Fully Homomorphic Encryption
|
|
- Susan Lorin McCarthy
- 5 years ago
- Views:
Transcription
1 Fully Homomorphic Encryption Thomas PLANTARD Universiy of Wollongong - thomaspl@uow.edu.au Plantard (UoW) FHE 1 / 24
2 Outline 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework Somewhat Homomorphic Encryption Bootstrapping 3 Security/Open Problems Principal Ideal Lattice Approximate GCD Learning With Error 4 Conclusion Plantard (UoW) FHE 2 / 24
3 Introduction 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework Somewhat Homomorphic Encryption Bootstrapping 3 Security/Open Problems Principal Ideal Lattice Approximate GCD Learning With Error 4 Conclusion Plantard (UoW) FHE 3 / 24
4 Introduction Privacy Homomorphism Raised in 1978 by Rivest, Adleman and Dertouzos To evaluate arbitrary number of ciphertext, without knowing corresponding plaintext. Example m 0 = 1 with c 0 = Enc(m0) = ( ). m 1 = 0 with c 1 = Enc(m1) = ( ). m 2 = 1 with c 2 = Enc(m2) = ( ). C(x 0, x 1, x 2, x 3 ) = x 0 x 1 x 3 + x 1 x 2 + x mod 2. How Find c 3 = Enc(C(m 0, m 2, m 1, m 2 )) without knowing m 0, m 1, m 2. Plantard (UoW) FHE 4 / 24
5 Formal Definition Fully homomorphic encryption scheme (FHE) A scheme H f consists following four algorithms: KeyGen; Encrypt; Decrypt; Eval. H f is fully homomorphic if for any c i = Encrypt(pk, m i ) and any permitted circuit C n, the following holds: Decrypt(sk, Eval n (pk, C n, c 1, c 2,..., c n )) = C n (m 1, m 2,..., m n ) Plantard (UoW) FHE 5 / 24
6 Applications Features To bring privacy to cloud computing; Cloud processes users data without necessity of decrypting it. Applications Data is private, Algorithm is public; Example: a hospital outsources its patients information to a research institute for acquiring further analysis from the institute, as the institute has more computational power compared to the hospital; Data is private, Algorithm is private too; Example: a company outsources its financial status to an auditing company, however, the auditing algorithm is auditing the company s private property. Plantard (UoW) FHE 6 / 24
7 Timeline Fully Homomorphic Encryption Schemes Rivest, Adleman and Dertouzos: Privacy Homomorphism Craig Gentry: First FHE based on ideal lattice van Dijk, Gentry, Halevi and Vaikuntanathan: First FHE based on integer (Approximate-GCD problem); Gentry-Halevi: First implementation of Gentry Brakerski-Vaikuntanathan: First based on Ring Learning With Error Brakerski-Vaikuntanathan: First based on Learning With Error. Plantard (UoW) FHE 7 / 24
8 Gentry Framework 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework Somewhat Homomorphic Encryption Bootstrapping 3 Security/Open Problems Principal Ideal Lattice Approximate GCD Learning With Error 4 Conclusion Plantard (UoW) FHE 8 / 24
9 A real world scenario Alice s Jewellery store Alice puts materials in locked glovebox, Alice keeps the key, Bob assembles jewellery in the box, Alice unlocks box to get results. Plantard (UoW) FHE 9 / 24
10 Somewhat Homomorphic Encryption 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework Somewhat Homomorphic Encryption Bootstrapping 3 Security/Open Problems Principal Ideal Lattice Approximate GCD Learning With Error 4 Conclusion Plantard (UoW) FHE 10 / 24
11 Somewhat homomorphic encryption scheme (SHE) A simple scheme p: an odd integer, (secret key) r i : a small integer, (noise) with r i << p. g i : a big integer, Encrypt: c i = m i + 2r i + g i p. Decrypt: m = (c mod p) mod 2. An example m = 1, p = 107, g = 11, r = 5 Encrypt: c = m + 2r + gp = = Decrypt: m = (c mod p) mod 2 = (1188 mod 107) mod 2 = 11 mod 2 = 1. Plantard (UoW) FHE 11 / 24
12 This scheme is already homomorphic. c 1 = m 1 + 2r 1 + g 1 p, c 2 = m 2 + 2r 2 + g 2 p. c 0 = c 1 + c 2 = (m 1 + m 2 ) + 2(r 1 + r 2 ) + (g 1 + g 2 )p. c 0 = c 1 c 2 = (m 1 m 2 )+2(2r 1 r 2 +m 1 r 2 +m 2 r)+(c 2 g 1 +c 1 g 2 +g 1 +g 2 )p. A simple example: a multiplication p = 107, m 1 = 1, m 2 = 0, r 1 = 5, r 2 = 3, g 1 = 11, g 2 = 12; c 1 = = 1188; c 2 = = 1290; c 0 = c 1 c 2 = ; m 0 = (c 0 mod 107) mod 2 = 66 mod 2 = 0 = m 1 m 2 ; Plantard (UoW) FHE 12 / 24
