# Faster Fully Homomorphic Encryption

@inproceedings{Stehl2010FasterFH, title={Faster Fully Homomorphic Encryption}, author={Damien Stehl{\'e} and Ron Steinfeld}, booktitle={ASIACRYPT}, year={2010} }

We describe two improvements to Gentry’s fully homomorphic scheme based on ideal lattices and its analysis: we provide a more aggressive analysis of one of the hardness assumptions (the one related to the Sparse Subset Sum Problem) and we introduce a probabilistic decryption algorithm that can be implemented with an algebraic circuit of low multiplicative degree. Combined together, these improvements lead to a faster fully homomorphic scheme, with a O(λ 3.5) bit complexity per elementary binary…

## 329 Citations

### Fully Homomorphic Encryption over the Integers with Shorter Public Keys

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2011

It is shown that fully homomorphic encryption can be implemented using simple arithmetic operations, and some optimizations from the recent Gentry-Halevi implementation of Gentry's scheme are obtained, roughly the same level of efficiency.

### More Practical Fully Homomorphic Encryption

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2011

This paper first modify the Smart-Vercauteren’s fully homomorphic encryption scheme [SV10] by applying self-loop bootstrappable technique, and constructs a non-self-loop in FHE by using cycle keys.

### More Practical Fully Homomorphic Encryption

- Mathematics, Computer ScienceCloudCom 2012
- 2012

This paper first modify the Smart-Vercauteren’s fully homomorphic encryption scheme [SV10] by applying self-loop bootstrappable technique, and constructs a non-self-loop in FHE by using cycle keys.

### An Improvement for Fully Homomorphic Encryption over Integers with Shorter Public Keys

- Mathematics, Computer ScienceCIT 2014
- 2014

The results show that the public key size reduce from to compared to the Coron’s scheme, and the security of the proposed scheme is based on both the approximate GCD problem and the sparse-subset sum problem.

### A Weakly Homomorphic Encryption with LDN

- Computer Science, MathematicsJ. Networks
- 2014

This paper presents a simple weakly homomorphic encryption scheme using only elementary modular arithmetic over the integers rather than working with ideal lattices, which has shorter public key and ciphertext size than DGHV's construction.

### On the CCA-1 Security of Somewhat Homomorphic Encryption over the Integers

- Computer Science, MathematicsISPEC
- 2012

This paper demonstrates a very practical CCA-1 attack against this somewhat homomorphic encryption scheme and shows that within O(λ2) queries, the authors can recover the secret key successfully, where λ is the security parameter for the system.

### Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers

- Mathematics, Computer ScienceEUROCRYPT
- 2012

A compression technique that reduces the public key size of van Dijk, Gentry, Halevi and Vaikuntanathan's (DGHV) fully homomorphic scheme over the integers from O(λ7) to O( λ5) remains semantically secure, but in the random oracle model.

### An Improvement of Key Generation Algorithm for Gentry's Homomorphic Encryption Scheme

- Computer Science, MathematicsIWSEC
- 2010

A key generation algorithm is proposed for Gentry's homomorphic encryption scheme that controls the bound of the circuit depth by using the relation between the circuit Depth and the eigenvalues of a basis of a lattice.

### An RNS variant of fully homomorphic encryption over integers

- Computer Science, Mathematics
- 2017

A residue number system (RNS) variant to FHE of [12], which is also applicable to the DGHV scheme and improves the original scheme’s security, since the former relies only on the hardness of the A-GCD problem and eliminates the need for the sparsesubset-sum problem used in the original MS procedure.

### Efficient public key Homomorphic Encryption over integer plaintexts

- Computer Science, Mathematics2012 International Conference on Information Security and Intelligent Control
- 2012

The proposed Somewhat Homomorphic public key encryption scheme is compact, semantically secure with significantly smaller public key, and is capable of encrypting integer plaintexts rather than single bits, with comparatively lower message expansion and computational complexities.

## References

SHOWING 1-10 OF 39 REFERENCES

### Fully Homomorphic Encryption over the Integers

- Mathematics, Computer ScienceEUROCRYPT
- 2010

A fully homomorphic encryption scheme, using only elementary modular arithmetic, that reduces the security of the scheme to finding an approximate integer gcd, and investigates the hardness of this task, building on earlier work of Howgrave-Graham.

### Implementing Gentry's Fully-Homomorphic Encryption Scheme

- Computer Science, MathematicsEUROCRYPT
- 2011

A working implementation of a variant of Gentry's fully homomorphic encryption scheme, similar to the variant used in an earlier implementation effort by Smart and Vercauteren (PKC 2010), with a number of optimizations that allow it to implement all aspects of the scheme, including the bootstrapping functionality.

### Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes

- Mathematics, Computer SciencePublic Key Cryptography
- 2009

This work presents a fully homomorphic encryption scheme which has both relatively small key and ciphertext size and allows efficient fully homomorphism over any field of characteristic two.

### Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness

- Computer Science, MathematicsCRYPTO
- 2010

A worst-case / average-case connection is proved that bases Gentry's scheme (in part) on the quantum hardness of the shortest independent vector problem (SIVP) over ideal lattices in the worst- case.

### Fully homomorphic encryption using ideal lattices

- Computer Science, MathematicsSTOC '09
- 2009

This work proposes a fully homomorphic encryption scheme that allows one to evaluate circuits over encrypted data without being able to decrypt, and describes a public key encryption scheme using ideal lattices that is almost bootstrappable.

### A fully homomorphic encryption scheme

- Computer Science, Mathematics
- 2009

This work designs a somewhat homomorphic "boostrappable" encryption scheme that works when the function f is the scheme's own decryption function, and shows how, through recursive self-embedding, bootstrappable encryption gives fully homomorphic encryption.

### A Faster Lattice Reduction Method Using Quantum Search

- Computer ScienceISAAC
- 2003

This work proposes a new lattice reduction method that approximates shortest lattice vectors up to a factor ≤ (k/6) n/2k and makes use of Grover’s quantum search algorithm, demonstrating that the availability of quantum computers will affect not only the security of cryptosystems based on integer factorization or discrete logarithms, but also of lattice based cryptosSystems.

### Computing arbitrary functions of encrypted data

- Computer ScienceCACM
- 2010

It is shown that this separation is possible: a "fully homomorphic" encryption scheme is described that keeps data private, but that allows a worker that does not have the secret decryption key to compute any (still encrypted) result of the data, even when the function of theData is very complex.

### On the Insecurity of a Server-Aided RSA Protocol

- Computer Science, MathematicsASIACRYPT
- 2001

A new lattice-based provable passive attack on RSA-S1 which recovers the factorization of the RSA modulus when a very small public exponent is used, for many choices of the parameters.

### Predicting Lattice Reduction

- Computer ScienceEUROCRYPT
- 2008

The goal of this paper is to provide an assessment of lattice reduction algorithms' behaviour based on extensive experiments performed with the NTL library, and to suggest several conjectures on the worst case and the actual behaviour of lattICE reduction algorithms.