Gang Du,Chunguang Ma,Zengpeng Li,Ding Wang

DOI: https://doi.org/10.1007/978-3-319-68542-7_21

2017-01-01

Abstract:Despite the convenience brought by cloud computing, internet users, meanwhile, are faced with risks of data theft, tampering, forgery, etc. Fully homomorphic encryption (FHE) has the ability to deal with the ciphertext directly, which can solve the problem of data security in cloud computing. Therefore, fully homomorphic encryption (FHE) has been widely used in cloud computing as well as multiparty computing, functional encryption and private information retrieval, etc. However, previous FHE schemes are based on standard (ring) learning with errors (LWE) assumption and the most typical schemes were created by Brakerski (CRYPTO2012) and Gentry-Sahai-Waters (GSW) (CRYPTO2013). Moreover, inspired by the work of Li et al. at ICPADS2016, they made use of Brakerski's scale-invariant technology and constructed a new FHE scheme with errorless key switching under Dual-First-is-errorless LWE (Dual-Ferr. LWE) problem. Hence, armed with Li et al.'s work, in this paper, we use Gentry-Peikert-Vaikuntanathan's scheme (i.e., under dual LWE assumption) as building block to construct a FHE scheme. Lastly, under the assumption of decisional learning with errors (LWE), we prove that our scheme is CPA (chosen-plaintext-attack) secure.

REN Fule,ZHU Zhixiang,WANG Xiong

DOI: https://doi.org/10.3969/j.issn.1007-3264.2013.03.023

2013-01-01

Abstract:In order to target the data security issues of cloud computing system,by introducing fully homomorphism encryption algorithm in the cloud computing data security,a new kind of data security solution to the insecurity of the cloud computing is proposed and the scenarios of this application is hereafter constructed.This new security solution is fully fit for the processing and retrieval of the encrypted data,and effectively leading to the broad applicable prospect,the security of data transmission and the storage of the cloud computing.

Keke Gai,Meikang Qiu,Yujun Li,Xiao-Yang Liu

DOI: https://doi.org/10.1109/CSCloud.2017.61

2017-01-01

Abstract:The broad implementation of cloud computing have led to a dramatically growing in exchanging and using data throughout multiple parties. The main problem restricting the implementation of cloud computing is that users lack controls in cloud systems, from which security and privacy concerns become a major issue for cloud users. Logically, an applicable Fully Homomorphic Encryption (FHE) scheme is an effective solution to protecting data throughout the data usage lifecycle in the cloud system, due to the full control on users' own. However, there is no efficacious FHE scheme developed yet for meeting practical demands by the reason of either unqualified accuracy rate or intolerable latency time. Focus on this issue, we propose an advanced FHE scheme designed for operating real numbers, which is named as Full Homomorphic Encryption over Real Numbers (FHE-RN). Our approach has superb performances in both accuracy and efficiency, which has been proved by our experimental evaluations.

Keke Gai,Meikang Qiu

DOI: https://doi.org/10.1109/BigDataSecurity.2017.43

2017-01-01

Abstract:The expeditious expansion of the networking technologies have remarkably driven the usage of the distributedcomputing as well as services, such as task offloading to the cloud. However, security and privacy concerns are restricting the implementations of cloud computing because of the threats from both outsiders and insiders. The primary alternative of protecting users' data is developing a Fully Homomorphic Encryption (FHE) scheme, which can cover both data protections and data processing in the cloud. Despite many previous attempts addressing this approach, none of the proposed work can simultaneously satisfy two requirements that include the non-noise accuracy and an efficiency execution. This paper focuses on the issue of FHE design and proposes a novel FHE scheme, which is called Optimal Fully Homomorphic Encryption (O-FHE). Our approach utilizes the properties of the Kronecker Product (KP) and designs a mechanism of achieving FHE, which consider both accuracy and efficiency. We have assessed our scheme in both theoretical proofing and experimental evaluations with the confirmed and exceptional results.