13 Limitation An example of limitation Finding c 0 = c 1 c 2 c 3 : p = 107; m 1 = 1, m 2 = 0, m 3 = 1; r 1 = 5, r 2 = 3, r 3 = 4, g 1 = 11, g 2 = 12, g 3 = 13; c 1 = = 1188; c 2 = = 1290; c 3 = = 1400; c 1 c 2 c 3 = ; (c 1 c 2 c 3 mod p) mod 2 = 1 m 1 m 2 m 3. ERROR!!! Plantard (UoW) FHE 13 / 24
14 Formal Definition Somewhat homomorphic encryption scheme (SHE) H s is somewhat homomorphic if there exist E H such that Eq. 1 holds when the depth of C is smaller than E H. Decrypt(sk, Eval n (pk, C n, c 1, c 2,..., c n )) = C n (m 1, m 2,..., m n ) (1) E H is the evaluation depth and is bounded. Alice s Jewellery Store The process generates lots of rubbish; the glovebox last for only 2 minutes, the process takes 10 minutes. Plantard (UoW) FHE 14 / 24
15 Bootstrapping 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework Somewhat Homomorphic Encryption Bootstrapping 3 Security/Open Problems Principal Ideal Lattice Approximate GCD Learning With Error 4 Conclusion Plantard (UoW) FHE 15 / 24
16 Bootstrapping Alice s Jewellery Store The glovebox last for only 2 minutes before being full, the process takes 10 minutes. Alice cuts the process into 10 pieces; Alice places 10 pieces into 10 different glovebox; Alice puts the 1st key into 2nd box, 2nd key into 3rd box... Alice keeps the 10th key. Bob starts with the 1st glovebox; When first glovebox is full, Bob put it into 2nd glovebox, unlock 1st and keep on processing... Plantard (UoW) FHE 16 / 24
17 Bootstrappability H s : a homomorphic encryption scheme; E H : evaluation circuit depth; D H : decryption circuit depth; H is a bootstrappable homomorphic encryption scheme if D H < E H. SHE Alice encrypts her data with her secret key. Alice gives Bob her secret key encrypted bit by bit. Bob evaluate one operation (addition, multiplication): E H E H 1 Use the rest of your evaluation depth to evaluate homomorphicly Decrypt. Plantard (UoW) FHE 17 / 24
18 Bootstrapping Plantard (UoW) FHE 18 / 24
19 Security/Open Problems 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework Somewhat Homomorphic Encryption Bootstrapping 3 Security/Open Problems Principal Ideal Lattice Approximate GCD Learning With Error 4 Conclusion Plantard (UoW) FHE 19 / 24
20 Principal Ideal Lattice p, γ, n Z such that γ n ±1 mod p. Find f Z[x] of degree < n such that Example f(γ) = 0 mod p, f i << p. p = 19601, γ = 17465, n = 8 such that mod f (x) = 2x 6 + x 5 + 2x 4 2x 3 + x 2 + x + 2 is such that f (17465) 0 mod Security Unknown asymptotic complexity Small Challenge Parameters: γ, p , n = 512. Serious Challenge Parameters: γ, p , n = Plantard (UoW) FHE 20 / 24
21 Approximate Greatest Common Divisor A i Z. Find p Z such that i, r i = (A i mod p) r i << p. Example A 1 = 1188, A 2 = 1290, A 3 = 1400 p = 107. (1188 mod 107 = 11), (1290 mod 107 = 6),(1400 mod 107 = 9). Security Unknown asymptotic complexity ( Factorization). Old Parameters: A i , #{A i } New Parameters: A i > , #{A i } = Plantard (UoW) FHE 21 / 24
22 Learning With Error Problem s (Z/pZ) n, v i = sa T i + e i. Find s from a i, v i. Example 2s 0 + 6s 1 + 7s 2 + s 3 2 mod 17 5s 0 + 9s 1 + 2s s 3 7 mod 17 4s 0 + 9s 1 + 8s s 3 13 mod 17 9s 0 + s 1 + s 2 + 2s 3 5 mod Security Some complexity equivalence GapUSVP. Some complexity equivalence GapSVP on quantum computer. Plantard (UoW) FHE 22 / 24
23 Conclusion 1 Introduction Privacy Homomorphism Applications Timeline 2 Gentry Framework Somewhat Homomorphic Encryption Bootstrapping 3 Security/Open Problems Principal Ideal Lattice Approximate GCD Learning With Error 4 Conclusion Plantard (UoW) FHE 23 / 24
