Fully homomorphic encryption using ideal lattices

@inproceedings{Gentry2009FullyHE,
  title={Fully homomorphic encryption using ideal lattices},
  author={Craig Gentry},
  booktitle={Symposium on the Theory of Computing},
  year={2009}
}
  • Craig Gentry
  • Published in
    Symposium on the Theory of…
    31 May 2009
  • Computer Science, Mathematics
We propose a fully homomorphic encryption scheme -- i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt. Our solution comes in three steps. First, we provide a general result -- that, to construct an encryption scheme that permits evaluation of arbitrary circuits, it suffices to construct an encryption scheme that can evaluate (slightly augmented versions of) its own decryption circuit; we call a scheme that can evaluate its (augmented… 

Semi-Homomorphic Encryption and Multiparty Computation

The relaxed notion of a semi-homomorphic encryption scheme is defined, where the plaintext can be recovered as long as the computed function does not increase the size of the input "too much", and a number of existing cryptosystems are captured.

Practical Fully Homomorphic Encryption without Noise Reduction

  • Dongxi Liu
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2015
A new fully homomorphic encryption (FHE) scheme that is efficient for practical applications and proved the hardness of recovering encryption keys from any number of ciphertexts with chosen plaintexts and then the semantic security of the scheme.

Server-assisted fully homomorphic computation protocols

  • G. D. Crescenzo
  • Computer Science, Mathematics
    2016 IEEE Conference on Communications and Network Security (CNS)
  • 2016
In a participant model where users are assisted by a single (cloud-based) server, it is shown how users can homomorphically compute any arbitrary arithmetic circuit, with inputs in any ring with efficient operations, over ciphertexts generated according to partially malleable encryption schemes.

Fully Homomorphic Encryption without Bootstrapping

A new way of constructing leveled fully homomorphic encryption schemes (capable of evaluating arbitrary polynomial-size circuits), without Gentry’s bootstrapping procedure is presented, which dramatically improves performance and bases security on weaker assumptions.

Homomorphic encryption 2 1 Introduction

This document describes the construction under the assumption that the approximate GCD problem is hard and shows how to build somewhat homomorphic encryption (SHE) based on the learning with errors (LWE) problem, which can be used to evaluate a restricted class of algorithms over encrypted data.

Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages

A somewhat homomorphic encryption scheme that is both very simple to describe and analyze, and whose security reduces to the worst-case hardness of problems on ideal lattices using the RLWE assumption, which allows us to completely abstract out the lattice interpretation.

i-Hop Homomorphic Encryption and Rerandomizable Yao Circuits

This work describes a specific DDH-based multi-hop homomorphic encryption scheme that does not suffer from this exponential blowup, and describes a re-randomizable variant of the Yao circuits that anyone can re-garble in such a way that even the party that generated the original garbled circuit cannot recognize it.

Group homomorphic encryption: characterizations, impossibility results, and applications

A new cryptosystem is designed which provides features that are unique up to now: Its IND-CPA security is based on the k-linear problem introduced by Shacham, and Hofheinz and Kiltz, while its IND-CCA1 security isbased on a new k-problem that is proved to have the same progressive property.

Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

A technique to transform a linearly-homomorphic encryption into a scheme capable of evaluating degree-2 computations on ciphertexts and is extended to build a protocol for outsourcing computation on encrypted data using two (non-communicating) servers.

An Approach to Reduce Storage for Homomorphic Computations

A homomorphic evaluation of the decryption of the base PKE is accelerated by introducing a method to reduce the degree of exponentiation circuit at the cost of additional public keys, which gives an efficient solution to the open problem.
...

References

SHOWING 1-10 OF 73 REFERENCES

A New Approach for Algebraically Homomorphic Encryption

This paper shows how to construct a provably secure AHS based on a coding theory problem and believes that using coding theory to design AHS is a promising approach and hope to encourage further investigations.

Additively Homomorphic Encryption with d-Operand Multiplications

This work defines a theoretical object, chained encryption schemes, which allow an efficient evaluation of polynomials of degree d over encrypted data, and proposes a chained encryption scheme whose INDCPA security is based on a worst-case/average-case reduction from uSVP.

Homomorphic Encryption with CCA Security

A new family of encryption schemes are described that satisfy precise definitions for a wide variety of allowed transformations T, and which are secure under the standard Decisional Diffie-Hellman (DDH) assumption.

A Length-Flexible Threshold Cryptosystem with Applications

The scheme inherits the attractive homomorphic properties of Paillier encryption and achieves two new properties: first, all users can use the same modulus when generating key pairs, this allows more efficient proofs of relations between different encryptions, and second, a threshold decryption protocol is constructed for the scheme that is length-flexible.

Evaluating 2-DNF Formulas on Ciphertexts

A homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,...,xn and can evaluate quadratic multi-variate polynomials on ciphertexts provided the resulting value falls within a small set.

Divertible Protocols and Atomic Proxy Cryptography

A definition of protocol divertibility is given that applies to arbitrary 2-party protocols and is compatible with Okamoto and Ohta's definition in the case of interactive zero-knowledge proofs and generalizes to cover several protocols not normally associated with divertibility.

Evaluating Branching Programs on Encrypted Data

The main construction generalizes the approach of Kushilevitz and Ostrovsky for constructing single-server Private Information Retrieval protocols and shows how to strengthen the above so that c′ does not contain additional information about P (other than P(x) for some x) even if the public key and the ciphertext c are maliciously formed.

A New Public-Key Cryptosystem as Secure as Factoring

This paper proposes a novel public-key cryptosystem, which is practical, provably secure and has some other interesting properties as follows: It can be proven to be as secure as the intractability of factoring n = p2q (in the sense of the security of the whole plaintext) against passive adversaries.

Lattice-based homomorphic encryption of vector spaces

A new probabilistic lattice-based bounded homomorphic encryption scheme that is able to preserve a vector spave structure of the message and the addition of ciphertexts is dramatically fast compared to homomorphic schemes based on group theory like Paillier or El Gamal.

Security under key-dependent inputs

This work re-visits the question of building cryptographic primitives that remain secure even when queried on inputs that depend on the secret key and considers many natural constructions that fail to be KDI secure in the standard model, including some schemes that have been proven in the random oracle model.
...