Tao Li,Xiaojun Ye,Jianmin Wang

DOI: https://doi.org/10.1145/2430475.2430493

2012-01-01

Abstract:To achieve a trustworthy cloud data service, there is a need to both provide the right services from a security engineering perspective, as well as to allows specific types of computations to be carried out on encrypted cloud data. However, traditional encryption solutions can't be used to process outsourcing encrypted data hosting to an untrusted cloud provider. A novel encryption scheme, called fully homomorphic encryption (FHE), could afford the circuit ability over encrypted data without decrypting it. In this paper, we deliver a universal construction framework for fully homomorphic encryption schemes. At first, this framework initializes a somewhat homomorphic encryption scheme based on the concept of metric space in abstract algebra which encodes the plaintext into a offset vector and generates a ciphertext by adding the offset vector to a random eigenvector in the metric space. As an abelian group, the ring is closed under addition and multiplication, this abstract algebra assume the metric space could forma ring and the eigenvectors belong to an ideal of this ring, then this framework could achieve homomorphism by having the scheme live in rings. We also deduce some well-known fully homomorphic schemes from the construction framework, and propose a prototype with an FHE encryption proxy to solve confidentiality problems in cloud systems. At last, we show the performance of FHE with some experiments, and speed the performance of fully homomorphic encryption up with cloud computing (parallel computing, distribute computing, etc.). We also discuss some opening issues and directions for future fully homomorphic encryption researches.

Guangsheng Tu,Wenchao Liu,Tanping Zhou,Xiaoyuan Yang,Fan Zhang

DOI: https://doi.org/10.1109/access.2024.3384247

IF: 3.9

2024-04-12

IEEE Access

Abstract:Combining multi-key fully homomorphic encryption (MKFHE) and identity-based encryption (IBE) to construct multi-identity based fully homomorphic encryption (MIBFHE) scheme can not only realize homomorphic operations and flexible access control on identity ciphertexts but also reduce the burden of public key certification management. However, MKFHE schemes used to construct MIBFHE usually have complex construction and large computational complexity, which also causes the same problem for MIBFHE schemes. To solve this problem, we construct a concise and efficient MIBFHE scheme based on the learning with errors (LWE) problem. Firstly, we construct an MKFHE scheme using a new method called "the decomposition method". Secondly, we make a suitable deformation of the current IBE scheme. Finally, we combine the above MKFHE scheme with IBE scheme to construct our MIBFHE scheme and prove its IND-sID-CPA security under the LWE assumption in the random oracle model. The analysis results show that our MIBFHE scheme can generate the extended ciphertext directly from the encryption algorithm, without generating fresh ciphertext in advance. In addition, the noise expansion rate is reduced from the polynomial of lattice dimension n and modulus q to the constant K of the maximum number of users. The scale of introduced auxiliary ciphertexts is reduced from to when generating the extended ciphertext.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yuan Liu,Yun Pan,Lize Gu,Yuan Zhang,Dezhi An

DOI: https://doi.org/10.1155/2021/6656764

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Attribute-based encryption (ABE) is a good choice for one-to-many communication and fine-grained access control of the encryption data in a cloud environment. Fully homomorphic encryption (FHE) allows cloud servers to make valid operations on encrypted data without decrypting. Attribute-based fully homomorphic encryption (ABFHE) from lattices not only combines the bilateral advantages/facilities of ABE and FHE but also can resist quantum attacks. However, in the most previous ABFHE schemes, the growth of ciphertext size usually depends on the total number of system’s attributes which leads to high communication overhead and long running time of encryption and decryption. In this paper, based on the LWE problem on lattices, we propose an attribute-based fully homomorphic scheme with short ciphertext. More specifically, by classifying the system’s attributes and using the special structure matrix in MP12, we remove the dependency of ciphertext size on system’s attributes ℓ and the ciphertext size is no longer increased with the total number of system’s attributes. In addition, by introducing the function G−1 in the homomorphic operations, we completely rerandomize the error term in the new ciphertext and have a very tight and simple error analysis using sub-Gaussianity. Besides, performance analysis shows that when ℓ=2 and n=284 according to the parameter suggestion given by Micciancio and Dai et al., the size of ciphertext in our scheme is reduced by at least 73.3%, not to mention ℓ>2. The larger the ℓ, the more observable of our scheme. The short ciphertext in our construction can not only reduce the communication overhead but also reduce the running time of encryption and decryption. Finally, our scheme is proved to be secure in the standard model.