24 Conclusion FHE is possible Construct a Somewhat Homomorphic Encryption (SHE) scheme; Bootstrap the squashed scheme; Requires the user to publish the encryption of its secret key; Major Problem: Efficiency In 2011, a 32-bits addition takes roughly 50 minutes with ideal lattice. In 2012, a 1-bit operation takes roughly 11 minutes with integer with 10MB keys. In 2012, a full AES utilization takes roughly 36 hours using 256GB of RAM based on RLWE. Plantard (UoW) FHE 24 / 24
Fully Homomorphic Encryption over the Integers
Fully Homomorphic Encryption over the Integers Many slides borrowed from Craig Marten van Dijk 1, Craig Gentry 2, Shai Halevi 2, Vinod Vaikuntanathan 2 1 MIT, 2 IBM Research Computing on Encrypted Data
More informationPublic Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers
Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers Jean-Sébastien Coron, David Naccache and Mehdi Tibouchi University of Luxembourg & ENS & NTT EUROCRYPT, 2012-04-18
More informationSome security bounds for the DGHV scheme
Some security bounds for the DGHV scheme Franca Marinelli f.marinelli@studenti.unitn.it) Department of Mathematics, University of Trento, Italy Riccardo Aragona riccardo.aragona@unitn.it) Department of
More informationAn Overview of Homomorphic Encryption
An Overview of Homomorphic Encryption Alexander Lange Department of Computer Science Rochester Institute of Technology Rochester, NY 14623 May 9, 2011 Alexander Lange (RIT) Homomorphic Encryption May 9,
More informationFully Homomorphic Encryption over the Integers
Fully Homomorphic Encryption over the Integers Many slides borrowed from Craig Marten van Dijk 1, Craig Gentry 2, Shai Halevi 2, Vinod Vaikuntanathan 2 1 MIT, 2 IBM Research The Goal I want to delegate
More informationShai Halevi IBM August 2013
Shai Halevi IBM August 2013 I want to delegate processing of my data, without giving away access to it. I want to delegate the computation to the cloud, I want but the to delegate cloud the shouldn t computation
More informationFully Homomorphic Encryption from LWE
Fully Homomorphic Encryption from LWE Based on joint works with: Zvika Brakerski (Stanford) Vinod Vaikuntanathan (University of Toronto) Craig Gentry (IBM) Post-Quantum Webinar, November 2011 Outsourcing
More informationAn RNS variant of fully homomorphic encryption over integers
An RNS variant of fully homomorphic encryption over integers by Ahmed Zawia A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Applied
More informationFULLY HOMOMORPHIC ENCRYPTION
FULLY HOMOMORPHIC ENCRYPTION A Thesis Submitted in Partial Fulfilment of the Requirements for the Award of the Degree of Master of Computer Science - Research from UNIVERSITY OF WOLLONGONG by Zhunzhun
More informationReport Fully Homomorphic Encryption
Report Fully Homomorphic Encryption Elena Fuentes Bongenaar July 28, 2016 1 Introduction Outsourcing computations can be interesting in many settings, ranging from a client that is not powerful enough
More informationManipulating Data while It Is Encrypted
Manipulating Data while It Is Encrypted Craig Gentry IBM Watson ACISP 2010 The Goal A way to delegate processing of my data, without giving away access to it. Application: Private Google Search I want
More informationHOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY 1 / 51
HOMOMORPHIC ENCRYPTION AND LATTICE BASED CRYPTOGRAPHY Abderrahmane Nitaj Laboratoire de Mathe matiques Nicolas Oresme Universite de Caen Normandie, France Nouakchott, February 15-26, 2016 Abderrahmane
More informationComputing with Encrypted Data Lecture 26
Computing with Encrypted Data 6.857 Lecture 26 Encryption for Secure Communication M Message M All-or-nothing Have Private Key, Can Decrypt No Private Key, No Go cf. Non-malleable Encryption Encryption
More informationPublic Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers
Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers Jean-Sébastien Coron 1, David Naccache 2, and Mehdi Tibouchi 3 1 Université du Luxembourg jean-sebastien.coron@uni.lu
