# Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages

@inproceedings{Brakerski2011FullyHE, title={Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages}, author={Zvika Brakerski and Vinod Vaikuntanathan}, booktitle={CRYPTO}, year={2011} }

We present a somewhat homomorphic encryption scheme that is both very simple to describe and analyze, and whose security (quantumly) reduces to the worst-case hardness of problems on ideal lattices. We then transform it into a fully homomorphic encryption scheme using standard "squashing" and "bootstrapping" techniques introduced by Gentry (STOC 2009).
One of the obstacles in going from "somewhat" to full homomorphism is the requirement that the somewhat homomorphic scheme be circular secure…

## 968 Citations

### CRT-based fully homomorphic encryption over the integers

- Computer Science, MathematicsInf. Sci.
- 2015

### Homomorphic encryption 2 1 Introduction

- Computer Science, Mathematics
- 2016

This document describes the construction under the assumption that the approximate GCD problem is hard and shows how to build somewhat homomorphic encryption (SHE) based on the learning with errors (LWE) problem, which can be used to evaluate a restricted class of algorithms over encrypted data.

### Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme

- Computer Science, MathematicsIMACC
- 2013

This paper constructs a new fully homomorphic encryption scheme from the Stehle and Steinfeld version based on standard lattice assumptions and a circular security assumption, which is scale-invariant and therefore avoids modulus switching and the size of ciphertexts is one ring element.

### Fully Homomorphic Encryption from Ring-LWE：Identity-Based，Arbitrary Cyclotomic，Tighter Parameters

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2015

A leveled identity-based homomorphic encryption scheme from ring learning with errors is constructed, which has advantage in computational efficiency and key management, by using user’s identity as the unique public key.

### Practical Fully Homomorphic Encryption without Noise Reduction

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2015

A new fully homomorphic encryption (FHE) scheme that is efficient for practical applications and proved the hardness of recovering encryption keys from any number of ciphertexts with chosen plaintexts and then the semantic security of the scheme.

### Fully Homomorphic Encryption without Bootstrapping

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2011

A new way of constructing leveled fully homomorphic encryption schemes (capable of evaluating arbitrary polynomial-size circuits), without Gentry’s bootstrapping procedure is presented, which dramatically improves performance and bases security on weaker assumptions.

### An Efficient Quantum Somewhat Homomorphic Symmetric Searchable Encryption

- Computer Science, Mathematics
- 2017

This work proposes a more efficient QSHE scheme for classical input states with perfect security, which is used to encrypt the classical message, and the secret key is not required in the evaluation algorithm.

### Efficient fully homomorphic encryption from RLWE with an extension to a threshold encryption scheme

- Computer Science, MathematicsFuture Gener. Comput. Syst.
- 2014

### Symmetric Fully Homomorphic Encryption Using Decidable Matrix Equations

- Computer Science, MathematicsSIN
- 2014

The paper gives the formal definitions of new framework for secure cloud computing -- the primitive of compact symmetric fully homomorphic encryption scheme whose security relies on the difficulty of some NP-complete problem.

### Efficient batch identity-based fully homomorphic encryption scheme in the standard model

- Computer Science, MathematicsIET Inf. Secur.
- 2018

This study proposes an efficient batch IBFHE scheme, which can be proven secure from the standard LWE assumption in the standard model, and construct an asymptotically-faster multi-bit IBE scheme.

## References

SHOWING 1-10 OF 51 REFERENCES

### Bounded Key-Dependent Message Security

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2009

It is observed that any fully homomorphic encryption scheme that additionally enjoys circular security and circuit privacy is fully KDM secure in the sense that its algorithms can be independent of the polynomials L and N.

### Fully homomorphic encryption using ideal lattices

- Computer Science, MathematicsSTOC '09
- 2009

This work proposes a fully homomorphic encryption scheme that allows one to evaluate circuits over encrypted data without being able to decrypt, and describes a public key encryption scheme using ideal lattices that is almost bootstrappable.

### Circular-Secure Encryption from Decision Diffie-Hellman

- Computer Science, MathematicsCRYPTO
- 2008

A public-key encryption system that remains secure even encrypting messages that depend on the secret keys in use, and is circular-secure against chosen-plaintext attacks under the Decision Diffie-Hellman assumption.

### Implementing Gentry's Fully-Homomorphic Encryption Scheme

- Computer Science, MathematicsEUROCRYPT
- 2011

A working implementation of a variant of Gentry's fully homomorphic encryption scheme, similar to the variant used in an earlier implementation effort by Smart and Vercauteren (PKC 2010), with a number of optimizations that allow it to implement all aspects of the scheme, including the bootstrapping functionality.

### Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems

- Computer Science, MathematicsCRYPTO
- 2009

Public-key and symmetric-key cryptosystems that provide security for key-dependent messages and enjoy circular security and a pseudorandom generator that can be computed by a circuit of n ·polylog(n) size are constructed.

### Efficient Public Key Encryption Based on Ideal Lattices

- Computer Science, MathematicsASIACRYPT
- 2009

This work achieves CPA-security against subexponential attacks, with (quasi-)optimal asymptotic performance, in public key encryption schemes with security provably based on the worst case hardness of the approximate Shortest Vector Problem in some structured lattices, called ideal lattices.

### Semantic Security under Related-Key Attacks and Applications

- Computer Science, MathematicsICS
- 2011

A formal study of RKA security for randomized encryption schemes, providing general definitions for semantic security under passive and active RKAs and showing that previous protocols which made a specialized use of random oracles in the form of operation respecting synthesizers or correlation-robust hash functions can be instantiated with RKA-secure encryption schemes.

### Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back)

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2010

The main results of this work are new public-key encryption schemes that, under the quadratic residuosity (QR) assumption (or Paillier's decisional composite residuosity (DCR) assumption), achieve…

### Homomorphic Encryption: from Private-Key to Public-Key

- Mathematics, Computer ScienceElectron. Colloquium Comput. Complex.
- 2010

We show how to transform any additively homomorphic private-key encryption scheme that is compact, into a public-key encryption scheme. By compact we mean that the length of a homomorphically…

### Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness

- Computer Science, MathematicsCRYPTO
- 2010

A worst-case / average-case connection is proved that bases Gentry's scheme (in part) on the quantum hardness of the shortest independent vector problem (SIVP) over ideal lattices in the worst- case.