Hua Deng,Zheng Qin,Qianhong Wu,Zhenyu Guan,Robert H. Deng,Yujue Wang,Yunya Zhou

DOI: https://doi.org/10.1109/TIFS.2020.2985532

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the rapid development of cloud computing, an increasing number of individuals and organizations are sharing data in the public cloud. To protect the privacy of data stored in the cloud, a data owner usually encrypts his data in such a way that certain designated data users can decrypt the data. This raises a serious problem when the encrypted data needs to be shared to more people beyond those initially designated by the data owner. To address this problem, we introduce and formalize an identity-based encryption transformation (IBET) model by seamlessly integrating two well-established encryption mechanisms, namely identity-based encryption (IBE) and identity-based broadcast encryption (IBBE). In IBET, data users are identified and authorized for data access based on their recognizable identities, which avoids complicated certificate management in usual secure distributed systems. More importantly, IBET provides a transformation mechanism that converts an IBE ciphertext into an IBBE ciphertext so that a new group of users not specified during the IBE encryption can access the underlying data. We design a concrete IBET scheme based on bilinear groups and prove its security against powerful attacks. Thorough theoretical and experimental analyses demonstrate the high efficiency and practicability of the proposed scheme.

Lei Jiang,Lei Ju

DOI: https://doi.org/10.48550/arXiv.2203.00728

2022-03-02

Abstract:Fully Homomorphic Encryption (FHE) emerges one of the most promising solutions to privacy-preserving computing in an untrusted cloud. FHE can be implemented by various schemes, each of which has distinctive advantages, i.e., some are good at arithmetic operations, while others are efficient when implementing Boolean logic operations. Therefore, it is difficult for even cryptography experts let alone average users to choose the "right" FHE scheme to efficiently implement a specific application. Prior work only qualitatively compares few FHE schemes. In this paper, we present an empirical study, FHEBench, to quantitatively compare major FHE schemes

Cryptography and Security

Yanli Ren,Zhihua Niu,Xinpeng Zhang

2014-01-01

Abstract:In a broadcast encryption (BE) scheme, a broadcaster can encrypt a message for a set S of users who are listening to a broadcast channel. Most identity-based broadcast encryption (IBBE) schemes are not anonymous, which means the attacker can obtain the identities of all receivers from the ciphertext. Currently, anonymous IBBE schemes are only provably secure in the random oracle model. In this paper, we propose a fully anonymous IBBE scheme based on asymmetric bilinear groups, which is adaptive-ID secure without random oracles. Any attacker cannot get the identities of the receivers from the ciphertext, and each receiver is anonymous for any other receiver, and only the broadcaster knows the identities of all receivers. The scheme can simultaneously realize semantic security and recipient anonymity.

Yanli Ren,Dawu Gu

DOI: https://doi.org/10.1016/j.ipl.2009.01.017

IF: 0.851

2009-01-01

Information Processing Letters

Abstract:In broadcast encryption schemes, a broadcaster encrypts messages and transmits them to some subset S of users who are listening to a broadcast channel. Any user in S can use his private key to decrypt the broadcast. An identity based cryptosystem is a public key cryptosystem where the public key can be represented as an arbitrary string. In this paper, we propose the first identity based broadcast encryption (IBBE) scheme that is IND-ID-CCA2 secure without random oracles. The public key and ciphertext are constant size, and the private key size is linear in the total number of receivers. To the best of our knowledge, it is the first IBBE scheme that is fully CCA2 secure without random oracles. Moreover, our IBBE scheme is collusion resistant for arbitrarily large collusion of users.

Dan Wang,Bing Guo,Yan Shen,Shun-Jun Cheng,Yong-Hong Lin

DOI: https://doi.org/10.1109/icbda.2017.8078836

2017-01-01

Abstract:Nowadays privacy leakage related with big data spells big trouble for individuals. Generally, we provide data security and privacy protection through encrypted data but at the expense of usability. Fully homomorphic encryption allows to perform unlimited chaining of mathematical operations on encrypted data making it possible for some legal companies and institutions to use it. Compared to Gentry's scheme, fully homomorphic scheme over the integers can make complicated matters simplified but have not been widely applied due to the low efficiency. In this paper, a new improved FHE scheme based on DGHV scheme is proposed. We reduce the public key size significantly by introducing a pseudo-random number generator and encrypting with a cubic form rather than a linear form in the public key elements, which makes our scheme more efficient. Another part of our work is proving the scheme is semantically secure under the error-free approximate GCD problem. Finally, we propose a system model in purpose of illustrating the practical application of FHE scheme in big data.

