research-article

(Leveled) Fully Homomorphic Encryption without Bootstrapping

Authors:

Zvika Brakerski,

Craig Gentry,

Vinod VaikuntanathanAuthors Info & Claims

ACM Transactions on Computation Theory (TOCT), Volume 6, Issue 3

Article No.: 13, Pages 1 - 36

https://doi.org/10.1145/2633600

Published: 01 July 2014 Publication History

Get Access

Abstract

We present a novel approach to fully homomorphic encryption (FHE) that dramatically improves performance and bases security on weaker assumptions. A central conceptual contribution in our work is a new way of constructing leveled, fully homomorphic encryption schemes (capable of evaluating arbitrary polynomial-size circuits of a-priori bounded depth), without Gentry’s bootstrapping procedure.

Specifically, we offer a choice of FHE schemes based on the learning with error (LWE) or Ring LWE (RLWE) problems that have 2 λ security against known attacks. We construct the following.

(1) A leveled FHE scheme that can evaluate depth-L arithmetic circuits (composed of fan-in 2 gates) using O(λ. L3) per-gate computation, quasilinear in the security parameter. Security is based on RLWE for an approximation factor exponential in L. This construction does not use the bootstrapping procedure.

(2) A leveled FHE scheme that can evaluate depth-L arithmetic circuits (composed of fan-in 2 gates) using O(λ2) per-gate computation, which is independent of L. Security is based on RLWE for quasipolynomial factors. This construction uses bootstrapping as an optimization.

We obtain similar results for LWE, but with worse performance. All previous (leveled) FHE schemes required a per-gate computation of Ω(λ3.5), and all of them relied on subexponential hardness assumptions.

We introduce a number of further optimizations to our scheme based on the Ring LWE assumption. As an example, for circuits of large width (e.g., where a constant fraction of levels have width Ω(λ)), we can reduce the per-gate computation of the bootstrapped version to O(λ), independent of L, by batching the bootstrapping operation. At the core of our construction is a new approach for managing the noise in lattice-based ciphertexts, significantly extending the techniques of Brakerski and Vaikuntanathan [2011b].

References

[1]

Miklós Ajtai, Ravi Kumar, and D. Sivakumar. 2001. A sieve algorithm for the shortest lattice vector problem. In Proceedings of the 33rd Annual ACM Symposium on Theory of Computing (STOC’01). ACM, 601--610.

Digital Library

Google Scholar

[2]

Benny Applebaum, David Cash, Chris Peikert, and Amit Sahai. 2009. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In Proceedings of the 29th Annual International Cryptology Conference (CRYPTO’09). Lecture Notes in Computer Science, vol. 5677, Springer, Berlin, 595--618.

Digital Library

Google Scholar

[3]

Dan Boneh, Eu-Jin Goh, and Kobbi Nissim. 2005. Evaluating 2-DNF formulas on ciphertexts. In Proceedings of the 2nd Theory of Cryptography Conference (TCC’05). Lecture Notes in Computer Science, vol. 3378, Springer, Berlin, 325--342.

Digital Library

Google Scholar

[4]

Zvika Brakerski. 2012. Fully homomorphic encryption without modulus switching from classical GapSVP. In Proceedings of the 32nd Annual Cryptology Conference (CRYPTO’12). Lecture Notes in Computer Science, vol. 7417, Springer, Berlin, 868--886.

Digital Library

Google Scholar

[5]

Zvika Brakerski and Vinod Vaikuntanathan. 2011a. Fully homomorphic encryption from ring-LWE and security for key dependent messages. In Proceedings of the 31st Annual Cryptology Conference (CRYPTO’11). Lecture Notes in Computer Science, vol. 6841, Springer, Berlin, 505--524.

Digital Library

Google Scholar

[6]

Zvika Brakerski and Vinod Vaikuntanathan. 2011b. Efficient fully homomorphic encryption from (standard) LWE. In Proceedings of the IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS’11). IEEE, 97--106.

Digital Library

Google Scholar

[7]

Jean-Sébastien Coron, Avradip Mandal, David Naccache, and Mehdi Tibouchi. 2011. Fully homomorphic encryption over the integers with shorter public keys. In Proceedings of the 31st Annual Cryptology Conference (CRYPTO’11), Phillip Rogaway Ed., Lecture Notes in Computer Science, vol. 6841, Springer, Berlin, 487--504.

Digital Library

Google Scholar

[8]

Craig Gentry. 2009a. A fully homomorphice encryption scheme. Ph.D. dissertation, Stanford University, Stanford, CA. crypto.stanford.edu/craig.

Digital Library

Google Scholar

[9]

Craig Gentry. 2009b. Fully homomorphic encryption using ideal lattices. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC’09). Michael Mitzenmacher Ed., ACM, 169--178.

