Abstract
In this paper, we perform a systematic study of functions \(f: \mathbb {Z}_{p^e} \rightarrow \mathbb {Z}_{p^e}\) and categorize those functions that can be represented by a polynomial with integer coefficients. More specifically, we cover the following properties: necessary and sufficient conditions for the existence of an integer polynomial representation; computation of such a representation; and the complete set of equivalent polynomials that represent a given function.
As an application, we use the newly developed theory to speed up bootstrapping for the BGV and BFV homomorphic encryption schemes. The crucial ingredient underlying our improvements is the existence of null polynomials, i.e. non-zero polynomials that evaluate to zero in every point. We exploit the rich algebraic structure of these null polynomials to find better representations of the digit extraction function, which is the main bottleneck in bootstrapping. As such, we obtain sparse polynomials that have 50% fewer coefficients than the original ones. In addition, we propose a new method to decompose digit extraction as a series of polynomial evaluations. This lowers the time complexity from \(\mathcal {O}(\sqrt{pe})\) to \(\mathcal {O}(\sqrt{p}\root ^4 \of {e})\) for digit extraction modulo \(p^e\), at the cost of a slight increase in multiplicative depth. Overall, our implementation in HElib shows a significant speedup of a factor up to 2.6 over the state-of-the-art.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Some protocols for secure multi-party computation [3] also work over \(\mathbb Z_{p^e}\), which makes our study of polyfunctions even more widely applicable. However, improvements in multi-party computation are not the direct focus of this paper.
- 2.
- 3.
In a more general version, we could consider the data points \((x_i, y_i)\). For our purpose, however, it is sufficient to choose \(x_i = i\).
- 4.
We define the evaluation of a function \(f \in \mathcal {F}_{p^e}\) at an integer a in the natural way, by implicitly converting a to its residue class modulo \(p^e\).
References
Alperin-Sheriff, J., Peikert, C.: Practical bootstrapping in quasilinear time. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 1–20. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_1
Amdahl, G.M.: Validity of the single processor approach to achieving large scale computing capabilities. In: Proceedings of the 18–20 April 1967, Spring Joint Computer Conference, pp. 483–485 (1967)
Araki, T., et al.: Generalizing the SPDZ compiler for other protocols. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 880–895 (2018)
Bhargava, M.: P-orderings and polynomial functions on arbitrary subsets of dedekind rings. Journal für die reine und angewandte Mathematik (Crelles Journal) 1997(490–491), 101–128 (1997). https://doi.org/10.1515/crll.1997.490.101
Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 868–886. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_50
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: Goldwasser, S. (ed.) ITCS 2012: 3rd Innovations in Theoretical Computer Science, pp. 309–325. Association for Computing Machinery, January 2012. https://doi.org/10.1145/2090236.2090262
Carlitz, L.: Functions and polynomials (mod \(p^n\)). Acta Arith. 9(1), 67–78 (1964). http://eudml.org/doc/207463
Chen, H., Han, K.: Homomorphic lower digits removal and improved FHE bootstrapping. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part I. LNCS, vol. 10820, pp. 315–337. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_12
Chen, Z.: On polynomial functions from \(\mathbb{Z} _n\) to \(\mathbb{Z} _m\). Discret. Math. 137(1–3), 137–145 (1995)
Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Report 2012/144 (2012). http://eprint.iacr.org/2012/144
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) 41st Annual ACM Symposium on Theory of Computing, pp. 169–178. ACM Press (May/June 2009). https://doi.org/10.1145/1536414.1536440
Gentry, C., Halevi, S.: Implementing gentry’s fully-homomorphic encryption scheme. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 129–148. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_9
Gentry, C., Halevi, S., Smart, N.P.: Better bootstrapping in fully homomorphic encryption. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 1–16. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_1
Guha, A., Dukkipati, A.: An algorithmic characterization of polynomial functions over \(\mathbb{Z} _{p^n}\). Algorithmica 71(1), 201–218 (2015)
Halevi, S., Shoup, V.: Bootstrapping for helib. J. Cryptol. 34(1), 1–44 (2021)
Keller, G., Olson, F.R.: Counting polynomial functions (mod \(p^n\)). Duke Math. J. 35(4), 835–838 (1968)
Kempner, A.J.: Polynomials and their residue systems. Trans. Am. Math. Soc. 22(2), 240–288 (1921)
Lee, J.W., Lee, E., Lee, Y., Kim, Y.S., No, J.S.: Optimal minimax polynomial approximation of modular reduction for bootstrapping of approximate homomorphic encryption. Cryptology ePrint Archive, Paper 2020/552 (2020). https://eprint.iacr.org/archive/2020/552/20200803:084202
Li, S.: Null polynomials modulo m. arXiv preprint math/0510217 (2005)
Paterson, M.S., Stockmeyer, L.J.: On the number of nonscalar multiplications necessary to evaluate polynomials. SIAM J. Comput. 2(1), 60–66 (1973)
Singmaster, D.: On polynomial functions (mod \(m\)). J. Number Theory 6(5), 345–352 (1974)
Smart, N.P., Vercauteren, F.: Fully homomorphic SIMD operations. Des. Codes Cryptogr. 71(1), 57–81 (2014)
Specker, E., Hungerbühler, N., Wasem, M.: The ring of polyfunctions over \(\mathbb{Z}/n\mathbb{Z} \) (2021)
Acknowledgements
This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR0011-21-C-0034. The views, opinions, and/or findings expressed are those of the authors and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. This work was additionally supported in part by CyberSecurity Research Flanders with reference number VR20192203, and in part by the Research Council KU Leuven grant C14/18/067. Robin Geelen is funded in part by Research Foundation - Flanders (FWO) under a PhD Fellowship fundamental research (project number 1162123N).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Geelen, R., Iliashenko, I., Kang, J., Vercauteren, F. (2023). On Polynomial Functions Modulo \(p^e\) and Faster Bootstrapping for Homomorphic Encryption. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14006. Springer, Cham. https://doi.org/10.1007/978-3-031-30620-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-30620-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30619-8
Online ISBN: 978-3-031-30620-4
eBook Packages: Computer ScienceComputer Science (R0)