Jianchang Lai,Fuchun Guo,Willy Susilo,Xinyi Huang,Peng Jiang,Futai Zhang

DOI: https://doi.org/10.1109/tsc.2021.3057197

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Broadcast encryption provides a promising technique of data access control for specified users in cloud computing. A data uploader can generate a ciphertext for a set of chosen users such that only the intended users are able to access the data. However, with the rapidly increasing of collaboration between users, it is desired to extend the receiver set to grant decryption right for more users. The existing broadcast encryption systems cannot support receiver extension. In this article, we for the first time take this problem into consideration and give a solution. We take the merits of identity-based cryptosystem and propose a notion of EIBBE: a flexible data access control with receiver extendable for cloud computing based on broadcast encryption. It allows the authorized user to extend the receiver set $S$ stated in the IBBE ciphertext by adding a new receiver set $S^{\prime }$ without re-encryption. Both the users in $S$ and $S^{\prime }$ can access the data successfully. Moreover, the data uploader determines the maximum number of extended receivers. We then give a concrete construction of EIBBE and provide a rigorous security analysis of our proposed scheme. Finally, we demonstrate the scheme's efficiency and feasibility.

Liang Hu,Zheli Liu,Xiaochun Cheng

DOI: https://doi.org/10.4304/jcp.5.3.331-336

2010-01-01

Journal of Computers

Abstract:We propose a new efficient identity-based broadcast encryption scheme without random oracles and prove that it achieves selective identity, chosen plaintext security. Our scheme is constructed based on bilinear Diffie-Hellman inversion assumption and it is a good efficient hybrid encryption scheme, which achieves O (1) - size ciphertexts, public parameters and constant size private keys. In our scheme, either ciphertexts or public parameters has no relation with the number of receivers, moreover, both the encryption and decryption only require one pairing computation. Compared with other identity-based broadcast encryption schemes, our scheme has comparable properties, but with a better efficiency.

NingBo Li,TanPing Zhou,XiaoYuan Yang,YiLiang Han,YuJuan Sun

DOI: https://doi.org/10.1080/02564602.2018.1531734

2018-01-01

IETE Technical Review

Abstract:The security of multimedia content and personal privacy for big data has triggered widespread concern in the society. Fully homomorphic encryption (FHE), which can homomorphically compute arbitrary functions on the encrypted data without knowing the secret key, is valuable in protecting user's data security. However, most of the FHE schemes only take single-bit of ciphertext as the input, which makes the evaluation process complicated. In EUROCRYPT'2015, Ducas and Micciancio proposed an FHE scheme FHEW with the plaintext space Z(2), and gave an assumption of extending the plaintext space to Z(t). In this paper, we optimize the decryption algorithm of FHEW in bootstrapping, and propose an FHE scheme with large plaintext space Z(t). Firstly, we optimize the rounding function of the decryption algorithm in FHEW to the msdExtract algorithm, which can homomorphically extract the most significant digit of the plaintext. Secondly, we design the msdExtract algorithm by employing the homomorphic accumulator, and present the process of general bootstrapping. Finally, based on the msdExtract algorithm, we extend the plaintext space of our scheme to Z(t), comparing to Z(2) in FHEW. The security of our scheme is based on the basic LWE scheme and FHEW. What's more, our scheme can perform the evaluation more conveniently with large plaintext space, and can be applied to more scenarios.

Tanping Zhou,Xiaoyuan Yang,Wei Zhang,Liqiang Wu

DOI: https://doi.org/10.1504/ijhpcn.2016.10001329

2016-01-01

International Journal of High Performance Computing and Networking

Abstract:Fully homomorphic encryption (FHE) has important applications in cloud computing. However, almost all fully homomorphic encryption schemes share two common flaws that they all use large-scale secret keys and some operations are inefficient. In this paper, the 'special b' variant of the learning with errors problem (bLWE) is presented, and helps us construct the first circularly secure key switching process which can replace the key switching process and similar re-linearisation process used by the existing FHE schemes. Then, we present an efficient FHE. Compared with Brakerski's scheme, our scheme reduces L secret keys to one and is more efficient. Finally, we prove the chosen-plaintext attack (CPA) security of the fully homomorphic scheme and the circular security of key switching process in standard model under the learning with errors problem (LWE) assumption.

Weiran Liu,Jianwei Liu,Qianhong Wu,Bo Qin,Yan Li

DOI: https://doi.org/10.1007/s10207-015-0287-8

2015-01-01

International Journal of Information Security

Abstract:We focus on practical Hierarchical Identity-Based Broadcast Encryption (HIBBE) with semantic security against adaptively chosen-ciphertext attacks (CCA2) in the standard model. We achieve this goal in two steps. First, we propose a new HIBBE scheme that is secure against chosen-plaintext attacks (CPA). Compared with the existing HIBBE scheme that is built from composite-order bilinear groups, our construction is based on prime-order bilinear groups. The much better efficiency of group operations in prime-order bilinear groups makes our proposed HIBBE scheme more practical. Then, we convert it into a CCA2-secure scheme at the cost of a one-time signature. Instead of extending one user hierarchy in the Canetti–Halevi–Katz approach from CPA-secure (\(l+1\))-Hierarchical Identity-Based Encryption [(\(l+1\))-HIBE] to CCA2-secure \(l\)-HIBE, our construction merely adds one on-the-fly dummy user in the basic scheme. We formally prove the security of these two schemes in the standard model. Comprehensive theoretical analyses and experimental results demonstrate that the proposed HIBBE schemes achieve desirable performance.

