Threshold Fully Homomorphic Encryption and Secure Computation

Cramer, Damgård, and Nielsen~\cite{CDN01} show how to construct an efficient secure multi-party computation scheme using a threshold homomorphic encryption scheme that has four properties i) a honest-verifier zero-knowledge proof of knowledge of encrypted values, ii) proving multiplications correct iii) threshold decryption and iv) trusted shared key setup. Naor and Nissim~\cite{NN01a} show how to construct secure multi-party protocols for a function $f$ whose communication is proportional to the communication required to evaluate $f$ without security, albeit at the cost of computation that might be exponential in the description of $f$. Gentry~\cite{Gen09a} shows how to combine both ideas with fully homomorphic encryption in order to construct secure multi-party protocol that allows evaluation of a function $f$ using communication that is {\bf independent of the circuit description of $f$} and computation that is polynomial in $|f|$. This paper addresses the major drawback\u27s of Gentry\u27s approach: we eliminate the use of non-black box methods that are inherent in Naor and Nissim\u27s compiler. To do this we show how to modify the fully homomorphic encryption construction of van Dijk et al.~\cite{vDGHV10} to be threshold fully homomorphic encryption schemes. We directly construct (information theoretically) secure protocols for sharing the secret key for our threshold scheme (thereby removing the setup assumptions) and for jointly decrypting a bit. All of these constructions are constant round and we thoroughly analyze their complexity; they address requirements (iii) and (iv). The fact that the encryption scheme is fully homomorphic addresses requirement (ii). To address the need for an honest-verifier zero-knowledge proof of knowledge of encrypted values, we instead argue that a weaker solution suffices. We provide a 2-round blackbox protocol that allows us to prove knowledge of encrypted bits. Our protocol is not zero-knowledge, but it provably does not release any information about the bit being discussed, and this is sufficient to prove the correctness of a simulation in a method similar to Cramer et al. Altogether, \emph{we construct the first black-box secure multi-party computation protocol that allows evaluation of a function $f$ using communication that is independent of the circuit description of $f$}

LWE 문제 기반 공개키 암호 및 commitment 스킴의 효율적인 인스턴스화

학위논문 (박사)-- 서울대학교 대학원 : 자연과학대학 수리과학부, 2018. 2. 천정희.The Learning with Errors (LWE) problem has been used as a underlying problem of a variety of cryptographic schemes. It makes possible constructing advanced solutions like fully homomorphic encryption, multi linear map as well as basic primitives like key-exchange, public-key encryption, signature. Recently, developments in quantum computing have triggered interest in constructing practical cryptographic schemes. In this thesis, we propose efficient post-quantum public-key encryption and commitment schemes based on a variant LWE, named as spLWE. We also suggest related zero-knowledge proofs and LWE-based threshold cryptosystems as an application of the proposed schemes. In order to achieve these results, it is essential investigating the hardness about the variant LWE problem, spLWE. We describe its theoretical, and concrete hardness from a careful analysis.1.Introduction 1 2.Preliminaries 5 2.1 Notations 5 2.2 Cryptographic notions 5 2.2.1 Key Encapsulation Mechanism 5 2.2.2 Commitment Scheme 6 2.2.3 Zero-Knowledge Proofs and Sigma-Protocols 7 2.3 Lattices 9 2.4 Discrete Gaussian Distribution 11 2.5 Computational Problems 12 2.5.1 SVP 12 2.5.2 LWE and Its Variants 12 2.6 Known Attacks for LWE 13 2.6.1 The Distinguishing Attack 14 2.6.2 The Decoding Attack 15 3.LWE with Sparse Secret, spLWE 16 3.1 History 16 3.2 Theoratical Hardness 17 3.2.1 A Reduction from LWE to spLWE 18 3.3 Concrete Hardness 21 3.3.1 Dual Attack (distinguish version) 21 3.3.2 Dual Attack (search version) 23 3.3.3 Modifed Embedding Attack 25 3.3.4 Improving Lattice Attacks for spLWE 26 4.LWE-based Public-Key Encryptions 29 4.1 History 29 4.2 spLWE-based Instantiations 31 4.2.1 Our Key Encapsulation Mechanism 31 4.2.2 Our KEM-Based Encryption Scheme 33 4.2.3 Security 35 4.2.4 Correctness 36 4.3 Implementation 37 4.3.1 Parameter Selection 38 4.3.2 Implementation Result 39 5.LWE-based Commitments and Zero-Knowledge Proofs 41 5.1 History 42 5.2 spLWE-based Instantiations 43 5.2.1 Our spLWE-based Commitments 44 5.2.2 Proof for Opening Information 47 5.3 Application to LWE-based Threshold Crytosystems 50 5.3.1 Zero-Knowledge Proofs of Knowledge for Threshold Decryption 50 5.3.2 Actively Secure Threshold Cryptosystems 58 6.Conclusions 63Docto

Aggregating privatized medical data for secure querying applications

 This thesis analyses and examines the challenges of aggregation of sensitive data and data querying on aggregated data at cloud server. This thesis also delineates applications of aggregation of sensitive medical data in several application scenarios, and tests privatization techniques to assist in improving the strength of privacy and utility