More informationPacking Messages and Optimizing Bootstrapping in GSW-FHE
Packing Messages and Optimizing Bootstrapping in GSW-FHE Ryo Hiromasa Masayuki Abe Tatsuaki Okamoto Kyoto University NTT PKC 15 April 1, 2015 1 / 13 Fully Homomorphic Encryption (FHE) c Enc(m) f, c ĉ Eval(
More informationFULLY HOMOMORPHIC ENCRYPTION: Craig Gentry, IBM Research
FULLY HOMOMORPHIC ENCRYPTION: CURRENT STATE OF THE ART Craig Gentry, IBM Research Africacrypt 2012 Homomorphic Encryption The special sauce! For security parameter k, Eval s running should be Time(f) poly(k)
More informationFully Homomorphic Encryption and Bootstrapping
Fully Homomorphic Encryption and Bootstrapping Craig Gentry and Shai Halevi June 3, 2014 China Summer School on Lattices and Cryptography Fully Homomorphic Encryption (FHE) A FHE scheme can evaluate unbounded
More informationOn Homomorphic Encryption and Secure Computation
On Homomorphic Encryption and Secure Computation challenge response Shai Halevi IBM NYU Columbia Theory Day, May 7, 2010 Computing on Encrypted Data Wouldn t it be nice to be able to o Encrypt my data
More informationFully Homomorphic Encryption
Fully Homomorphic Encryption Mitchell Harper June 2, 2014 1 Contents 1 Introduction 3 2 Cryptography Primer 3 2.1 Definitions............................. 3 2.2 Using a Public-key Scheme....................
More informationClassical hardness of the Learning with Errors problem
Classical hardness of the Learning with Errors problem Adeline Langlois Aric Team, LIP, ENS Lyon Joint work with Z. Brakerski, C. Peikert, O. Regev and D. Stehlé August 12, 2013 Adeline Langlois Hardness
More informationClassical hardness of Learning with Errors
Classical hardness of Learning with Errors Adeline Langlois Aric Team, LIP, ENS Lyon Joint work with Z. Brakerski, C. Peikert, O. Regev and D. Stehlé Adeline Langlois Classical Hardness of LWE 1/ 13 Our
More informationThe Distributed Decryption Schemes for Somewhat Homomorphic Encryption
Copyright c The Institute of Electronics, Information and Communication Engineers SCIS 2012 The 29th Symposium on Cryptography and Information Security Kanazawa, Japan, Jan. 30 - Feb. 2, 2012 The Institute
More informationLattice Based Crypto: Answering Questions You Don't Understand
Lattice Based Crypto: Answering Questions You Don't Understand Vadim Lyubashevsky INRIA / ENS, Paris Cryptography Secure communication in the presence of adversaries Symmetric-Key Cryptography Secret key
More informationGentry s Fully Homomorphic Encryption Scheme
Gentry s Fully Homomorphic Encryption Scheme Under Guidance of Prof. Manindra Agrawal Rishabh Gupta Email: rishabh@cse.iitk.ac.in Sanjari Srivastava Email: sanjari@cse.iitk.ac.in Abstract This report presents
More informationMultikey Homomorphic Encryption from NTRU
Multikey Homomorphic Encryption from NTRU Li Chen lichen.xd at gmail.com Xidian University January 12, 2014 Multikey Homomorphic Encryption from NTRU Outline 1 Variant of NTRU Encryption 2 Somewhat homomorphic
More informationFully Homomorphic Encryption. Zvika Brakerski Weizmann Institute of Science
Fully Homomorphic Encryption Zvika Brakerski Weizmann Institute of Science AWSCS, March 2015 Outsourcing Computation x x f f(x) Email, web-search, navigation, social networking What if x is private? Search
More informationHomomorphic Encryption. Liam Morris
Homomorphic Encryption Liam Morris Topics What Is Homomorphic Encryption? Partially Homomorphic Cryptosystems Fully Homomorphic Cryptosystems Benefits of Homomorphism Drawbacks of Homomorphism What Is
More informationBetter Bootstrapping in Fully Homomorphic Encryption
Better Bootstrapping in Fully Homomorphic Encryption Craig Gentry 1, Shai Halevi 1, and Nigel P. Smart 2 1 IBM T.J. Watson Research Center 2 Dept. Computer Science, University of Bristol Abstract. Gentry
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationFully Homomorphic Encryption
