Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

Zhiniang Peng

DOI: https://doi.org/10.48550/arXiv.1906.07127

2019-06-18

Abstract:Fully homomorphic encryption is a promising crypto primitive to encrypt your data while allowing others to compute on the encrypted data. But there are many well-known problems with fully homomorphic encryption such as CCA security and circuit privacy problem. Despite these problems, there are still many companies are currently using or preparing to use fully homomorphic encryption to build data security applications. It seems that the full homomorphic encryption is very close to practicality and these problems can be easily mitigated in implementation. Although the those problems are well known in theory, there is no public discussion of their actual impact on real application. Our research shows that there are many security pitfalls in fully homomorphic encryption from the perspective of practical application. The security problems of a fully homomorphic encryption in a real application is more severe than imagined. In this paper, we will take Microsoft SEAL as an examples to introduce the security pitfalls of fully homomorphic encryption from the perspective of implementation and practical application

Cryptography and Security

Zhenyong Zhang,Peng Cheng,Junfeng Wu,Jiming Chen

DOI: https://doi.org/10.1109/tcst.2020.3019501

IF: 4.8

2020-01-01

IEEE Transactions on Control Systems Technology

Abstract:Recently, the security of state estimation has attracted significant research attention due to the need for trustworthy situation awareness in emerging cyber-physical systems. In this article, we design an encryption-based state estimation (ESE) using partially homomorphically encrypted data. The encryption will enhance the confidentiality not only of data transmitted in the communication network but also critical system information required by the estimator. We adopt a hybrid encryption scheme by jointly using the multiplicatively and additively homomorphic encryption methods. Armed with encryption, ESE is able to conceal comprehensive information (i.e., model parameters, measurements, and estimates) aggregated at the estimator while retaining the correctness of the normal state estimation. Therefore, even if an attacker has gained unauthorized access to the estimator and associated communication channels, he/she will not be able to obtain sufficient knowledge of the system state to guide the attack. Furthermore, due to the encryption-induced quantization error, we give a sufficient stability condition for ESE. Finally, we implement ESE with real-world hardware to illustrate its effectiveness and efficiency.

Thi Van Thao Doan,Mohamed-Lamine Messai,Gérald Gavin,Jérôme Darmont

DOI: https://doi.org/10.1007/s11227-023-05233-z

IF: 3.3

2023-04-14

The Journal of Supercomputing

Abstract:With the increased need for data confidentiality in various applications of our daily life, homomorphic encryption (HE) has emerged as a promising cryptographic topic. HE enables to perform computations directly on encrypted data (ciphertexts) without decryption in advance. Since the results of calculations remain encrypted and can only be decrypted by the data owner, confidentiality is guaranteed and any third party can operate on ciphertexts without access to decrypted data (plaintexts). Applying a homomorphic cryptosystem in a real-world application depends on its resource efficiency. Several works compared different HE schemes and gave the stakes of this research field. However, the existing works either do not deal with recently proposed HE schemes (such as CKKS) or focus only on one type of HE. In this paper, we conduct an extensive comparison and evaluation of homomorphic cryptosystems’ performance based on their experimental results. The study covers all three families of HE, including several notable schemes such as BFV, BGV, FHEW, TFHE, CKKS, RSA, El-Gamal, and Paillier, as well as their implementation specification in widely used HE libraries, namely Microsoft SEAL, PALISADE, and HElib. In addition, we also discuss the resilience of HE schemes to different kind of attacks such as indistinguishability under chosen plaintext attack and integer factorization attacks on classical and quantum computers.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Sai Sri Sathya,Praneeth Vepakomma,Ramesh Raskar,Ranjan Ramachandra,Santanu Bhattacharya

DOI: https://doi.org/10.48550/arXiv.1812.02428

2018-12-07

Abstract:In this paper we provide a survey of various libraries for homomorphic encryption. We describe key features and trade-offs that should be considered while choosing the right approach for secure computation. We then present a comparison of six commonly available Homomorphic Encryption libraries - SEAL, HElib, TFHE, Paillier, ELGamal and RSA across these identified features. Support for different languages and real-life applications are also elucidated.

Cryptography and Security

Abbas Acar,Hidayet Aksu,A. Selcuk Uluagac,Mauro Conti

DOI: https://doi.org/10.48550/arXiv.1704.03578

2017-04-12

Cryptography and Security

Abstract:Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.

Fucai Luo,Haiyan Wang,Al-Kuwari Saif,Weihong Han

DOI: https://doi.org/10.1016/j.csi.2023.103742

2023-03-29

Abstract:Fully Homomorphic Encryption (FHE) is a powerful encryption system in cloud computing that allows homomorphic computations on encrypted data without decrypting them. Multi-key fully homomorphic encryption (MFHE), as an extension to FHE, allows homomorphic computations on ciphertexts encrypted under different keys. However, most MFHE schemes require a Common Random/Reference String (CRS), while the few that do not are based on the Learning With Errors (LWE) problem, which means that they can only deal with single bit plaintext. Consequently, MFHE schemes based on the Ring Learning With Errors (RLWE) problem are more desirable, as they can handle polynomial plaintext. Requiring the CRS seems to weaken the semantic definition of MFHE, where all users generate their own keys independently. In this paper, we study the RLWE-based MFHE in the CRS model and propose the first RLWE-based MFHE without a CRS. To this end, we remove the CRS by designing a relinearization algorithm without a CRS. Like previous MFHE schemes, our RLWE-based MFHE without CRS has a simple 1-round threshold decryption, which implies a 3-round secure MPC protocol in the plain model from the RLWE assumption.

computer science, software engineering, hardware & architecture

Xiaoliang Che,Longfei Liu,Baocang Wang,Yiliang Han,Xu An Wang,Xiaoyuan Yang,Tanping Zhou

DOI: https://doi.org/10.1016/j.jksuci.2023.101794

IF: 9.006

2023-10-12

Journal of King Saud University - Computer and Information Sciences

Abstract:Most previous RLWE-based multi-key homomorphic encryptions (MKHEs) need to perform complex relinearization operations on ciphertext products to complete the evaluation of circuits of bounded polynomial depth. In this process, many intermediate ciphertexts or keys are needed for computing, resulting in inefficient computing and redundant storage. We propose a more efficient RLWE-based MKHE without relinearization operations to squeeze the storage space provided for homomorphic computation. Firstly, a controllable factor is introduced into the party's ciphertexts, delineating the ciphertext as a component-like factor in preparation for concatenate operations. Secondly, we construct a tightened RGSW ciphertext extension algorithm that can be directly applied to the party's original ciphertext. The extended ciphertext no longer needs to be converted, so any conversion keys are no longer required. Again, by combining the concatenate and bit decomposition techniques, we construct new matching homomorphic computation algorithms, which ensure that the ciphertext product or sum is consistent in morphology with the extended ciphertext. The homomorphic multiplication algorithm allows the resultant ciphertext to directly participate in the next round of homomorphic operations without relinearization. Finally, we propose a specific RLWE-based MKHE scheme and provide the decryption process. Our analysis shows that our scheme guarantees IND-CPA security and performs efficient homomorphic computations correctly without relinearization operations.

computer science, information systems

Alexander Viand,Anwar Hithnawi,C. Knabenhans

DOI: https://doi.org/10.48550/arXiv.2301.07041

2023-01-17

Abstract:Fully Homomorphic Encryption (FHE) is seeing increasing real-world deployment to protect data in use by allowing computation over encrypted data. However, the same malleability that enables homomorphic computations also raises integrity issues, which have so far been mostly overlooked. While FHEs lack of integrity has obvious implications for correctness, it also has severe implications for confidentiality: a malicious server can leverage the lack of integrity to carry out interactive key-recovery attacks. As a result, virtually all FHE schemes and applications assume an honest-but-curious server who does not deviate from the protocol. In practice, however, this assumption is insufficient for a wide range of deployment scenarios. While there has been work that aims to address this gap, these have remained isolated efforts considering only aspects of the overall problem and fail to fully address the needs and characteristics of modern FHE schemes and applications. In this paper, we analyze existing FHE integrity approaches, present attacks that exploit gaps in prior work, and propose a new notion for maliciously-secure verifiable FHE. We then instantiate this new notion with a range of techniques, analyzing them and evaluating their performance in a range of different settings. We highlight their potential but also show where future work on tailored integrity solutions for FHE is still required.

Eleni Agathocleous,Vishnupriya Anupindi,Annette Bachmayr,Chloe Martindale,Rahinatou Yuh Njah Nchiwo,Mima Stanojkovski

2023-09-27

Abstract:In [15], Leonardi and Ruiz-Lopez propose an additively homomorphic public key encryption scheme whose security is expected to depend on the hardness of the learning homomorphism with noise problem (LHN). Choosing parameters for their primitive requires choosing three groups $G$, $H$, and $K$. In their paper, Leonardi and Ruiz-Lopez claim that, when $G$, $H$, and $K$ are abelian, then their public key cryptosystem is not quantum secure. In this paper, we study security for finite abelian groups $G$, $H$, and $K$ in the classical case. Moreover, we study quantum attacks on instantiations with solvable groups.

Cryptography and Security

Gang Du,Chunguang Ma,Zengpeng Li,Ding Wang

DOI: https://doi.org/10.1007/978-3-319-68542-7_21

2017-01-01

Abstract:Despite the convenience brought by cloud computing, internet users, meanwhile, are faced with risks of data theft, tampering, forgery, etc. Fully homomorphic encryption (FHE) has the ability to deal with the ciphertext directly, which can solve the problem of data security in cloud computing. Therefore, fully homomorphic encryption (FHE) has been widely used in cloud computing as well as multiparty computing, functional encryption and private information retrieval, etc. However, previous FHE schemes are based on standard (ring) learning with errors (LWE) assumption and the most typical schemes were created by Brakerski (CRYPTO2012) and Gentry-Sahai-Waters (GSW) (CRYPTO2013). Moreover, inspired by the work of Li et al. at ICPADS2016, they made use of Brakerski's scale-invariant technology and constructed a new FHE scheme with errorless key switching under Dual-First-is-errorless LWE (Dual-Ferr. LWE) problem. Hence, armed with Li et al.'s work, in this paper, we use Gentry-Peikert-Vaikuntanathan's scheme (i.e., under dual LWE assumption) as building block to construct a FHE scheme. Lastly, under the assumption of decisional learning with errors (LWE), we prove that our scheme is CPA (chosen-plaintext-attack) secure.

Victor Kadykov,Alla Levina

DOI: https://doi.org/10.1109/meco52532.2021.9460165

2021-06-07

Abstract:Homomorphic encryption allows users to perform mathematical operations on open data in encrypted form by performing homomorphically appropriate operations on encrypted data without knowing the decryption function (key). Nowadays such possibilities for cryptoalgorithm are very important in many areas such as data storage, cloud computing, cryptocurrency, and mush more. In 2009 a system of fully homomorphic encryption was constructed, in the future, many works were done based on it. In this work, is performed the implementation of ideal lattices for constructing homomorphic operations over ciphertexts. The idea, presented in this work, allows to separate relations between homomorphic and security parts of a lattice-based homomorphic encryption system.

Jonathan Ly

2024-08-14

Abstract:Many modern applications that deal with sensitive data, such as healthcare and government services, outsource computation to cloud platforms. In such untrusted environments, privacy is of vital importance. One solution to this problem is homomorphic encryption (HE), a family of cryptographic schemes that support certain algebraic operations on encrypted data without the need for decryption. However, despite major advancements, encryption in modern HE schemes still comes with a non-trivial computational overhead that can hamper data-intensive workloads. To resolve this, recent research has shown that leveraging caching techniques, such as Rache, can significantly enhance the performance of HE schemes while maintaining security. Rache unfortunately displays a key limitation in the time complexity of its caching procedure, which scales with the size of the plaintext space. Smuche is another caching scheme that simultaneously improves the scalability of the caching procedure and turns the encryption process into a constant-time operation, utilizing only a single scalar multiplication. Even still, more can be done. In this paper, we present an encryption method we call ``Zinc" which entirely forgoes the multiple caching process, replacing it with a single scalar addition, and then injecting randomness that takes constant time with respect to the plaintext space. This injection of randomness is similar to Smuche, and a great improvement from Rache, allowing Zinc to achieve efficiency without compromising security. We implement the scheme using Microsoft SEAL and compare its performance to vanilla CKKS.

Cryptography and Security

Konstantin G. Kogos,Kseniia S. Filippova,Anna V. Epishkina

DOI: https://doi.org/10.1109/eiconrus.2017.7910591

2017-01-01

Abstract:The challenge of maintaining confidentiality of stored and processed data in a remote database or cloud is quite urgent. Using homomorphic encryption may solve the problem, because it allows to compute some functions over encrypted data without preliminary deciphering of data. Fully homomorphic encryption schemes have a number of limitations such as accumulation of noise and increase of ciphertext extension during performing operations, the range of operations is limited. Nowadays a lot of homomorphic encryption schemes and their modifications have been investigated, so more than 25 reports on homomorphic encryption schemes have already been published on Cryptology ePrint Archive for 2016. We propose an overview of current Fully Homomorphic Encryption Schemes and analyze specific operations for databases which homomorphic cryptosystems allow to perform. We also investigate the possibility of sorting over encrypted data and present our approach to compare data encrypted by Multi-bit FHE scheme.

V. Yu. Kadykov,A. B. Levina

DOI: https://doi.org/10.14489/vkit.2020.12.pp.040-046

2020-12-01

Abstract:By 2009 the first system of fully homomorphic encryption had been constructed, and it was thought-provoking for many future works based on it. Instead of legacy encryption systems which depend on sharing a key (public or private) among endpoints involved in exchanging en encrypted message the fully homomorphic encryption can keep service without depending on shared keys and does not necessarily need to access the content. Such property allows any third party to operate on the encrypted data without decrypting it in advance. In this work, the possibility of using the ideal lattices for the construction of homomorphic operations is researched with a detailed level of math.The paper represents the analysis method based on the primitive of a union of ideals in lattice space. A segregated analysis between homomorphic and security properties is the advantage of this method. The work will be based on the analysis of generalized operations over ciphertext using the concept of the base reducing element which shares all about the method above. It will be shown how some non-homomorphic encryption systems can be supplemented by homomorphic operations which invoke different parameters choosing. Thus such systems can be decomposed from ciphertext structure to decryption process which will be affected by separately analyzed base reduction elements. Distinct from the encryption scheme the underlying math can be used to analyze only the homomorphic part, particularly under some simplifications. The building of such ideal-based ciphertext is laying on the assumption that ideals can be extracted further. It will be shown that the “remainder theorem” can be one of the principal ways to do this providing a simple estimate of an upper bound security strength of ciphertext structure.

S. Halevi,M. Triplett,Vincent Zucca,Dmitriy Suponitsky,Ahmad Al Badawi,D. Micciancio,Kurt Rohloff,Saroja Erabelli,Jack Bates,Yongwoo Lee,V. Vaikuntanathan,Zeyu Liu,Jonathan Saylor,Andrey Kim,Ian Quah,N. Genise,Hamish Hunt,Flávio Bergamaschi,Y. Polyakov,Saraswathy R.V.,David Cousins

DOI: https://doi.org/10.1145/3560827.3563379

2022-11-07

Abstract:Fully Homomorphic Encryption (FHE) is a powerful cryptographic primitive that enables performing computations over encrypted data without having access to the secret key. We introduce OpenFHE, a new open-source FHE software library that incorporates selected design ideas from prior FHE projects, such as PALISADE, HElib, and HEAAN, and includes several new design concepts and ideas. The main new design features can be summarized as follows: (1) we assume from the very beginning that all implemented FHE schemes will support bootstrapping and scheme switching; (2) OpenFHE supports multiple hardware acceleration backends using a standard Hardware Abstraction Layer (HAL); (3) OpenFHE includes both user-friendly modes, where all maintenance operations, such as modulus switching, key switching, and bootstrapping, are automatically invoked by the library, and compiler-friendly modes, where an external compiler makes these decisions. This paper focuses on high-level description of OpenFHE design, and the reader is pointed to external OpenFHE references for a more detailed/technical description of the software library.

Computer Science

Michael Naehrig,Kristin Lauter,Vinod Vaikuntanathan

DOI: https://doi.org/10.1145/2046660.2046682

2011-01-01

Abstract:The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted. In fact, we now know a number of constructions of fully homomorphic encryption schemes that allow arbitrary computation on encrypted data. In the last two years, solutions for fully homomorphic encryption have been proposed and improved upon, but it is hard to ignore the elephant in the room, namely efficiency -- can homomorphic encryption ever be efficient enough to be practical? Certainly, it seems that all known fully homomorphic encryption schemes have a long way to go before they can be used in practice. Given this state of affairs, our contribution is two-fold. First, we exhibit a number of real-world applications, in the medical, financial, and the advertising domains, which require only that the encryption scheme is "somewhat" homomorphic. Somewhat homomorphic encryption schemes, which support a limited number of homomorphic operations, can be much faster, and more compact than fully homomorphic encryption schemes. Secondly, we show a proof-of-concept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the "ring learning with errors" (Ring LWE) problem. The scheme is very efficient, and has reasonably short ciphertexts. Our unoptimized implementation in magma enjoys comparable efficiency to even optimized pairing-based schemes with the same level of security and homomorphic capacity. We also show a number of application-specific optimizations to the encryption scheme, most notably the ability to convert between different message encodings in a ciphertext.

Chiara Marcolla,Victor Sucasas,Marc Manzano,Riccardo Bassoli,Frank H.P. Fitzek,Najwa Aaraj

DOI: https://doi.org/10.36227/techrxiv.19315202.v3

IF: 20.6

2022-10-19

Proceedings of the IEEE

Abstract:Data privacy concerns are increasing significantly in the context of the Internet of Things, cloud services, edge computing, artificial intelligence applications, and other applications enabled by next-generation networks. Homomorphic encryption addresses privacy challenges by enabling multiple operations to be performed on encrypted messages without decryption. This article comprehensively addresses homomorphic encryption from both theoretical and practical perspectives. This article delves into the mathematical foundations required to understand fully homomorphic encryption ( ). It consequently covers design fundamentals and security properties of and describes the main schemes based on various mathematical problems. On a more practical level, this article presents a view on privacy-preserving machine learning using homomorphic encryption and then surveys at length from an engineering angle, covering the potential application of in fog computing and cloud computing services. It also provides a comprehensive analysis of existing state-of-the-art libraries and tools, implemented in software and hardware, and the performance thereof.

engineering, electrical & electronic

Xiaoqiang Sun,Jianping Yu,Ting Wang,Zhiwei Sun,Peng Zhang

DOI: https://doi.org/10.1002/sec.1685

IF: 1.968

2016-11-18

Security and Communication Networks

Abstract:<section class="article-section article-section__abstract" lang="en" data-lang="en" id="section-1-en"> <h3 class="article-section__header main main">Abstract</h3> <div class="article-section__content en main"> <p>Based on the learning with errors over rings (RLWE) assumption, a leveled fully homomorphic encryption (FHE) by the approximate eigenvector method under the same public key is proposed, which security can be reduced to the shortest vector problem on ideal lattices in the worst case. And the leveled FHE under different public keys is realized by the secret key switching without dimension reduction. Combine the public key of leveled FHE with the identity, we bring forward an efficient identity‐based leveled FHE scheme from the RLWE assumption. The security analysis shows that our identity‐based leveled FHE scheme is selective‐ID secure against chosen‐plaintext attacks in the random oracle model. And the efficiency analysis and simulation results show that the proposed identity‐based leveled FHE scheme is much more efficient than Gentry's and Wang's identity‐based cryptosystems based on the learning with errors assumption. Copyright © 2016 John Wiley & Sons, Ltd.</p>

computer science, information systems,telecommunications

Victor Kadykov,Alla Levina,Alexander Voznesensky

DOI: https://doi.org/10.1016/j.procs.2021.04.149

2021-01-01

Procedia Computer Science

Abstract:<p>In 2009 a system of fully homomorphic encryption was constructed, in the future, many works were done based on it. In this work, will be performed an analysis of the possibility to use the ideal lattices for constructing homomorphic operations over ciphertexts.</p><p>This paper represents the analysis of an encryption system based on the primitive of a union in ideal lattices space. The advantage of this approach consists in the possibility of segregated analysis of encryption security and homomorphic properties of the system.</p><p>The work will be based on the method of analyzing generalized operations over ciphertext using the concept of the base reducing element. It will be shown that some encryption systems can be supplemented by homomorphism between opentext and ciphertext. Thus such systems can be decomposed by encryption and homomorphic parts which would affect each other but although can be analyzed separately. Different systems (probably within one class) can be represented via an identical transform of sets. Separated from the cryptographic scheme the underlying math can be used to analyze only the homomorphic part, particularly under some simplifications. The building of ideal-based ciphertext laying on the assumption that ideals can be extracted further, it will be shown in the paper what the "remainder theorem" can be one of the principal ways to do this.</p>