Digital Library

Google Scholar

[10]

Craig Gentry and Shai Halevi. 2011a. Fully homomorphic encryption without squashing using depth-3 arithmetic circuits. In Proceedings of the IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS’11). Rafail Ostrovsky Ed., IEEE, 107--109.

Digital Library

Google Scholar

[11]

Craig Gentry and Shai Halevi. 2011b. Implementing gentry’s fully-homomorphic encryption scheme. In Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’11). Lecture Notes in Computer Science, vol. 6632, Springer, Berlin, 29--148.

Digital Library

Google Scholar

[12]

Craig Gentry, Shai Halevi, Chris Peikert, and Nigel P. Smart. 2012a. Ring switching in BGV-style homomorphic encryption. In Proceedings of the 8th International Conference on Security and Cryptography for Networks (SCN’12). Ivan Visconti and Roberto De Prisco Eds., Lecture Notes in Computer Science, vol. 7485, Springer, Berlin, 19--37.

Digital Library

Google Scholar

[13]

Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012b. Better bootstrapping in fully homomorphic encryption. In Proceedings of the 15th International Conference on Practice and Theory in Public Key Cryptography (PKC’12). Marc Fischlin, Johannes Buchmann, and Mark Manulis Eds., Lecture Notes in Computer Science, vol. 7293, Springer, Berlin, 1--16.

Digital Library

Google Scholar

[14]

Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012c. Fully homomorphic encryption with polylog overhead. In Proceedings of the 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’12). David Pointcheval and Thomas Johansson Eds., Lecture Notes in Computer Science, vol. 7237, Springer, Berlin, 465--482.

Digital Library

Google Scholar

[15]

Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012d. Homomorphic evaluation of the AES circuit. In Proceedings of the 32nd Annual Cryptology Conference (CRYPTO’12). Reihaneh Safavi-Naini and Ran Canetti Eds., Lecture Notes in Computer Science, vol. 7417, Springer, Berlin, 850--867.

Google Scholar

[16]

Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan. 2010. i-Hop homomorphic encryption and rerandomizable Yao circuits. In Proceedings of the 30th Annual Cryptology Conference (CRYPTO’10). Lecture Notes in Computer Science, vol. 6223, Springer, Berlin, 155--172.

Digital Library

Google Scholar

[17]

Shafi Goldwasser and Silvio Micali. 1984. Probabilistic encryption. J. Comput. Syst. Sci. 28, 2, 270--299.

Crossref

Google Scholar

[18]

Shai Halevi and Victor Shoup. 2013. HElib: An implementation of homomorphic encryption. https://github.com/shaih/HElib.

Google Scholar

[19]

Yuval Ishai and Anat Paskin. 2007. Evaluating branching programs on encrypted data. In Proceedings of the 4th Theory of Cryptography Conference (TCC’07). Salil P. Vadhan Ed., Lecture Notes in Computer Science, vol. 4392, Springer, Berlin, 575--594.

Digital Library

Google Scholar

[20]

Kristin Lauter, Michael Naehrig, and Vinod Vaikuntanathan. 2011. Can homomorphic encryption be practical? In Proceedings of the 3rd ACM Cloud Computing Security Workshop (CCSW’11). ACM, 113--124.

Digital Library

Google Scholar

[21]

Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2010. On ideal lattices and learning with errors over rings. In Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’10). Lecture Notes in Computer Science, vol. 6110, Springer, Berlin, 1--23.

Digital Library

Google Scholar

[22]

Carlos Aguilar Melchor, Philippe Gaborit, and Javier Herranz. 2010. Additively homomorphic encryption with d-operand multiplications. In Proceedings of the 30th Annual Cryptology Conference (CRYPTO’10). Tal Rabin Ed., Lecture Notes in Computer Science, vol. 6223, Springer, Berlin, 138--154.

Digital Library

Google Scholar

[23]

Daniele Micciancio. 2007. Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Computat. Complex. 16, 4, 365--411.

Digital Library

Google Scholar

[24]

Daniele Micciancio and Panagiotis Voulgaris. 2010. A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations. In Proceedings of the 42nd Annual ACM Symposium on Theory of Computing (STOC’10). Leonard J. Schulman Ed., ACM, 351--358.

Digital Library

Google Scholar

[25]

Chris Peikert. 2009. Public-key cryptosystems from the worst-case shortest vector problem: Extended abstract. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC’09). ACM, 333--342.

Digital Library

Google Scholar

[26]

Oded Regev. 2005. On lattices, learning with errors, random linear codes, and cryptography. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing (STOC’05). Harold N. Gabow and Ronald Fagin Eds., ACM, 84--93.

Digital Library

Google Scholar

[27]

Oded Regev. 2010. Oded Regev. 2010. The learning with errors problem (invited survey). In Proceedings of the IEEE Conference on Computational Complexity (CCC’10). IEEE Computer Society, 191--204.

