• Corpus ID: 17822566

Linearly Homomorphic Encryption from DDH

  title={Linearly Homomorphic Encryption from DDH},
  author={Guilhem Castagnos and Fabien Laguillaumie},
  journal={IACR Cryptol. ePrint Arch.},
. We design a linearly homomorphic encryption scheme whose security relies on the hardness of the decisional Diffie-Hellman problem. Our approach requires some special features of the underlying group. In particular, its order is unknown and it contains a subgroup in which the discrete logarithm problem is tractable. Therefore, our instantiation holds in the class group of a non maximal order of an imaginary quadratic field. Its algebraic structure makes it possible to obtain such a linearly… 

Figures and Tables from this paper

Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

A technique to transform a linearly-homomorphic encryption into a scheme capable of evaluating degree-2 computations on ciphertexts and is extended to build a protocol for outsourcing computation on encrypted data using two (non-communicating) servers.

Homomorphic Secret Sharing for Low Degree Polynomials

This work presents the first plain-model homomorphic secret sharing scheme that supports the evaluation of polynomials with degree higher than 2, and relies on any degree-k (multi-key) homomorphic encryption scheme.

On the Weakness of Fully Homomorphic Encryption

It is stressed that any computations performed on encrypted data are constrained to the encrypted domain (finite fields or rings), which makes the primitive useless for most computations involving common arithmetic expressions and relational expressions.

New Ideas to Build Noise-Free Homomorphic Cryptosystems

A very simple private-key encryption scheme whose decryption function is a rational function and a nonlinear additive homomorphic operator is specifically developed, which proves IND-CPA security in the generic ring model.

Practical Fully Secure Unrestricted Inner Product Functional Encryption modulo p

Though their schemes are only secure in the selective model, Agrawal, Libert, and Stehle soon provided adaptively secure schemes for the same functionality, which suffer of various practical drawbacks.

A Geometric Approach to Homomorphic Secret Sharing

This work uses a general compiler to generalize and improve on the HSS scheme of Lai, Malavolta, and Schröder, and proposes a new application of HSS to MPC with preprocessing, which obtains communication-efficient MPC protocols for low-degree polynomials that use fewer parties than previous protocols based on the same assumptions.

Non-zero Inner Product Encryptions: Strong Security under Standard Assumptions

This paper provides adaptively secure public-key NIPE under the standard Decision Diffie-Hellman (DDH) assumption that enables one to encrypt messages of sufficiently small length and upgrades two pNIPEs, capable of encrypting large messages with inner products over integers.

Secure Multiparty Computation from Threshold Encryption based on Class Groups

This work constructs the first actively-secure threshold version of the cryptosystem based on class groups from the so-called CL framework and designs a new zero-knowledge protocol for proving multiplicative relations between encrypted values.

Encryption Switching Protocols Revisited: Switching Modulo p

If an ESP is built with two schemes that are respectively additively and multiplicatively homomorphic, it naturally gives rise to a secure 2-party computation protocol, thus perfectly suited for evaluating functions, such as multivariate polynomials, given as arithmetic circuits.

The Paillier's Cryptosystem and Some Variants Revisited

It is shown that there is a big difference between the original Paillier's encryption and some variants, and the alternative decryption procedure of Bresson-Catalano-Pointcheval encryption scheme proposed at Asiacrypt'03 is simplified.



Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

A technique to transform a linearly-homomorphic encryption into a scheme capable of evaluating degree-2 computations on ciphertexts and is extended to build a protocol for outsourcing computation on encrypted data using two (non-communicating) servers.

Homomorphic Encryption for Multiplications and Pairing Evaluation

The semantic security under chosen plaintext attack of the proposed homomorphic encryption scheme under a generalized subgroup membership assumption is proved, and it is proved that it cannot achieve ind-cca1 security.

A New Public-Key Cryptosystem over a Quadratic Order with Quadratic Decryption Time

A new cryptosystem based on ideal arithmetic in quadratic orders, which is a probabilistic encryption scheme and has the homomorphy property, and the implementation shows that it is comparably as fast as the encryption time of the RSA cryptos system with e=216+1.

A Cryptosystem Based on Non-maximal Imaginary Quadratic Orders with Fast Decryption

It is shown that inverting the proposed cryptosystem is computationally equivalent to factoring the non-fundamental discriminant δq, which is intractable for a suitable choice of δ and q, and how one may embed key escrow capability into classical imaginary quadratic field Cryptosystems.

Encoding-Free ElGamal Encryption Without Random Oracles

Partially homomorphic in customizable ways, this paper's encryptions are comparable to plain ElGamal in efficiency, and boost the encryption ratio from about 13 for classical parameters to the optimal value of 2.

A new public key cryptosystem based on higher residues

The probabilistic version of the scheme is an homomorphic encryption scheme whose expansion rate is much better than previously proposed such systems and has se- mantic security, relative to the hardness of computing higher residues for suitable moduli.

A New Public-Key Cryptosystem as Secure as Factoring

This paper proposes a novel public-key cryptosystem, which is practical, provably secure and has some other interesting properties as follows: It can be proven to be as secure as the intractability of factoring n = p2q (in the sense of the security of the whole plaintext) against passive adversaries.

The Security of Cryptosystems Based on Class Semigroups of Imaginary Quadratic Non-maximal Orders

It is shown that well-known structural properties of the class semigroup render these crytosystems insecure, and that any cryptosystemS based on the classSemigroup are unlikely to provide any more security than those using the class group.

On the Security of Cryptosystems with Quadratic Decryption: The Nicest Cryptanalysis

A drastic cryptanalysis is proposed which factors Δ q (and hence recovers the secret key), only given this element, in cubic time in the security parameter, and takes less than a second on a standard PC.

Fully homomorphic encryption using ideal lattices

This work proposes a fully homomorphic encryption scheme that allows one to evaluate circuits over encrypted data without being able to decrypt, and describes a public key encryption scheme using ideal lattices that is almost bootstrappable.