Fully Homomorphic Encryption Boaz Barak February 9, 2011 Achieving fully homomorphic encryption, under any kind of reasonable computational assumptions (and under any reasonable definition of reasonable..),
More informationBatch Fully Homomorphic Encryption over the Integers
Batch Fully Homomorphic Encryption over the Integers Jung Hee Cheon 1, Jean-Sébastien Coron 2, Jinsu Kim 1, Moon Sung Lee 1, Tancrède Lepoint 3,4, Mehdi Tibouchi 5, and Aaram Yun 6 1 Seoul National University
More informationCRT-based Fully Homomorphic Encryption over the Integers
CRT-based Fully Homomorphic Encryption over the Integers Jinsu Kim 1, Moon Sung Lee 1, Aaram Yun 2 and Jung Hee Cheon 1 1 Seoul National University (SNU), Republic of Korea 2 Ulsan National Institute of
More informationParameter Constraints on Homomorphic Encryption Over the Integers
Parameter Constraints on Homomorphic Encryption Over the Integers Melanie Pabstel Thesis submitted to the Faculty of Graduate and Postdoctoral Studies in partial fulfillment of the requirements for the
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationOpen problems in lattice-based cryptography
University of Auckland, New Zealand Plan Goal: Highlight some hot topics in cryptography, and good targets for mathematical cryptanalysis. Approximate GCD Homomorphic encryption NTRU and Ring-LWE Multi-linear
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationScale-Invariant Fully Homomorphic Encryption over the Integers
Scale-Invariant Fully Homomorphic Encryption over the Integers Jean-Sébastien Coron 1, Tancrède Lepoint 1,,3, and Mehdi Tibouchi 4 1 University of Luxembourg, Luxembourg jean-sebastien.coron@uni.lu École
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationFully Homomorphic Encryption without Modulus Switching from Classical GapSVP
Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP Zvika Brakerski Stanford University zvika@stanford.edu Abstract. We present a new tensoring techniue for LWE-based fully homomorphic
More informationPractical Fully Homomorphic Encryption without Noise Reduction
Practical Fully Homomorphic Encryption without Noise Reduction Dongxi Liu CSIRO, Marsfield, NSW 2122, Australia dongxi.liu@csiro.au Abstract. We present a new fully homomorphic encryption (FHE) scheme
More informationMASTER. Fully homomorphic encryption in JCrypTool. Ramaekers, C.F.W. Award date: Link to publication
MASTER Fully homomorphic encryption in JCrypTool Ramaekers, C.F.W. Award date: 2011 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student
More informationFully Homomorphic Encryption over the Integers with Shorter Public Keys
Fully Homomorphic Encryption over the Integers with Shorter Public Keys Jean-Sébastien Coron, Avradip Mandal, David Naccache 2, and Mehdi Tibouchi,2 Université du Luxembourg 6, rue Richard Coudenhove-Kalergi
More informationk-nearest Neighbor Classification over Semantically Secure Encry
k-nearest Neighbor Classification over Semantically Secure Encrypted Relational Data Reporter:Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU May 9, 2014 1 2 3 4 5 Outline 1. Samanthula B K, Elmehdwi
More informationFully Homomorphic Encryption over the Integers with Shorter Public Keys
Fully Homomorphic Encryption over the Integers with Shorter Public Keys Jean-Sébastien Coron, Avradip Mandal, David Naccache 2, and Mehdi Tibouchi,2 Université du Luxembourg {jean-sebastien.coron, avradip.mandal}@uni.lu
More informationCraig Gentry. IBM Watson. Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19/2/ /2/2012
Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19/2/2012-22/2/2012 Bar-Ilan University Craig Gentry IBM Watson Optimizations of Somewhat Homomorphic Encryption
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationTOWARDS PRACTICAL FULLY HOMOMORPHIC ENCRYPTION
TOWARDS PRACTICAL FULLY HOMOMORPHIC ENCRYPTION A Thesis Presented to The Academic Faculty by Jacob Alperin-Sheriff In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationHow to Use Short Basis : Trapdoors for Hard Lattices and new Cryptographic Constructions
Presentation Article presentation, for the ENS Lattice Based Crypto Workgroup http://www.di.ens.fr/~pnguyen/lbc.html, 30 September 2009 How to Use Short Basis : Trapdoors for http://www.cc.gatech.edu/~cpeikert/pubs/trap_lattice.pdf
More informationFaster Fully Homomorphic Encryption
Faster Fully Homomorphic Encryption Damien Stehlé Joint work with Ron Steinfeld CNRS ENS de Lyon / Macquarie University Singapore, December 2010 Damien Stehlé Faster Fully Homomorphic Encryption 08/12/2010
More informationMulti-key fully homomorphic encryption report
Multi-key fully homomorphic encryption report Elena Fuentes Bongenaar July 12, 2016 1 Introduction Since Gentry s first Fully Homomorphic Encryption (FHE) scheme in 2009 [6] multiple new schemes have been
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationFully Key-Homomorphic Encryption and its Applications
Fully Key-Homomorphic Encryption and its Applications D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, Valeria Nikolaenko, G. Segev, V. Vaikuntanathan, D. Vinayagamurthy Outline Background on PKE and IBE Functionality
More informationRevisiting Fully Homomorphic Encryption Schemes and Their Cryptographic Primitives
Revisiting Fully Homomorphic Encryption Schemes and Their Cryptographic Primitives A thesis submitted in fulfillment of the requirements for the award of the degree Doctor of Philosophy from UNIVERSITY
More informationCryptographic Multilinear Maps. Craig Gentry and Shai Halevi
Cryptographic Multilinear Maps Craig Gentry and Shai Halevi China Summer School on Lattices and Cryptography, June 2014 Multilinear Maps (MMAPs) A Technical Tool A primitive for building applications,
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationGeneral Impossibility of Group Homomorphic Encryption in the Quantum World
General Impossibility of Group Homomorphic Encryption in the Quantum World Frederik Armknecht Tommaso Gagliardoni Stefan Katzenbeisser Andreas Peter PKC 2014, March 28th Buenos Aires, Argentina 1 An example
More informationA key recovery attack to the scale-invariant NTRU-based somewhat homomorphic encryption scheme
A key recovery attack to the scale-invariant NTRU-based somewhat homomorphic encryption scheme Eduardo Morais Ricardo Dahab October 2014 Abstract In this paper we present a key recovery attack to the scale-invariant
More informationEvaluation of Homomorphic Primitives for Computations on Encrypted Data for CPS systems
Rochester Institute of Technology RIT Scholar Works Presentations and other scholarship 3-31-2016 Evaluation of Homomorphic Primitives for Computations on Encrypted Data for CPS systems Peizhao Hu Rochester
More informationAFRL-RI-RS-TR
AFRL-RI-RS-TR-2015-262 USING MATHEMATICS TO MAKE COMPUTING ON ENCRYPTED DATA SECURE AND PRACTICAL UNIVERSITY OF CALIFORNIA, IRVINE DECEMBER 2015 FINAL TECHNICAL REPORT APPROVED FOR PUBLIC RELEASE; DISTRIBUTION
More informationPartially homomorphic encryption schemes over finite fields
Partially homomorphic encryption schemes over finite fields Jian Liu Lusheng Chen Sihem Mesnager Abstract Homomorphic encryption scheme enables computation in the encrypted domain, which is of great importance
More informationFully Homomorphic Encryption using Hidden Ideal Lattice
1 Fully Homomorphic Encryption using Hidden Ideal Lattice Thomas Plantard, Willy Susilo, Senior Member, IEEE, Zhenfei Zhang Abstract All the existing fully homomorphic encryption schemes are based on three
More informationGentry s SWHE Scheme
Homomorphic Encryption and Lattices, Spring 011 Instructor: Shai Halevi May 19, 011 Gentry s SWHE Scheme Scribe: Ran Cohen In this lecture we review Gentry s somewhat homomorphic encryption (SWHE) scheme.
