Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages

@inproceedings{Brakerski2011FullyHE,
  title={Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages},
  author={Zvika Brakerski and Vinod Vaikuntanathan},
  booktitle={CRYPTO},
  year={2011}
}
We present a somewhat homomorphic encryption scheme that is both very simple to describe and analyze, and whose security (quantumly) reduces to the worst-case hardness of problems on ideal lattices. We then transform it into a fully homomorphic encryption scheme using standard "squashing" and "bootstrapping" techniques introduced by Gentry (STOC 2009). One of the obstacles in going from "somewhat" to full homomorphism is the requirement that the somewhat homomorphic scheme be circular secure… 

Homomorphic encryption 2 1 Introduction

TLDR
This document describes the construction under the assumption that the approximate GCD problem is hard and shows how to build somewhat homomorphic encryption (SHE) based on the learning with errors (LWE) problem, which can be used to evaluate a restricted class of algorithms over encrypted data.

Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme

TLDR
This paper constructs a new fully homomorphic encryption scheme from the Stehle and Steinfeld version based on standard lattice assumptions and a circular security assumption, which is scale-invariant and therefore avoids modulus switching and the size of ciphertexts is one ring element.

Fully Homomorphic Encryption from Ring-LWE:Identity-Based,Arbitrary Cyclotomic,Tighter Parameters

TLDR
A leveled identity-based homomorphic encryption scheme from ring learning with errors is constructed, which has advantage in computational efficiency and key management, by using user’s identity as the unique public key.

Practical Fully Homomorphic Encryption without Noise Reduction

  • Dongxi Liu
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2015
TLDR
A new fully homomorphic encryption (FHE) scheme that is efficient for practical applications and proved the hardness of recovering encryption keys from any number of ciphertexts with chosen plaintexts and then the semantic security of the scheme.

Fully Homomorphic Encryption without Bootstrapping

TLDR
A new way of constructing leveled fully homomorphic encryption schemes (capable of evaluating arbitrary polynomial-size circuits), without Gentry’s bootstrapping procedure is presented, which dramatically improves performance and bases security on weaker assumptions.

An Efficient Quantum Somewhat Homomorphic Symmetric Searchable Encryption

TLDR
This work proposes a more efficient QSHE scheme for classical input states with perfect security, which is used to encrypt the classical message, and the secret key is not required in the evaluation algorithm.

Efficient fully homomorphic encryption from RLWE with an extension to a threshold encryption scheme

Symmetric Fully Homomorphic Encryption Using Decidable Matrix Equations

TLDR
The paper gives the formal definitions of new framework for secure cloud computing -- the primitive of compact symmetric fully homomorphic encryption scheme whose security relies on the difficulty of some NP-complete problem.

Efficient batch identity-based fully homomorphic encryption scheme in the standard model

TLDR
This study proposes an efficient batch IBFHE scheme, which can be proven secure from the standard LWE assumption in the standard model, and construct an asymptotically-faster multi-bit IBE scheme.
...

References

SHOWING 1-10 OF 51 REFERENCES

Bounded Key-Dependent Message Security

TLDR
It is observed that any fully homomorphic encryption scheme that additionally enjoys circular security and circuit privacy is fully KDM secure in the sense that its algorithms can be independent of the polynomials L and N.

Fully homomorphic encryption using ideal lattices

TLDR
This work proposes a fully homomorphic encryption scheme that allows one to evaluate circuits over encrypted data without being able to decrypt, and describes a public key encryption scheme using ideal lattices that is almost bootstrappable.

Circular-Secure Encryption from Decision Diffie-Hellman

TLDR
A public-key encryption system that remains secure even encrypting messages that depend on the secret keys in use, and is circular-secure against chosen-plaintext attacks under the Decision Diffie-Hellman assumption.

Implementing Gentry's Fully-Homomorphic Encryption Scheme

TLDR
A working implementation of a variant of Gentry's fully homomorphic encryption scheme, similar to the variant used in an earlier implementation effort by Smart and Vercauteren (PKC 2010), with a number of optimizations that allow it to implement all aspects of the scheme, including the bootstrapping functionality.

Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems

TLDR
Public-key and symmetric-key cryptosystems that provide security for key-dependent messages and enjoy circular security and a pseudorandom generator that can be computed by a circuit of n ·polylog(n) size are constructed.

Efficient Public Key Encryption Based on Ideal Lattices

TLDR
This work achieves CPA-security against subexponential attacks, with (quasi-)optimal asymptotic performance, in public key encryption schemes with security provably based on the worst case hardness of the approximate Shortest Vector Problem in some structured lattices, called ideal lattices.

Semantic Security under Related-Key Attacks and Applications

TLDR
A formal study of RKA security for randomized encryption schemes, providing general definitions for semantic security under passive and active RKAs and showing that previous protocols which made a specialized use of random oracles in the form of operation respecting synthesizers or correlation-robust hash functions can be instantiated with RKA-secure encryption schemes.

Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back)

The main results of this work are new public-key encryption schemes that, under the quadratic residuosity (QR) assumption (or Paillier's decisional composite residuosity (DCR) assumption), achieve

Homomorphic Encryption: from Private-Key to Public-Key

  • R. Rothblum
  • Mathematics, Computer Science
    Electron. Colloquium Comput. Complex.
  • 2010
We show how to transform any additively homomorphic private-key encryption scheme that is compact, into a public-key encryption scheme. By compact we mean that the length of a homomorphically

Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness

TLDR
A worst-case / average-case connection is proved that bases Gentry's scheme (in part) on the quantum hardness of the shortest independent vector problem (SIVP) over ideal lattices in the worst- case.
...