Huige Wang,Yuan Zhang,Kefei Chen,Guangye Sui,Yunlei Zhao,Xinyi Huang

DOI: https://doi.org/10.1016/j.ins.2019.06.028

IF: 8.1

2019-01-01

Information Sciences

Abstract:Cloud storage services provide data owners an efficient and flexible way to share data. Among the shared data, some of them are very sensitive, and should be prevented for any leakage. Should users conventionally encrypt the data, however, flexibly sharing is lost. Public-key encryption with access control (PEAC) resolves this tension. Most of existing PEAC schemes only support the data owner to control either the parts of data to be accessed by other users (file-based PEAC), or the membership of users that access the entire data set (receiver-based PEAC). However, in reality a PEAC scheme with both file-based and receiver-based functionalities is required to ensure the efficiency, flexibility, and fine-grainess of the data sharing service. In this paper, we introduce a primitive of functional broadcast encryption (FBE). FBE is a manifestation of PEAC that enables a data owner to share a set of data files to a group of users, where only a specific subset of data files can be accessed and decrypted by a specific subgroup of users. We describe a construction for FBE based on indistinguishability obfuscation (iO). Security analysis demonstrates that the proposed scheme achieves selective IND-CCA security, and a comprehensive performance analysis shows the proposed scheme is efficient.

Mengyu Zhang,Long Wang,Xiaoping Zhang,Yisong Wang,Wenhou Sun

DOI: https://doi.org/10.1109/icc51166.2024.10622837

2024-01-01

Abstract:Fully Homomorphic Encryption is a cryptographic scheme to prevent the privacy leakage of sensitive data. However, one challenge with FHE is the ciphertext comparison widely used in clustering, an important scheme used for data mining and analysis. In this paper, we create a series of ciphertext comparison functions by rewriting the comparison in HE-friendly operations and the Heaviside step function approximated by Chebyshev Polynomials. Furthermore, we solve the challenging ciphertext division through constructing a function whose root is the reciprocal of the divisor and applying Newton's method to ap-proximate the root. Then, we propose a fully privacy-preserving, effective and efficient clustering scheme based on our ciphertext comparison and division. Tests on various datasets show that our algorithm maintains nearly the same classification accuracy as vanilla k-means and significantly outperforms the baseline in terms of accuracy. We then optimize our scheme by batching over multiple records and multithreading, and the results show that our approach has a significant efficiency advantage. Compared with the state-of-the-art FHE-based privacy-preserving clustering scheme (SAC 2018), our algorithm is four orders of magnitude faster than theirs.

Xiaoqiang Sun,Jianping Yu,Ting Wang,Zhiwei Sun,Peng Zhang

DOI: https://doi.org/10.1002/sec.1685

IF: 1.968

2016-11-18

Security and Communication Networks

Abstract:<section class="article-section article-section__abstract" lang="en" data-lang="en" id="section-1-en"> <h3 class="article-section__header main main">Abstract</h3> <div class="article-section__content en main"> <p>Based on the learning with errors over rings (RLWE) assumption, a leveled fully homomorphic encryption (FHE) by the approximate eigenvector method under the same public key is proposed, which security can be reduced to the shortest vector problem on ideal lattices in the worst case. And the leveled FHE under different public keys is realized by the secret key switching without dimension reduction. Combine the public key of leveled FHE with the identity, we bring forward an efficient identity‐based leveled FHE scheme from the RLWE assumption. The security analysis shows that our identity‐based leveled FHE scheme is selective‐ID secure against chosen‐plaintext attacks in the random oracle model. And the efficiency analysis and simulation results show that the proposed identity‐based leveled FHE scheme is much more efficient than Gentry's and Wang's identity‐based cryptosystems based on the learning with errors assumption. Copyright © 2016 John Wiley & Sons, Ltd.</p>

computer science, information systems,telecommunications