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationHomomorphic Evaluation of the AES Circuit
Homomorphic Evaluation of the AES Circuit IBM Research and University Of Bristol. August 22, 2012 Homomorphic Evaluation of the AES Circuit Slide 1 Executive Summary We present a working implementation
More informationEvaluating 2-DNF Formulas on Ciphertexts
Evaluating 2-DNF Formulas on Ciphertexts Dan Boneh, Eu-Jin Goh, and Kobbi Nissim Theory of Cryptography Conference 2005 Homomorphic Encryption Enc. scheme is homomorphic to function f if from E[A], E[B],
More informationFully homomorphic encryption scheme using ideal lattices. Gentry s STOC 09 paper - Part II
Fully homomorphic encryption scheme using ideal lattices Gentry s STOC 09 paper - Part GGH cryptosystem Gentry s scheme is a GGH-like scheme. GGH: Goldreich, Goldwasser, Halevi. ased on the hardness of
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationIdentity-Based Online/Offline Encryption
Fuchun Guo 2 Yi Mu 1 Zhide Chen 2 1 University of Wollongong, Australia ymu@uow.edu.au 2 Fujian Normal University, Fuzhou, China fuchunguo1982@gmail.com Outline 1 2 3 4 Identity-based Encryption Review
More informationFully Homomorphic Encryption - Part II
6.889: New Developments in Cryptography February 15, 2011 Instructor: Boaz Barak Fully Homomorphic Encryption - Part II Scribe: Elette Boyle 1 Overview We continue our discussion on the fully homomorphic
More informationClassical hardness of Learning with Errors
Classical hardness of Learning with Errors Zvika Brakerski 1 Adeline Langlois 2 Chris Peikert 3 Oded Regev 4 Damien Stehlé 2 1 Stanford University 2 ENS de Lyon 3 Georgia Tech 4 New York University Our
More informationMultiparty Computation from Somewhat Homomorphic Encryption. November 9, 2011
Multiparty Computation from Somewhat Homomorphic Encryption Ivan Damgård 1 Valerio Pastro 1 Nigel Smart 2 Sarah Zakarias 1 1 Aarhus University 2 Bristol University CTIC 交互计算 November 9, 2011 Damgård, Pastro,
More informationHigh-Performance FV Somewhat Homomorphic Encryption on GPUs: An Implementation using CUDA
High-Performance FV Somewhat Homomorphic Encryption on GPUs: An Implementation using CUDA Ahmad Al Badawi ahmad@u.nus.edu National University of Singapore (NUS) Sept 10 th 2018 CHES 2018 FHE The holy grail
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationFHE Over the Integers: Decomposed and Batched in the Post-Quantum Regime
FHE Over the Integers: Decomposed and Batched in the Post-Quantum Regime Daniel Benarroch,1, Zvika Brakerski,1, and Tancrède Lepoint,2 1 Weizmann Institute of Science, Israel 2 SRI International, USA Abstract.
More informationReview. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm
Review CS311H: Discrete Mathematics Number Theory Instructor: Işıl Dillig What does it mean for two ints a, b to be congruent mod m? What is the Division theorem? If a b and a c, does it mean b c? What
More informationFully Homomorphic Encryption
Studienarbeit Fully Homomorphic Encryption Irena Schindler Leibniz Universität Hannover Fakultät für Elektrotechnik und Informatik Institut für Theoretische Informatik Contents 1 Introduction 1 2 Basic
More information(Batch) Fully Homomorphic Encryption over Integers for Non-Binary Message Spaces
(Batch) Fully Homomorphic Encryption over Integers for Non-Binary Message Spaces Koji Nuida Kaoru Kurosawa National Institute of Advanced Industrial Science and Technology (AIST), Japan, k.nuida@aist.go.jp
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationCryptography. pieces from work by Gordon Royle
Cryptography pieces from work by Gordon Royle The set-up Cryptography is the mathematics of devising secure communication systems, whereas cryptanalysis is the mathematics of breaking such systems. We
More informationA Full Homomorphic Message Authenticator with Improved Efficiency
International Journal of Computer and Communication Engineering, Vol. 3, No. 4, July 2014 A Full Homomorphic Message Authenticator with Improved Efficiency Wenbin Chen and Hao Lei Abstract In the system
More informationAn Approach to Reduce Storage for Homomorphic Computations
An Approach to Reduce Storage for Homomorphic Computations Jung Hee Cheon and Jinsu Kim Seoul National University (SNU), Republic of Korea jhcheon@snu.ac.kr, kjs2002@snu.ac.kr Abstract. We introduce a
More informationIncreased efficiency and functionality through lattice-based cryptography
Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, INRIA, PSL Research University RESEARCH UNIVERSITY PARIS ECRYPT-NET Cloud Summer School Leuven, Belgium
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationCryptanalysis of a Homomorphic Encryption Scheme
Cryptanalysis of a Homomorphic Encryption Scheme Sonia Bogos, John Gaspoz and Serge Vaudenay EPFL CH-1015 Lausanne, Switzerland {soniamihaela.bogos, john.gaspoz, serge.vaudenay}@epfl.ch Abstract. Homomorphic
More informationSolution to Midterm Examination
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Handout #13 Xueyuan Su November 4, 2008 Instructions: Solution to Midterm Examination This is a closed book
More informationFaster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds
Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds I. Chillotti 1 N. Gama 2,1 M. Georgieva 3 M. Izabachène 4 1 2 3 4 Séminaire GTBAC Télécom ParisTech April 6, 2017 1 / 43 Table
More informationBootstrapping for HElib
Bootstrapping for HElib Shai Halevi 1 and Victor Shoup 1,2 1 IBM Research 2 New York University Abstract. Gentry s bootstrapping technique is still the only known method of obtaining fully homomorphic
More information16 Fully homomorphic encryption : Construction
16 Fully homomorphic encryption : Construction In the last lecture we defined fully homomorphic encryption, and showed the bootstrapping theorem that transforms a partially homomorphic encryption scheme
More informationHomomorphic Evaluation of Lattice-Based Symmetric Encryption Schemes
An extended abstract of this paper appears in the proceedings of COCOON 2016. This is the full version. Homomorphic Evaluation of Lattice-Based Symmetric Encryption Schemes Pierre-Alain Fouque 1,3, Benjamin
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationADVERTISING AGGREGATIONARCHITECTURE
SOMAR LAPS PRIVACY-PRESERVING LATTICE-BASED PRIVATE-STREAM SOCIAL MEDIA ADVERTISING AGGREGATIONARCHITECTURE OR: HOW NOT TO LEAVE YOUR PERSONAL DATA AROUND REVISITING PRIVATE-STREAM AGGREGATION: LATTICE-BASED
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More information(Batch) Fully Homomorphic Encryption over Integers for Non-Binary Message Spaces
(Batch) Fully Homomorphic Encryption over Integers for Non-Binary Message Spaces Koji Nuida 12 and Kaoru Kurosawa 3 1 National Institute of Advanced Industrial Science and Technology (AIST), Tsukuba, Ibaraki
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationA Digital Signature Scheme based on CVP
A Digital Signature Scheme based on CVP Thomas Plantard Willy Susilo Khin Than Win Centre for Computer and Information Security Research Universiy Of Wollongong http://www.uow.edu.au/ thomaspl thomaspl@uow.edu.au
More information