Digital Library

Google Scholar

[28]

Ron Rivest, Leonard Adleman, and Michael L. Dertouzos. 1978. On data banks and privacy homomorphisms. In Foundations of Secure Computation. Academic Press, Inc., Orlando, FL, 169--180.

Google Scholar

[29]

Claus-Peter Schnorr. 1987. A hierarchy of polynomial time lattice basis reduction algorithms. Theor. Comput. Sci. 53, 201--224.

Digital Library

Google Scholar

[30]

Nigel P. Smart and Frederik Vercauteren. 2010. Fully homomorphic encryption with relatively small key and ciphertext sizes. In Proceedings of the 13th International Conference on Practice and Theory in Public Key Cryptography (PKC’10). Lecture Notes in Computer Science, vol. 6056, Springer, Berlin, 420--443.

Digital Library

Google Scholar

[31]

Nigel P. Smart and Frederik Vercauteren. 2011. Fully homomorphic SIMD operations. IACR Cryptol. ePrint Archive 2011, 133.

Google Scholar

[32]

Damien Stehlé and Ron Steinfeld. 2010. Faster fully homomorphic encryption. In Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’10). Lecture Notes of Computer Science, vol. 6477, Springer, Berlin, 377--394.

Crossref

Google Scholar

[33]

Marten van Dijk, Craig Gentry, Shai Halevi, and Vinod Vaikuntanathan. 2010. Fully homomorphic encryption over the integers. In Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’10). Lecture Notes in Computer Science, vol. 6110, Springer, Berlin, 24--43.

Digital Library

Google Scholar

Cited By

View all

Li RYamana H(2024)Non-interactive Private Multivariate Function Evaluation using Homomorphic Table LookupIACR Communications in Cryptology10.62056/andkmp-3yOnline publication date: 7-Oct-2024
https://doi.org/10.62056/andkmp-3y
Villena RTerada R(2024)Recovery of the secret on Binary Ring-LWE problem using random known bits - Extended VersionJournal of Internet Services and Applications10.5753/jisa.2024.387115:1(39-45)Online publication date: 29-Apr-2024
https://doi.org/10.5753/jisa.2024.3871
Maqousi AAlauthman MAlmomani A(2024)Homomorphic Encryption Enabling Computation on Encrypted Data for Secure Cloud ComputingInnovations in Modern Cryptography10.4018/979-8-3693-5330-1.ch009(215-240)Online publication date: 12-Jul-2024
https://doi.org/10.4018/979-8-3693-5330-1.ch009
Show More Cited By

Index Terms

(Leveled) Fully Homomorphic Encryption without Bootstrapping
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption

Recommendations

(Leveled) fully homomorphic encryption without bootstrapping
ITCS '12: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference

We present a novel approach to fully homomorphic encryption (FHE) that dramatically improves performance and bases security on weaker assumptions. A central conceptual contribution in our work is a new way of constructing leveled fully homomorphic ...
Fully Homomorphic Encryption with Auxiliary Inputs
Information Security and Cryptology
Abstract
In this paper, we propose the first (leveled) fully homomorphic encryption (FHE) that remains secure even when the attacker is equipped with auxiliary inputs – any computationally hard-to-invert function of the secret key. It is more general than ...
Efficient fully homomorphic encryption with circularly secure key switching process

Fully homomorphic encryption (FHE) has important applications in cloud computing. However, almost all fully homomorphic encryption schemes share two common flaws that they all use large-scale secret keys and some operations are inefficient. In this paper,...

