research-article

Open access

Chaghri - A FHE-friendly Block Cipher

Authors:

Mohammad Mahzoun,

Dilara ToprakhisarAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 139 - 150

https://doi.org/10.1145/3548606.3559364

Published: 07 November 2022 Publication History

Abstract

The Recent progress in practical applications of secure computation protocols has also attracted attention to the symmetric-key primitives underlying them. Whereas traditional ciphers have evolved to be efficient with respect to certain performance metrics, advanced cryptographic protocols call for a different focus. The so called arithmetic complexity is viewed through the number and layout of non-linear operations in the circuit implemented by the protocol. Symmetric-key algorithms that are optimized with respect to this metric are said to be algebraic ciphers. Previous work targeting ZK and MPC protocols delivered great improvement in the performance of these applications both in lab and in practical use. Interestingly, despite its apparent benefits to privacy-aware cloud computing, algebraic ciphers targeting FHE did not attract similar attention.

In this paper we present Chaghri, an FHE-friendly block cipher enabling efficient transciphering in BGV-like schemes. A complete Chaghri circuit can be implemented using only 16 multiplications, 48 Frobenius automorphisms and 32 rotations, all arranged in a depth-32 circuit. Our HElib implementation achieves a throughput of 0.28 seconds-per-bit which is 63% faster thanAES in the same setting.

References

[1]

Martin Albrecht, Christian Rechberger, Thomas Schneider, Tyge Tiessen, and Michael Zohner. 2016. Ciphers for MPC and FHE. Cryptology ePrint Archive, Paper 2016/687. https://eprint.iacr.org/2016/687 https://eprint.iacr.org/2016/687.

[2]

Martin R. Albrecht, Lorenzo Grassi, Christian Rechberger, Arnab Roy, and Tyge Tiessen. 2016. MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity. In Advances in Cryptology - ASIACRYPT 2016 - 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4-8, 2016, Proceedings, Part I (Lecture Notes in Computer Science, Vol. 10031), Jung Hee Cheon and Tsuyoshi Takagi (Eds.). 191--219. https://doi.org/10.1007/978-3-662-53887-6_7

[3]

Abdelrahaman Aly, Tomer Ashur, Eli Ben-Sasson, Siemen Dhooghe, and Alan Szepieniec. 2020. Design of Symmetric-Key Primitives for Advanced Cryptographic Protocols. IACR Trans. Symmetric Cryptol. 2020, 3 (2020), 1--45. https://doi.org/10.13154/tosc.v2020.i3.1-45

[4]

Luk Bettale, Jean-Charles Faugère, and Ludovic Perret. 2012. Solving polynomial systems over finite fields: improved analysis of the hybrid approach. In International Symposium on Symbolic and Algebraic Computation, ISSAC'12, Grenoble, France - July 22 - 25, 2012, Joris van der Hoeven and Mark van Hoeij (Eds.). ACM, 67--74. https://doi.org/10.1145/2442829.2442843

Digital Library

[5]

Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2012. (Leveled) fully homomorphic encryption without bootstrapping. In Innovations in Theoretical Computer Science 2012, Cambridge, MA, USA, January 8-10, 2012, Shafi Goldwasser (Ed.). ACM, 309--325. https://doi.org/10.1145/2090236.2090262

Digital Library

[6]

Zvika Brakerski and Vinod Vaikuntanathan. 2011. Efficient Fully Homomorphic Encryption from (Standard) LWE. In IEEE 52nd Annual Symposium on Foundations of Computer Science, FOCS 2011, Palm Springs, CA, USA, October 22-25, 2011, Rafail Ostrovsky (Ed.). IEEE Computer Society, 97--106. https://doi.org/10.1109/FOCS. 2011.12

Digital Library

[7]

Anne Canteaut, Sergiu Carpov, Caroline Fontaine, Tancrède Lepoint, María Naya- Plasencia, Pascal Paillier, and Renaud Sirdey. 2015. Stream ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression. Cryptology ePrint Archive, Paper 2015/113. https://eprint.iacr.org/2015/113 https://eprint.iacr.org/ 2015/113.

[8]

Carlos Cid, John Petter Indrøy, and Håvard Raddum. 2021. FASTA - a stream cipher for fast FHE evaluation. Cryptology ePrint Archive, Paper 2021/1205. https://doi.org/10.1007/978-3-030-95312-6_19 https://eprint.iacr.org/2021/1205.

Digital Library

[9]

Orel Cosseron, Clément Hoffmann, Pierrick Méaux, and François-Xavier Standaert. 2022. Towards Globally Optimized Hybrid Homomorphic Encryption - Featuring the Elisabeth Stream Cipher. Cryptology ePrint Archive, Paper 2022/180. https://eprint.iacr.org/2022/180 https://eprint.iacr.org/2022/180.

[10]

Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer. https://doi.org/10.1007/978-3-662-04722--4

[11]

Hans Dobbertin. 1999. Almost Perfect Nonlinear Power Functions on GF(2n): The Niho Case. Inf. Comput. 151, 1--2 (1999), 57--72. https://doi.org/10.1006/inco. 1998.2764

[12]

Christoph Dobraunig, Maria Eichlseder, Lorenzo Grassi, Virginie Lallemand, Gregor Leander, Eik List, Florian Mendel, and Christian Rechberger. 2018. Rasta: A cipher with low ANDdepth and few ANDs per bit. Cryptology ePrint Archive, Paper 2018/181. https://eprint.iacr.org/2018/181 https://eprint.iacr.org/2018/181.

[13]

Christoph Dobraunig, Lorenzo Grassi, Lukas Helminger, Christian Rechberger, Markus Schofnegger, and Roman Walch. 2021. Pasta: A Case for Hybrid Homomorphic Encryption. Cryptology ePrint Archive, Paper 2021/731. https: //eprint.iacr.org/2021/731 https://eprint.iacr.org/2021/731.

[14]

Jean Charles Faugère. 2002. A New Efficient Algorithm for Computing GröBner Bases without Reduction to Zero (F5). In Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation (Lille, France) (ISSAC '02). Association for Computing Machinery, New York, NY, USA, 75--83. https://doi. org/10.1145/780506.780516

Digital Library

[15]

Jean-Charles Faugére. 1999. A new efficient algorithm for computing Gröbner bases (F4). Journal of Pure and Applied Algebra 139, 1 (1999), 61--88. https: //doi.org/10.1016/S0022-4049(99)00005-5

[16]

Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Fully Homomorphic En- cryption with Polylog Overhead. In Advances in Cryptology - EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012. Proceedings (Lecture Notes in Computer Science, Vol. 7237), David Pointcheval and Thomas Johansson (Eds.). Springer, 465--482. https://doi.org/10.1007/978-3-642-29011-4_28

Digital Library

[17]

Craig Gentry, Shai Halevi, and Nigel P. Smart. 2012. Homomorphic Evaluation of the AES Circuit. IACR Cryptol. ePrint Arch. 2012 (2012), 99. http://eprint.iacr. org/2012/099

[18]

Lorenzo Grassi, Daniel Kales, Dmitry Khovratovich, Arnab Roy, Christian Rech-berger, and Markus Schofnegger. 2019. Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof Systems. IACR Cryptol. ePrint Arch. (2019), 458. https://eprint.iacr.org/2019/458

[19]

Lorenzo Grassi, Reinhard Lüftenegger, Christian Rechberger, Dragos Rotaru, and Markus Schofnegger. 2020. On a Generalization of Substitution-Permutation Networks: The HADES Design Strategy. In Advances in Cryptology - EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10-14, 2020, Proceedings, Part II (Lecture Notes in Computer Science, Vol. 12106), Anne Canteaut and Yuval Ishai (Eds.). Springer, 674--704. https://doi.org/10.1007/978-3-030-45724-2_23

Digital Library

[20]

Jincheol Ha, Seongkwang Kim, Byeonghak Lee, Jooyoung Lee, and Mincheol Son. 2022. Rubato: Noisy Ciphers for Approximate Homomorphic Encryption (Full Version). Cryptology ePrint Archive, Paper 2022/537. https://eprint.iacr. org/2022/537 https://eprint.iacr.org/2022/537.

[21]

Phil Hebborn and Gregor Leander. 2020. Dasta - Alternative Linear Layer for Rasta. IACR Trans. Symmetric Cryptol. 2020, 3 (2020), 46--86. https://doi.org/10. 13154/tosc.v2020.i3.46--86

[22]

Doreen Hertel. 2005. A Note on the Kasami Power Function. IACR Cryptol. ePrint Arch. 2005 (2005), 436. http://eprint.iacr.org/2005/436

[23]

Thomas Jakobsen and Lars R. Knudsen. 1997. The interpolation attack on block ciphers. In Fast Software Encryption, Eli Biham (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 28--40.

