the group of monic
monomial permutation matrices, which integrates the permutation matrix
representation used by Alperin-Sheriff and Peikert in 2014, and the monic
monomial representation used in the FHEW/TFHE scheme. We make comprehensive
investigation of the new representation, and propose a new bootstrapping
algorithm based on it. The new algorithm has the prominent benefit of small
bootstrapping key size and small key-switching key size, which leads to
polynomial factor improvement in key size, in addition to constant factor
improvement in run-time cost.Comment: 12 pages,under review of some journa
- …