1. Introduction
In the current technology-driven world, such as smart cities, metaverse, 5G, and others, security is considered the crucial element that users, developers, and researchers are concerned about [
1]. Homomorphic Encryption (HE) is a type of encryption that allows computations to be performed on ciphertexts without revealing their plaintext. The obtained results can be decrypted only by the owner of the secret key. HE can resolve many security and privacy issues in various technologies and applications. One of the common practical applications of HE is protecting data on the cloud. The power of HE allows users to profit from an untrusted cloud provider’s huge computation and storage.
The homomorphism concept ensures secure data processing in regulated industries, such as financial services and healthcare, via the use of the data without access to its decrypted content. This aspect can also be exploited in other applications like the Internet of Medical Things (IoMT), where HE offers predictive analytics of medical data without compromising data privacy. In fact, HE may meet other services such as maintaining customer privacy in personalized advertising, financial privacy of functions such as market forecasting and image recognition, and forensic investigations. Election transparency frequently uses HE, where additive encryption systems are suitable for voting applications. These systems allow voters to add different values impartially while keeping their private values and protecting data from manipulation. HE also has been used in cryptocurrency [
2], a peer-to-peer currency issued without passing through a central bank. Cryptocurrency is used through a decentralized computer network and managed with a confidential ledger by blockchain users, which lists all transactions since the origin. There are numerous applications in fields where data privacy is of utmost importance. In this list, we explore some of the domains that have widely exploited homomorphic encryption in the literature:
Cloud computing: Homomorphic encryption has been used to enable secure computation of sensitive data in the cloud without revealing the data to the cloud provider.
Machine learning: Homomorphic encryption can be used to perform secure and private machine learning on encrypted data without the need for decryption.
Blockchain: Homomorphic encryption can be used to enable secure and private transactions on a blockchain without revealing the transaction details to third parties.
Privacy-preserving data analysis: Homomorphic encryption can be used to perform privacy-preserving data analysis on encrypted data without the need for decryption or data sharing.
Internet of Things: Homomorphic encryption can be used to enable secure and private computation on IoT devices without the need for decryption or data sharing.
For instance, integrating the Internet of Things with blockchain has gained significant attention in industry and academia. These two technologies can provide trusted, secure decentralized data storage and reliable communication in various domains, such as healthcare, finance, and industrial systems. However, there is a risk of privacy leakage of sensitive information in the centralized IoT system because the centralized servers can access the plain text data from the IoT devices. Homomorphic encryption (HE) has been integrated with blockchain-based IoT systems to provide high privacy and security. Recently, HE has become particularly relevant in healthcare, where sensitive medical data are collected from various IoT devices. With the integration of HE, the collected data can be encrypted before being sent to the blockchain network, and computations can be performed on the encrypted data without decrypting it. This integration ensures that sensitive patient data remains private and secure, even when it is analyzed or processed by third-party applications. The reason for integrating blockchain-based IoT with HE is to provide a decentralized access model, i.e. in that the data will not be stored in a centralized server and that the owner of the private key controls access to the data. Additionally, integrating HE with blockchain-based IoT systems can provide tamper-proof data storage, where any changes to the data can be detected and traced back to the source.
Hence, any proposed crypto-system for IoT with HE should:
Provide high security and privacy for the data.
Be scalable and handle large amounts of data from various IoT devices.
Be efficient and not add significant overhead to the computational resources required for data processing.
Be compatible with existing support interoperability between connected low-end devices.
Define a user-friendly mode and easy to implement for developers and end-users.
The crucial question in this paper is which is the most suitable HE scheme dedicated to the IoT environment. Classical symmetric key encryption systems have the disadvantage that the user must have a secure private channel to transfer the encryption key to the receiver, which, when compromised, may expose all exchanged data. Furthermore, several symmetric key encryption schemes provide a weak digital signature method [
3]. Asymmetric homomorphic encryption has the potential to enable secure computation of data while keeping it confidential. However, one of the main challenges of implementing asymmetric homomorphic encryption is the computation complexity associated with the encryption and decryption operations.
Despite these challenges, research in asymmetric homomorphic encryption continues to progress, and new schemes are being proposed to address the computation complexity and security issues. This paper extends and completes the work in [
4] to present an improved Partially Homomorphic Encryption (PHE) asymmetric scheme based on the Polynomial Reconstruction Problem. The completed design of PHE offers order-preserving capabilities, making it suitable for IoT-constrained devices. In this proposed multi-key encryption scheme, any decimal number will be fragmented into digits, and each digit will be multiplied by a key using several small secret keys. An asymmetric version that allows an efficient range of queries on encrypted data is proposed as a secondary goal to ensure the order-preserving aspect of the proposed scheme. The order-preserving scenario is that the owner may ask the untrusted cloud to return ciphertexts in the database whose decryptions are in a given range
. The current version also introduces ’data integrity ensuring’ after performing homomorphic functions by an untrusted third party. Thanks to the extended version, the client can easily verify the results validity of operations executed by the cloud without the need to execute all these operations.
The rest of the paper is organized as follows:
Section 2 shows relevant related work. In
Section 3, we present the features of the proposed partially homomorphic encryption scheme and formulate the depth of operations. At the end of this section, we explain and demonstrate the order-preserving propriety of the proposed scheme.
Section 4 describes how the proposal ensures data integrity after an untrusted cloud performs homomorphic addition. In
Section 5, we analyze the hardness level of the proposed crypto-system.
Section 6 dictates the implementation results and shows the efficiency compared with others. Finally,
Section 7 concludes the paper.
4. Data Integrity Ensuring
Homomorphic encryption techniques are particularly useful in cloud computing environments, where sensitive data is often stored and processed on remote servers. However, HE can be vulnerable to attacks that compromise the integrity of the encrypted data. For example, an attacker could modify the encrypted data in a way that would cause the computation to produce incorrect results when the data is decrypted. This attack could have serious consequences, such as financial losses and data breaches. To prevent these types of attacks, data integrity is certainly crucial in cloud homomorphic encrypted data. Furthermore, for a data owner, data integrity (DI) [
30] is a very important and sensitive point in the design, implementation, and use of any data system when he stores its data and then processes or retrieves it, especially if the matter comes to the cloud. DI can be defined as the validity, completeness, accuracy, and consistency of data (
Figure 4). This also includes data integrity in terms of privacy and security. After proper data validation and error checking, the owner can ensure that sensitive data is not used, exploited, improperly classified, or stored incorrectly. All incorrect changes to the data due to storage, computation, or retrieval operations, including unexpected hardware failure, malicious intent, or human errors, will inevitably lead to a fatal error in exploiting this data and its use later.
DI can be easily guaranteed in local databases to prevent intentional information changes. For example, it can first be ensured that internal users will handle the data correctly and harmlessly. However, it will be much more difficult when using a third party (untrusted cloud) to make operations on the encrypted data.
While validation of these homomorphic calculations is a prerequisite for data integrity, we will modify the proposal by adding a second part of the cipher, as this part will prevent any manipulations of homomorphic processing outcomes by a third party, whether these changes are intentional or unintentional. The ciphertext will now be in two parts; the first part provides linear message encryption allowing the cloud to compute the sum of the two first parts. The cloud uses the second part to prove its sincerity in calculation processes. This second part depends on discrete logarithm hardness, where the public key is raised to the power of the plaintext. Therefore, the cloud cannot access the value of the original message in order to change the result of the sum operation.
5. Proof of Security and Performance
The proposed technique has the secret keys, , and the trapdoor p. If an adversary gets p, he will get all using the public keys where . Thus, to obtain p, the adversary has to solve the factorization problem, which cannot be solved in polynomial time. If is the parameter of security with , so the cryptanalysis requires operations to get p.
Known-plaintext attack: When the adversary has
m and
c and tries to get the secret keys. If
digit, the adversary cannot obtain anything,
where
c,
m, and
are known. In addition,
with
is independent of
k; therefore, the adversary will have no information. If
where
. For example
,
, if the adversary computes
and
,
that implies
so
with
and
are independent of
and
; the adversary will have no information. If the adversary has
m and
where
, there is no information. Let,
and
,
So,
To remove , the coefficients and must be different. The adversary will get another value of the public key .
So, to get information, it is insufficient to obtain m, , c, and . If digits, to get p, the adversary must have three plaintexts with conditions and so on. If we use this technique as a symmetrical scheme (without ), the hardness of our scheme will be based on the polynomial reconstruction problem, which can be written as , where .
Brute force attack (BFA): In the RSA cryptosystem, the attacker must perform
operations to get
p with
. In the proposed technique, if there are
s keys, the attacker must perform
operations. So, there are two layers of security, to find
and to find
. In the asymmetric version of the proposal, the attacker can not directly make an exhaustive search on
since it is hidden using
where
, the attacker has to perform
operations to get
p. In order to protect against known attacks and mitigate quantum computing attacks, noisy encryption techniques can be exploited. These techniques involve using large key sizes, making it more difficult for attackers to factor the key using a classical or quantum computer. However, recent studies prove that quantum computing poses a significant threat to classical cryptographic systems such as RSA, which may break large keys in just a few hours [
31]. Larger key sizes also increase the computational overhead and the size of the encrypted message. To further protect against these kinds of attacks, key rotation and nested encryption can be implemented by regularly changing the keys based on randomly chosen values and encrypting the message more than once using distinct keys. This method can help to mitigate the threat of quantum computing attacks, as an attacker would need to break multiple keys to compromise the security of the encryption scheme. By randomizing the keys, noisy encryption makes it more complex for an attacker to break the encryption scheme than a single key. These techniques have proven effective in securing data against various types of attacks.
Computation complexity: If
, we have
in the encryption operation where
denotes the complexity and
is a constant, if
, then the time complexity is linear:
. The proposed technique performance in terms of complexity is shown in
Table 2.
Small Key and Ciphertext Sizes: The ciphertext size has great importance in cryptography because it is the most exchanged element between a sender and a receiver, where the plain message is converted into a ciphertext in order to send it through an unreliable channel. Unlike the public key, the secret key, or the private key, no matter how big it is, it will be exchanged between communicants no more than once. The size of the ciphertext is more important in low-energy environments such as the IoT, which are spreading more day by day and being applied in various fields. Therefore, a lot of cryptographic research focuses on creating techniques that enable the generation of ciphertexts of a small size, so that these techniques can be practical in the largest possible number of fields. Hence, we focused in the proposed scheme on this point and were able to create a relatively small ciphertext compared to other work.
The simplified formula as given in Equation (
3) results in a relatively small key and ciphertext size.
Lemma 3. with α is a constant.
Proof. If , knowing that .
If we put , we will get: that is that implies . So, . □