[24]

Lars Ramkilde Knudsen. 1994. Truncated and Higher Order Differentials. In FSE.

[25]

Lars R. Knudsen. 1995. Truncated and higher order differentials. In Fast Software Encryption, Bart Preneel (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 196--211.

[26]

Mario Lamberger, Florian Mendel, Christian Rechberger, Vincent Rijmen, and Martin Schläffer. 2009. Rebound Distinguishers: Results on the Full Whirlpool Compression Function. In Advances in Cryptology - ASIACRYPT 2009, 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6-10, 2009. Proceedings (Lecture Notes in Computer Science, Vol. 5912), Mitsuru Matsui (Ed.). Springer, 126--143. https://doi.org/10.1007/978-3-642-10366-7_8

Digital Library

[27]

Rudolf Lidl and Harald Niederreiter. 1997. Finite fields. Number 20. Cambridge university press.

[28]

Fukang Liu, Ravi Anand, Libo Wang, Willi Meier, and Takanori Isobe. 2022. Coefficient Grouping: Breaking Chaghri and More. Cryptology ePrint Archive, Paper 2022/991. https://eprint.iacr.org/2022/991 https://eprint.iacr.org/2022/991.

[29]

Carsten Lund, Lance Fortnow, Howard J. Karloff, and Noam Nisan. 1990. Algebraic Methods for Interactive Proof Systems. In 31st Annual Symposium on Foundations of Computer Science, St. Louis, Missouri, USA, October 22-24, 1990, Volume I. IEEE Computer Society, 2--10. https://doi.org/10.1109/FSCS.1990.89518

Digital Library

[30]

Florian Mendel, Christian Rechberger, Martin Schläffer, and Søren S. Thomsen. 2009. The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl. In FSE.

[31]

Pierrick Méaux, Anthony Journault, François-Xavier Standaert, and Claude Carlet. 2016. Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts. Cryptology ePrint Archive, Paper 2016/254. https://eprint.iacr.org/2016/254 https://eprint.iacr.org/2016/254.

[32]

Michael Naehrig, Kristin E. Lauter, and Vinod Vaikuntanathan. 2011. Can homo- morphic encryption be practical?. In Proceedings of the 3rd ACM Cloud Computing Security Workshop, CCSW 2011, Chicago, IL, USA, October 21, 2011, Christian Cachin and Thomas Ristenpart (Eds.). ACM, 113--124. https://dl.acm.org/citation. cfm?id=2046682

[33]

Kaisa Nyberg. 1993. Differentially Uniform Mappings for Cryptography. In Advances in Cryptology - EUROCRYPT '93, Workshop on the Theory and Application of of Cryptographic Techniques, Lofthus, Norway, May 23-27, 1993, Proceedings (Lecture Notes in Computer Science, Vol. 765), Tor Helleseth (Ed.). Springer, 55--64. https://doi.org/10.1007/3-540-48285-7_6

[34]

Nigel P. Smart and Frederik Vercauteren. 2010. Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes. In Public Key Cryptography - PKC 2010, 13th International Conference on Practice and Theory in Public Key Cryptography, Paris, France, May 26--28, 2010. Proceedings (Lecture Notes in Computer Science, Vol. 6056), Phong Q. Nguyen and David Pointcheval (Eds.). Springer, 420--443. https://doi.org/10.1007/978-3-642-13013-7_25

Digital Library

[35]

Alan Szepieniec, Tomer Ashur, and Siemen Dhooghe. 2020. Rescue-Prime: a Standard Specification (SoK). IACR Cryptol. ePrint Arch. (2020), 1143. https: //eprint.iacr.org/2020/1143

[36]

Dilara Toprakhisar, Mohammad Mahzoun, and Tomer Ashur. 2021. A Comparative Study of Vision and AES in FHE Setting. The Conference for Failed Approaches and Insightful Losses in Cryptology, CFail; Conference date: 14-08-2021.

[37]

Baofeng Wu and Zhuojun Liu. 2013. Linearized polynomials over finite fields revisited. Finite Fields Their Appl. 22 (2013), 79--100. https://doi.org/10.1016/j.ffa.2013.03.003

Cited By

Méaux PPark JPereira H(2024)Towards Practical Transciphering for FHE with Setup Independent of the Plaintext SpaceIACR Communications in Cryptology10.62056/anxrxrxqiOnline publication date: 9-Apr-2024
https://doi.org/10.62056/anxrxrxqi
Wei BLu X(2024)Improved homomorphic evaluation for hash function based on TFHECybersecurity10.1186/s42400-024-00204-07:1Online publication date: 2-Jul-2024
https://doi.org/10.1186/s42400-024-00204-0
Fisch BLazzaretti ALiu ZPapamanthou CLuo BLiao XXu JKirda ELie D(2024)ThorPIR: Single Server PIR via Homomorphic Thorp ShufflesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690326(1448-1462)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690326
Show More Cited By

Index Terms

Chaghri - A FHE-friendly Block Cipher
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
    2. Symmetric cryptography and hash functions
      1. Block and stream ciphers

Recommendations

Biclique cryptanalysis on lightweight block cipher: HIGHT and Piccolo
Advanced Computer Mathematics based Cryptography and Security Technologies

Biclique cryptanalysis is an attack that improves the computational complexity by finding a biclique which is a kind of bipartite graph. We present a single-key full-round attack of lightweight block ciphers, HIGHT and Piccolo by using biclique ...
Practical Homomorphic Evaluation of Block-Cipher-Based Hash Functions with Applications
Foundations and Practice of Security
Abstract
Fully homomorphic encryption (FHE) is a powerful cryptographic technique allowing to perform computation directly over encrypted data. Motivated by the overhead induced by the homomorphic ciphertexts during encryption and transmission, the ...
Impossible Boomerang Attack for Block Cipher Structures
IWSEC '09: Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security

Impossible boomerang attack [5] (IBA) is a new variant of differential cryptanalysis against block ciphers. Evident from its name, it combines the ideas of both impossible differential cryptanalysis and boomerang attack. Though such an attack might not ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

FWO post-doctoral fellow
research council KU Leuven

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
938
Total Downloads

Downloads (Last 12 months)306
Downloads (Last 6 weeks)34

Reflects downloads up to 22 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Méaux PPark JPereira H(2024)Towards Practical Transciphering for FHE with Setup Independent of the Plaintext SpaceIACR Communications in Cryptology10.62056/anxrxrxqiOnline publication date: 9-Apr-2024
https://doi.org/10.62056/anxrxrxqi
Wei BLu X(2024)Improved homomorphic evaluation for hash function based on TFHECybersecurity10.1186/s42400-024-00204-07:1Online publication date: 2-Jul-2024
https://doi.org/10.1186/s42400-024-00204-0
Fisch BLazzaretti ALiu ZPapamanthou CLuo BLiao XXu JKirda ELie D(2024)ThorPIR: Single Server PIR via Homomorphic Thorp ShufflesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690326(1448-1462)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690326
Abla PLi THe DHuang HYu SZhang Y(2024)Fair and Privacy-Preserved Data Trading Protocol by Exploiting BlockchainIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.339853519(9012-9025)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3398535
Jiao LLi YHao YGong X(2024)Differential Fault Attacks on Privacy Protocols Friendly Symmetric-Key PrimitivesIET Information Security10.1049/2024/74575172024Online publication date: 27-Mar-2024
https://dl.acm.org/doi/10.1049/2024/7457517
Wang BWu W(2024)Security analysis of P-SPN schemes against invariant subspace attack with inactive S-boxesDesigns, Codes and Cryptography10.1007/s10623-024-01465-z92:11(3753-3782)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1007/s10623-024-01465-z
Ashur TBuschman TMahzoun M(2024)Algebraic Cryptanalysis of the HADES Design Strategy: Application to Poseidon and Poseidon2Information Security and Privacy10.1007/978-981-97-5028-3_12(225-244)Online publication date: 15-Jul-2024
https://dl.acm.org/doi/10.1007/978-981-97-5028-3_12
Bariant ABoeuf ALemoine AManterola Ayala IØygarden MPerrin LRaddum H(2024)The Algebraic FreeLunch: Efficient Gröbner Basis Attacks Against Arithmetization-Oriented PrimitivesAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68385-5_5(139-173)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68385-5_5
Hoffmann CMéaux PStandaert F(2024)The Patching Landscape of Elisabeth-4 and the Mixed Filter Permutator ParadigmProgress in Cryptology – INDOCRYPT 202310.1007/978-3-031-56232-7_7(134-156)Online publication date: 29-Mar-2024
https://doi.org/10.1007/978-3-031-56232-7_7
Micciancio DSchultz M(2023)Error Correction and Ciphertext Quantization in Lattice CryptographyAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38554-4_21(648-681)Online publication date: 9-Aug-2023
https://doi.org/10.1007/978-3-031-38554-4_21
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents