A note on the construction of pairing-friendly elliptic curves for composite order protocols

In pairing-based cryptography, the security of protocols using composite order groups relies on the difficulty of factoring a composite number $N$. Boneh~\etal~proposed the Cocks-Pinch method to construct ordinary pairing-friendly elliptic curves having a subgroup of composite order $N$. Displaying such a curve as a public parameter implies revealing a square root $s$ of the complex multiplication discriminant $-D$ modulo $N$. We exploit this information leak and the structure of the endomorphism ring of the curve to factor the RSA modulus, under certain conditions. Our conclusion is that the values of $s$ modulo each prime in the factorization of $N$ should be chosen as high entropy input parameters when running the Cocks-Pinch algorithm

Plug-and-play sanitization for TFHE

Fully Homomorphic encryption allows to evaluate any circuits over encrypted data while preserving the privacy of the data. Another desirable property of FHE called circuit privacy enables to preserve the privacy of the evaluation circuit, i.e. all the information on the bootstrapped ciphertext, including the computation that was performed to obtain it, is destroyed. In this paper, we show how to directly build a circuit private FHE scheme from TFHE bootstrapping (Asiacrypt 2016). Our proof frame is inspired from the techniques used in Bourse etal (Crypto 2016), we provide a statistical analysis of the error growth during the bootstrapping procedure where we adapt discrete Gaussian lemmata over rings. We make use of a randomized decomposition for the homomorphic external product and introduce a public key encryption scheme with invariance properties on the ciphertexts distribution. As a proof of concept, we provide a C implementation of our sanitization strategy

Improving TFHE: faster packed homomorphic operations and efficient circuit bootstrapping

In this paper, we present several methods to improve the evaluation of homomorphic functions, both for fully and for leveled homomorphic encryption. We propose two packing methods, in order to decrease the expansion factor and optimize the evaluation of look-up tables and random functions in TRGSW-based homomorphic schemes. We also extend the automata logic, introduced in [19, 12], to the efficient leveled evaluation of weighted automata, and present a new homomorphic counter called TBSR, that supports all the elementary operations that occur in a multiplication. These improvements speed-up the evaluation of most arithmetic functions in a packed leveled mode, with a noise overhead that remains additive. We finally present a new circuit bootstrapping that converts TLWE into low-noise TRGSW ciphertexts in just 137ms, which makes the leveled mode of TFHE composable, and which is fast enough to speed-up arithmetic functions, compared to the gate-by-gate bootstrapping given in [12]. Finally, we propose concrete parameter sets and timing comparison for all our constructions

Homomorphically counting elements with the same property

We propose homomorphic algorithms for privacy-preserving applications where we are given an encrypted dataset and we want to compute the number of elements that share a common property. We consider a two-party scenario between a client and a server, where the storage and computation is outsourced to the server. We present two new efficient methods to solve this problem by homomorphically evaluating a selection function encoding the desired property, and counting the number of elements which evaluates to the same value. Our first method programs the homomorphic computation in the style of the functional bootstrapping of TFHE and can be instantiated with essentially any homomorphic encryption scheme that operates on polynomials, like FV or BGV. Our second method relies on new homomorphic operations and ciphertext formats, and it is more suitable for applications where the number of possible inputs is much larger than the number of possible values for the property. We illustrate the feasibility of our methods by presenting a publicly available proof-of-concept implementation in C++ and using it to evaluate a heatmap function over encrypted geographic points

Weak instances on composite order protocols

no abstrac

Identity-Based Encryption from Lattices Using Approximate Trapdoors

International audienceUnlabelled - Wheat is an essential food crop and its high and stable yield is suffering from great challenges due to the limitations of current breeding technology and various stresses. Accelerating molecularly assisted stress-resistance breeding is critical. Through a meta-analysis of published loci in wheat over the last two decades, we selected 60 loci with main breeding objectives, high heritability, and reliable genotyping, such as stress resistance, yield, plant height, and resistance to spike germination. Then, using genotyping by target sequencing (GBTS) technology, we developed a liquid phase chip based on 101 functional or closely linked markers. The genotyping of 42 loci was confirmed in an extensive collection of Chinese wheat cultivars, indicating that the chip can be used in molecular-assisted selection (MAS) for target breeding goals. Besides, we can perform the preliminary parentage analysis with the genotype data. The most significant contribution of this work lies in translating a large number of molecular markers into a viable chip and providing reliable genotypes. Breeders can quickly screen germplasm resources, parental breeding materials, and intermediate materials for the presence of excellent allelic variants using the genotyping data by this chip, which is high throughput, convenient, reliable, and cost-efficient. Supplementary information - The online version contains supplementary material available at 10.1007/s11032-023-01359-3