Sylvain Chatel,Christian Knabenhans,Apostolos Pyrgelis,Carmela Troncoso,Jean-Pierre Hubaux

2024-06-04

Abstract:Homomorphic encryption, which enables the execution of arithmetic operations directly on ciphertexts, is a promising solution for protecting privacy of cloud-delegated computations on sensitive data. However, the correctness of the computation result is not ensured. We propose two error detection encodings and build authenticators that enable practical client-verification of cloud-based homomorphic computations under different trade-offs and without compromising on the features of the encryption algorithm. Our authenticators operate on top of trending ring learning with errors based fully homomorphic encryption schemes over the integers. We implement our solution in VERITAS, a ready-to-use system for verification of outsourced computations executed over encrypted data. We show that contrary to prior work VERITAS supports verification of any homomorphic operation and we demonstrate its practicality for various applications, such as ride-hailing, genomic-data analysis, encrypted search, and machine-learning training and inference.

Cryptography and Security

Ziyuan Liang,Qi'ao Jin,Zhiyong Wang,Zhaohui Chen,Zhen Gu,Yanheng Lu,Fan Zhang

DOI: https://doi.org/10.46586/tches.v2024.i2.819-843

2024-01-01

Abstract:Secure multi-party computation and homomorphic encryption are two primary security primitives in privacy-preserving machine learning, whose wide adoption is, nevertheless, constrained by the computation and network communication overheads. This paper proposes a hybrid Secret-sharing and Homomorphic encryption Architecture for Privacy-pERsevering machine learning (SHAPER). SHAPER protects sensitive data in encrypted or randomly shared domains instead of relying on a trusted third party. The proposed algorithm-protocol-hardware co-design methodology explores techniques such as plaintext Single Instruction Multiple Data (SIMD) and fine-grained scheduling, to minimize end-to-end latency in various network settings. SHAPER also supports secure domain computing acceleration and the conversion between mainstream privacy-preserving primitives, making it ready for general and distinctive data characteristics. SHAPER is evaluated by FPGA prototyping with a comprehensive hyper-parameter exploration, demonstrating a 94x speed-up over CPU clusters on large-scale logistic regression training tasks.

LI Shun-dong,WANG Dao-shun

DOI: https://doi.org/10.3969/j.issn.0372-2112.2013.04.029

2013-01-01

Abstract:Secure multiparty computation is a key privacy-preserving technology in cyberspaces and a research focus in the international cryptographic community.We first present a new encoding scheme to encode private data.By using this encoding scheme together with homomorphic encryption scheme,we construct a new scheme for Yao′s millionaires′ problem and prove its privacy-preserving property.This new scheme is more concise,more general and can be applied to compare any two objects on which a total order can be defined.We finally utilize the new scheme to propose a solution to the coprime problem and prove the privacy-preserving properties of the solution.

Huang Neng

2024-10-23

Abstract:Privacy computing involves the extensive exchange and processing of encrypted data. For the parties involved in these interactions, how to determine the consistency of exchanged data without accessing the original data, ensuring tamper resistance, non-repudiation, quality traceability, indexing, and retrieval during the use of encrypted data, which is a key topic of achieving "Data Availability versus Visibility". This paper proposes a new type of homomorphism: Feature Homomorphism, and based on this feature, introduces a cryptographic scheme for data verification under ciphertext-only conditions. The proposed scheme involves designing a group of algorithms that meet the requirements outlined in this paper, including encryption/decryption algorithms and Feature Homomorphic Algorithm. This group of algorithms not only allows for the encryption and decryption of data but also ensures that the plaintext and its corresponding ciphertext, encrypted using the specified encryption algorithm, satisfy the following property: the eigenvalue of the plaintext obtained using the Feature Homomorphic Algorithm is equal to the eigenvalue of the ciphertext obtained using the same algorithm. With this group of algorithms, it is possible to verify data consistency directly by comparing the eigenvalues of the plaintext and ciphertext without accessing the original data (i.e., under ciphertext-only conditions). This can be used for tamper resistance, non-repudiation, and quality traceability. Additionally, the eigenvalue can serve as a ciphertext index, enabling searchable encryption. This scheme completes a piece of the puzzle in homomorphic encryption. Keywords: Privacy Computing, Data Consistency, Searchable Encryption, Zero-Knowledge Proof, Feature Homomorphism

Cryptography and Security

Joohee Lee,Sangrae Cho,Soohyung Kim,Saerom Park

DOI: https://doi.org/10.1007/s10207-024-00941-w

2024-11-28

International Journal of Information Security

Abstract:In the current landscape of cloud-based data storage and analysis, concerns about data privacy and integrity have become more and more prevalent. Homomorphic encryption is a promising technology for preserving privacy by enabling computations on encrypted data while maintaining the confidentiality of sensitive information. However, relying solely on HE may pose challenges in ensuring the integrity of data and computation, which necessitates the verification of outsourced computations for users. In this paper, we propose a generic solution for verifiable computation over encrypted data. Our solution is based on a lattice-based approximate homomorphic encryption scheme with an MPC-in-the-Head style zero-knowledge proof system. We demonstrate that a user provided with a third party's certification of the computed function can verify the homomorphic evaluation over encrypted data. In the experiment, we provide a proof-of-concept implementation of our algorithms for privacy-preserving machine learning including regression, classification and validation. Our solution is post-quantum and can be extended to various scenarios such as privacy-preserving machine learning.

computer science, information systems, theory & methods, software engineering

Michael Naehrig,Kristin Lauter,Vinod Vaikuntanathan

DOI: https://doi.org/10.1145/2046660.2046682

2011-01-01

Abstract:The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted. In fact, we now know a number of constructions of fully homomorphic encryption schemes that allow arbitrary computation on encrypted data. In the last two years, solutions for fully homomorphic encryption have been proposed and improved upon, but it is hard to ignore the elephant in the room, namely efficiency -- can homomorphic encryption ever be efficient enough to be practical? Certainly, it seems that all known fully homomorphic encryption schemes have a long way to go before they can be used in practice. Given this state of affairs, our contribution is two-fold. First, we exhibit a number of real-world applications, in the medical, financial, and the advertising domains, which require only that the encryption scheme is "somewhat" homomorphic. Somewhat homomorphic encryption schemes, which support a limited number of homomorphic operations, can be much faster, and more compact than fully homomorphic encryption schemes. Secondly, we show a proof-of-concept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the "ring learning with errors" (Ring LWE) problem. The scheme is very efficient, and has reasonably short ciphertexts. Our unoptimized implementation in magma enjoys comparable efficiency to even optimized pairing-based schemes with the same level of security and homomorphic capacity. We also show a number of application-specific optimizations to the encryption scheme, most notably the ability to convert between different message encodings in a ciphertext.

Yi Lu,Keisuke Hara,Keisuke Tanaka

DOI: https://doi.org/10.1109/access.2022.3197634

IF: 3.9

2022-09-04

IEEE Access

Abstract:A homomorphic encryption (HE) scheme is an advanced encryption technology which allows any user receiving ciphertexts to perform computations over them in a public manner. An important application of an HE scheme is a private delegating computation where clients encrypt their secret data, send the ciphertexts to a (computationally powerful) server who perform computations over encrypted data. In this application, one of the crucial problems is that the delegated server might be not trusted one and in this case, we cannot believe that a server always returns correct computation results. To solve this problem, Lai et al. (ESORICS 2014) proposed a verifiable homomorphic encryption (VHE) as a core primitive realizing private and verifiable secure delegating computation. However, their VHE scheme only supports homomorphic evaluation over ciphertexts generated by a single user. In this paper, we propose a formalization and its construction of multi-key verifiable homomorphic encryption (MVHE), which is a new cryptographic primitive for realizing private and verifiable delegated computation in the multi-client setting. Our construction can be obtained by combining a multi-key homomorphic encryption scheme and a multi-key homomorphic encrypted authentication scheme, which is also a new primitive provided in this work.

computer science, information systems,telecommunications,engineering, electrical & electronic

Vasily Sidorov,Ethan Yi Fan Wei,Wee Keong Ng

DOI: https://doi.org/10.48550/arXiv.2202.02960

2022-02-07

Cryptography and Security

Abstract:Oblivious data processing has been an on and off topic for the last decade or so. It provides great opportunities for secure data management and processing, especially in the cloud. At the same time, modern computing resources seem to be affordable enough to allow for practical use of homomorphic cryptography. Yet, the availability of products that offer practical homomorphic data processing is extremely scarce. As part of a project aimed at developing a practical homomorphic data management platform, we have conducted an extensive study of homomorphic cryptosystems' performance, the results of which are presented in this work. For this work we chose the following five cryptosystems: fully homomorphic HElib and SEAL, somewhat fully homomorphic PyAono, and partially homomorphic Paillier and ElGamal. In the discussion of the aggregated results, we suggest that partially homomorphic cryptosystems could be used today in certain practical applications, whereas time has not yet come for the fully homomorphic ones.

S. Liu,K. Chem

2012-01-01

Abstract:Proof of Retrievability (POR) refers to interactive auditing protocols executed between a storage server and clients, so that clients can be convinced that their data is available at the stor- age server, ready to be retrieved when needed. In an interactive POR protocol, clients initiate challenges to the server, and the server feed- backs responses to clients with the help of the stored data. Retriev- ability means that it should be possible for a client to extract his/her data from the server's valid responses. An essential step leading to retrievability is the server's unforgeability of valid responses, i.e, any server coming up with valid responses to a client's challenges is ac- tually storing the client's data with overwhelming probability. Un- forgeability can be achieved with authentication schemes like MAC, Digital Signature, etc. With Homomorphic Linear Authentication (HLA) schemes, the server's several responses can be aggregated into one, hence reducing the communication complexity. In this paper, we explore some new constructions of ǫ-almost strong universal hash- ing functions (ǫ-ASU2), which are used to build homomorphic linear authenticator schemes in POR to provide unforgeability. We show the HLA scheme involved in Shacham and Waters' POR scheme (see Shacham and Waters, 2008) is just an employment of a class ǫ-ASU2 functions. Using another class of ǫ-ASU2 for authentication in POR results in a new HLA scheme, which enjoys unforgability, the same shortest responses as the SW scheme, but reduces the local storage from O(n+s) to O(n) for information soundness, and from O(s) to O(1) for knowledge-soundness.

Shengli Liu,Kefei Chen

DOI: https://doi.org/10.1109/INCoS.2011.101

2011-01-01

Abstract:In a proof of retrievability (POR) system, interactive POR protocols are executed between a storage server and clients, so that clients can be convinced that their data is available at the storage server, ready to be retrieved when needed. In an interactive POR protocol, clients initiate challenges to the server, and the server feedbacks responses to clients with input of the stored data. Retrievability means that it should be possible for a client to extract the his/her data from the server's valid responses. An essential step-stone leading to retrievability is server's unforgeability of valid responses, i.e, any server coming up valid responses to a client's challenges is actually storing the client's data with overwhelming probability. Unforgeability can be achieved with authentication schemes like MAC, Digital Signature, etc. With homomorphic linear authentication schemes, the authenticators can be aggregated into one tag for the challenges, hence reducing the communication complexity. In this paper, we explore some new homomorphic linear authenticator schemes in POR to provide unforgeability. Compared with the recent work of Shacham and Waters, our scheme enjoys the same shortest responses, but reduces the local storage from O(s) to O(1).

Qi Wang,Dehua Zhou,Yanling Li

DOI: https://doi.org/10.48550/arXiv.1812.00599

2018-12-03

Cryptography and Security

Abstract:With the rapid development of cloud computing, the privacy security incidents occur frequently, especially data security issues. Cloud users would like to upload their sensitive information to cloud service providers in encrypted form rather than the raw data, and to prevent the misuse of data. The main challenge is to securely process or analyze these encrypted data without disclosing any useful information, and to achieve the rights management efficiently. In this paper, we propose the encrypted data processing protocols for cloud computing by utilizing additively homomorphic encryption and proxy cryptography. For the traditional homomorphic encryption schemes with many limitations, which are not suitable for cloud computing applications. We simulate a cloud computing scenario with flexible access control and extend the original homomorphic cryptosystem to suit our scenario by supporting various arithmetical calculations. We also prove the correctness and security of our protocols, and analyze the advantages and performance by comparing with some latest works.

Fangguo Zhang,Xu Ma,Shengli Liu

DOI: https://doi.org/10.1016/j.ins.2014.07.017

IF: 8.1

2014-01-01

Information Sciences

Abstract:The rise of cloud computing and the proliferation of mobile devices make computation outsourcing popular. However, the servers are not fully trusted, and a critical problem is the verifiability and privacy of such computations. Although some computation outsourcing schemes provided a general method, the complicated cryptographic tools involved result in great inefficiency. The existing efficient computation outsourcing schemes however aim only at a specific computation task, lacking in generality. In this paper, we show how to construct a generic outsourcing computation scheme for inverting a class of homomorphic functions with computation disequilibrium. Extensive analysis shows that many cryptographic computations fall into this category. The formal security analysis proves that our scheme satisfies verifiability, input and output privacy in information-theoretic sense. Since the construction of our scheme tactfully takes advantage of the intrinsic property of the computation task being outsourced, no public key operations are used in the scheme, thus our solution clearly outperforms the existing schemes in terms of efficiency. In addition, we instantiate our generic construction with concrete examples, and the experimental result testifies the efficiency of our construction.

ZhenHua Chen,WeiGuo Zhang,ShunDong Li,DaoShun Wang,Qiong Huang

DOI: https://doi.org/10.3969/j.issn.0372-2112.2017.05.013

2017-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Secure multiparty computation of set membership is significant to privacy-preserving data mining,data query,etc.In this paper,we first transform the original problem into the one-time evaluation problem for polynomial,and then construct four protocols.We design the trivial protocol 1 using homomorphic encryption and construct the efficient protocol 2 using discrete logarithm instead of encryption,which is very concise.Lastly,according to the different application scenarios,we also propose protocol 3 and protocol 4:the former can be used to outsource computation in cloud computing environment;the latter can be used for public secure computation against repudiation.The analysis and comparison show that our protocols are more efficient and concise than previously known.

Alexander Viand,Anwar Hithnawi,C. Knabenhans

DOI: https://doi.org/10.48550/arXiv.2301.07041

2023-01-17

Abstract:Fully Homomorphic Encryption (FHE) is seeing increasing real-world deployment to protect data in use by allowing computation over encrypted data. However, the same malleability that enables homomorphic computations also raises integrity issues, which have so far been mostly overlooked. While FHEs lack of integrity has obvious implications for correctness, it also has severe implications for confidentiality: a malicious server can leverage the lack of integrity to carry out interactive key-recovery attacks. As a result, virtually all FHE schemes and applications assume an honest-but-curious server who does not deviate from the protocol. In practice, however, this assumption is insufficient for a wide range of deployment scenarios. While there has been work that aims to address this gap, these have remained isolated efforts considering only aspects of the overall problem and fail to fully address the needs and characteristics of modern FHE schemes and applications. In this paper, we analyze existing FHE integrity approaches, present attacks that exploit gaps in prior work, and propose a new notion for maliciously-secure verifiable FHE. We then instantiate this new notion with a range of techniques, analyzing them and evaluating their performance in a range of different settings. We highlight their potential but also show where future work on tailored integrity solutions for FHE is still required.

Xiaotong Li,Hao Wang,Zhi Li,Lei Wu,Xiaochao Wei,Ye Su,Rongxing Lu

DOI: https://doi.org/10.1109/tsc.2024.3380258

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Although secure multi-party computation breaks down data barriers, its utility is reduced when participants have limited computation and communication resources. To make secure multi-party computation more practical, there exists an approach to distribute users' private inputs to multiple servers in a secret sharing manner, and the servers accomplish secure computation tasks through interaction. We propose a new secure computation framework that enables the detection of malicious cloud servers by introducing homomorphic MACs. We utilize pairing-based homomorphic commitments to record MACs on a bulletin board, providing public verifiability while reducing the computation burden on the cloud servers. Additionally, our framework not only supports the underlying general computation, but also prepares for various types of nontrivial high-level operations, such as comparison and bit decomposition. We design a smart payment platform enabling fair payment with the help of smart contracts to protect the rights of both data owners and cloud service providers. Compared to previous works, our framework breaks the limitations of servers being restricted to semi-honest or even honest and provides public verifiability. Performance evaluations demonstrate satisfactory computation and communication efficiency during the online phase of our system.

computer science, information systems, software engineering

Xingkai Wang,Zhenfu Cao,Zhen Liu,Kaitai Liang

DOI: https://doi.org/10.1007/978-3-031-17146-8_6

2022-01-01

Abstract:Gordon et al. (TCC 2015) systematically studied the security of Multi-client Verifiable Computation (MVC), in which a set of computationally-weak clients outsource the computation of a general function f over their private inputs to an untrusted server. They introduced the universally composable (UC) security of MVC and proposed a scheme achieving UC-security, where the protocol remains secure after arbitrarily composed with other UC-secure instances. However, the clients in their scheme have to undertake the heavy computation overhead caused by fully homomorphic encryption (FHE) and further, the plaintext size is linear to the function input size. In this work, we propose a more efficient UC-secure multi-client privacy-preserving verifiable computation protocol, called MVOC, that sharply reduces amortized overheads for clients, in both semi-honest and malicious settings. In particular, our protocol achieves stronger outsourcability by outsourcing more computation to the server, so that it may be more friendly to those lightweight clients. More specifically, we revisit the definition of garbling scheme, and propose a novel garbled circuit protocol whose circuit randomness is non-interactively provided by multiple parties. We also realize the idea of hybrid homomorphic encryption, which makes the FHE plaintext size independent of the input size. We present the detailed proof and analyze the theoretical complexity of MVOC. We further implement our protocol and evaluate the performance, and the results show that, after adopting our new techniques, the computation and communication overheads during input phase can be decreased by 55.15%-68.05% and 62.55%-75% respectively.

Jing-Wen Zhang,Gang Xu,Xiu-Bo Chen,Yan Chang,Zhi-Chao Dong

DOI: https://doi.org/10.1016/j.physa.2022.128397

2022-12-09

Abstract:Quantum homomorphic encryption has obvious superiority in privacy protection. In this paper, we propose a improved multiparty quantum private comparison protocol based on quantum homomorphic encryption. Firstly, a trusted key center is introduced to securely assist the distribution of the encryption keys and update of decryption keys, while preventing a malicious server from launching an attack that announces a false result. It can significantly improve the security of the protocol while ensuring that all participants get the correct comparison results. Then, our protocol is different from the previous protocols that use the help of a semi-honest third-party. The third-party in our protocol can be almost dishonest and will faithfully perform the homomorphic evaluation on the encrypted data without decryption. Finally, by preparing single photons, multiple participants request homomorphic computations from an almost dishonest third-party in parallel and there is no need for detection of the decoy photon, which greatly reduces the consumption of quantum resources. In addition, the correctness of the protocol is verified by the IBM Q experimental platform.

Khoa Nguyen,Mindaugas Budzys,Eugene Frimpong,Tanveer Khan,Antonis Michalas

2024-09-10

Abstract:Machine Learning (ML) has become one of the most impactful fields of data science in recent years. However, a significant concern with ML is its privacy risks due to rising attacks against ML models. Privacy-Preserving Machine Learning (PPML) methods have been proposed to mitigate the privacy and security risks of ML models. A popular approach to achieving PPML uses Homomorphic Encryption (HE). However, the highly publicized inefficiencies of HE make it unsuitable for highly scalable scenarios with resource-constrained devices. Hence, Hybrid Homomorphic Encryption (HHE) -- a modern encryption scheme that combines symmetric cryptography with HE -- has recently been introduced to overcome these challenges. HHE potentially provides a foundation to build new efficient and privacy-preserving services that transfer expensive HE operations to the cloud. This work introduces HHE to the ML field by proposing resource-friendly PPML protocols for edge devices. More precisely, we utilize HHE as the primary building block of our PPML protocols. We assess the performance of our protocols by first extensively evaluating each party's communication and computational cost on a dummy dataset and show the efficiency of our protocols by comparing them with similar protocols implemented using plain BFV. Subsequently, we demonstrate the real-world applicability of our construction by building an actual PPML application that uses HHE as its foundation to classify heart disease based on sensitive ECG data.

Cryptography and Security

Xin Chen,Liang Feng Zhang

DOI: https://doi.org/10.1109/tifs.2023.3298258

IF: 7.231

2023-08-05

IEEE Transactions on Information Forensics and Security

Abstract:There are two main security concerns in outsourcing computations. One is how to protect the privacy of the outsourced data, and the other is how to ensure the correctness of the outsourced computations. Homomorphic secret sharing (HSS) schemes allow a client to store a set of private data on two servers and then offload a computation on the data to servers. Such schemes ensure that each individual server learns no information about the data. While HSS schemes that allow the client to use a secret key to verify the correctness of the computation results exist and relieve both security concerns, the current literature lacks a publicly verifiable HSS scheme for polynomial evaluations. In this paper, we consider a two-server publicly verifiable HSS (PVHSS) model, where any third party can use a public key to perform verifications. We propose both a basic construction and an improved construction of PVHSS for evaluating polynomials. Our PVHSS ensures that no single server is able to learn any information about the outsourced data or persuade the verifier to accept a wrong result. We also implement the proposed scheme. For polynomials of degree , our experiments show that: 1) the proposed PVHSS is - faster than the existing non-verifiable or privately verifiable HSS on the server-side; 2) the proposed PVHSS is friendly to resource-restricted clients and takes less than to reconstruct and verify the results.

computer science, theory & methods,engineering, electrical & electronic