Breaking fully-homomorphic-encryption challenges
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption
STOC '12 Proceedings of the forty-fourth annual ACM symposium on Theory of computing
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Trapdoors for lattices: simpler, tighter, faster, smaller
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Better bootstrapping in fully homomorphic encryption
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Shift-type homomorphic encryption and its application to fully homomorphic encryption
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Towards an interpreter for efficient encrypted computation
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Proceedings of the 4th conference on Innovations in Theoretical Computer Science
Protecting data confidentiality in cloud systems
Proceedings of the Fourth Asia-Pacific Symposium on Internetware
| Hi-index | 0.00 |
All previously known fully homomorphic encryption (FHE) schemes use Gentry's blueprint:* SWHE: Construct a somewhat homomorphic encryption (SWHE) scheme--roughly, an encryption scheme that can homomorphically evaluate polynomials up to some degree.* Squash: ``Squash" the decryption function of the SWHE scheme, so that the scheme can evaluate functions twice as complex (in terms of polynomial degree) than its own decryption function. Do this by adding a ``hint " to the SHWE public key--namely, a large set of vectors that has a secret sparse subset that sums to the original secret key.* Bootstrap: Given a SWHE scheme that can evaluate functions twice as complex as its decryption function, apply Gentry's transformation to get a ``leveled" FHE scheme. To get ``pure" (non-leveled) FHE, one assumes circular security. Here, we describe a new blueprint for FHE. We show how to eliminate the squashing step, and thereby eliminate the need to assume that the sparse subset sum problem (SSSP) is hard, as all previous leveled FHE schemes have done. Using our new blueprint, we obtain the following results:* A ``simple" leveled FHE scheme where we replace SSSP with Decision Diffie-Hellman!* The first leveled FHE scheme based entirely on worst-case hardness}. Specifically, we give a leveled FHE scheme with security based on the shortest independent vector problem over ideal lattices (ideal-SIVP).* Some efficiency improvements for FHE.} While the new blueprint does not yet improve computational efficiency, it reduces cipher text length. As in the previous blueprint, we obtain pure FHE by assuming circular security. Our main technique is to express the decryption function of SWHE schemes as a depth-3 ($\sum \prod \sum$) arithmetic circuit. When we evaluate this decryption function homomorphically, we temporarily switch to a multiplicatively homomorphic encryption (MHE) scheme, such as Elgamal, to handle the $\prod$ part, after which we translate the result from the MHE scheme back to the SWHE scheme by evaluating the MHE scheme's decryption function within the SWHE scheme. The SWHE scheme only needs to be able to evaluate the MHE scheme's decryption function (plus minor operations), and does not need to have the self-referential property of being able to evaluate its {\em own} decryption function, a property that necessitated squashing in the original blueprint.