Reviews

Reviewer: Mariam Kiran

If you work with large amounts of data being hosted on public clouds, homomorphic encryption (HE) is an extremely innovative idea to add security layers to your data while it is being hosted and processed on third-party servers. Basically, HE allows users to perform calculations on datasets while they are encrypted and stored on servers. For sensitive data applications, such as medical records or military operations, this is very important because they do not have to download and decrypt the data for performing calculations but can download the results to decrypt them. This prevents them from being vulnerable at any stage of data processing. Homomorphic encryption as a research field is still in its infancy. A general concept of homomorphic encryption involves creating an encryption system that can be analyzed through cloud services. For example, if we need to process the addition of 1 and 2 to give us the result of 3, the data can be encrypted for 1 to represent 14 and 2 to represent 20. Then following a step of processing on the encrypted numbers 14 and 20 will give the result 80. This result of 80 can then be downloaded and then decrypted to provide the final answer, 3. The values 1, 2, and 3 are kept encrypted throughout the process until finally the result 80 can be decrypted by the one who holds the secret key to unlock it. This work has been hailed by MIT as one of the groundbreaking discoveries of IBM, through Gentry, doing pioneering work in the area for cryptography. Initially, he presented the somewhat homomorphic encryption scheme, which could perform simple evaluations on ciphertexts. With the addition of bootstrapping, Gentry could handle the noise in the generated text and also contain the information on the processing functions to perform on the encrypted datasets. This paper, however, is an extension to Gentry's previous work on a fully homomorphic encryption scheme targeting the initial research challenges of performance, correctness, and noise through extensive mathematical proofs and explanations. In cryptography, transforming a "secret" using a homomorphism puts the secret in a form that is easy to manipulate or store. After applying different specialized processing, we can reverse the homomorphism to recover the original secret. This paper discusses the proofs of algebraic transformations on big datasets and calculations on them. This paper is a good place to start to study the research challenges and proofs for HE using the mathematical details of HE ring formations and the cryptography definitions of keys generated, public keys, bootstrapping, and ciphertexts. The paper also discusses the proofs for the original technique of bootstrapping for addition and multiplication functions. It also contains the proofs and definitions of learning with errors and ring learning with errors. These are important problems to understand the fundamental research issues with HE affecting its performance of the lattice calculations. In conclusion, it is necessary to understand the mathematical foundations and proofs of how HE research challenges can be handled, which will prove fundamental in generating practical implementations of the scheme for use with public cloud services. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Computation Theory

ACM Transactions on Computation Theory Volume 6, Issue 3

Special issue on innovations in theoretical computer science 2012 - Part II

July 2014

107 pages

ISSN:1942-3454

EISSN:1942-3462

DOI:10.1145/2663945

Editor:
Eric Allender
Rutgers University, NJ, USA

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2014

Accepted: 01 April 2014

Revised: 01 March 2013

Received: 01 January 2013

Published in TOCT Volume 6, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

739
Total Citations
View Citations
4,170
Total Downloads

Downloads (Last 12 months)488
Downloads (Last 6 weeks)50

Reflects downloads up to 01 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Li RYamana H(2024)Non-interactive Private Multivariate Function Evaluation using Homomorphic Table LookupIACR Communications in Cryptology10.62056/andkmp-3yOnline publication date: 7-Oct-2024
https://doi.org/10.62056/andkmp-3y
Villena RTerada R(2024)Recovery of the secret on Binary Ring-LWE problem using random known bits - Extended VersionJournal of Internet Services and Applications10.5753/jisa.2024.387115:1(39-45)Online publication date: 29-Apr-2024
https://doi.org/10.5753/jisa.2024.3871
Maqousi AAlauthman MAlmomani A(2024)Homomorphic Encryption Enabling Computation on Encrypted Data for Secure Cloud ComputingInnovations in Modern Cryptography10.4018/979-8-3693-5330-1.ch009(215-240)Online publication date: 12-Jul-2024
https://doi.org/10.4018/979-8-3693-5330-1.ch009
Menandas J. JChristo M(2024)Effective Implementation of the Database Primitive Functions Through Homomorphic Encryption Over CloudMachine Learning and Cryptographic Solutions for Data Protection and Network Security10.4018/979-8-3693-4159-9.ch020(332-353)Online publication date: 22-Mar-2024
https://doi.org/10.4018/979-8-3693-4159-9.ch020
Kulkarni DReddy B(2024)Effectiveness in Collaborative Framework for Non-Invasive in AI AlgorithmsInternational Journal of Soft Computing and Engineering10.35940/ijsce.F4517.1401032414:1(16-19)Online publication date: 30-Mar-2024
https://doi.org/10.35940/ijsce.F4517.14010324
Shen CZhang WZhou TZhang L(2024)A Security-Enhanced Federated Learning Scheme Based on Homomorphic Encryption and Secret SharingMathematics10.3390/math1213199312:13(1993)Online publication date: 27-Jun-2024
https://doi.org/10.3390/math12131993
Li HPan DLi JWang H(2024)Parallel Accelerating Number Theoretic Transform for Bootstrapping on a Graphics Processing UnitMathematics10.3390/math1203045812:3(458)Online publication date: 31-Jan-2024
https://doi.org/10.3390/math12030458
Wang XLi P(2024)A Secure Face Verification Scheme Based on Fully Homomorphic Encryption with AnonymityInformation10.3390/info1503012915:3(129)Online publication date: 24-Feb-2024
https://doi.org/10.3390/info15030129
Aziz MTamal MMohammed N(2024)Secure Genomic String Search with Parallel Homomorphic EncryptionInformation10.3390/info1501004015:1(40)Online publication date: 11-Jan-2024
https://doi.org/10.3390/info15010040
Im NYang HEom YPark SYoo H(2024)Efficient Twiddle Factor Generators for NTTElectronics10.3390/electronics1316312813:16(3128)Online publication date: 7-Aug-2024
https://doi.org/10.3390/electronics13163128
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations