Dongwon Lee,Yongsoo Song,Hyesun Kwak,Jinyeong Seo,Taechan Kim

DOI: https://doi.org/10.1145/3576915.3623176

2023-11-15

Abstract:Homomorphic Encryption (HE) is a cryptosytem that allows us to perform an arbitrary computation on encrypted data. The standard HE, however, has a disadvantage in that the authority is concentrated in the secret key owner since computations can only be performed on ciphertexts encrypted under the same secret key. To resolve this issue, research is underway on Multi-Key Homomorphic Encryption (MKHE), which is a variant of HE supporting computations on ciphertexts possibly encrypted under different keys. Despite its ability to provide privacy for multiple parties, existing MKHE schemes suffer from poor performance due to the cost of multiplication which grows at least quadratically with the number of keys involved. In this paper, we revisit the work of Chen et al. (ACM CCS 2019) on MKHE schemes from CKKS and BFV and significantly improve their performance. Specifically, we redesign the multi-key multiplication algorithm and achieve an asymptotically optimal complexity that grows linearly with the number of keys. Our construction relies on a new notion of gadget decomposition, which we call homomorphic gadget decomposition, where arithmetic operations can be performed over the decomposed vectors with guarantee of its functionality. Finally, we implement our MKHE schemes and demonstrate their benchmarks. For example, our multi-key CKKS multiplication takes only 0.5, 1.0, and 1.9 seconds compared to 1.6, 5.9, and 23.0 seconds of the previous work when 8, 16, and 32 keys are involved, respectively.

Mathematics,Computer Science

Lv Chen,Lingli Chen,Qin Li

DOI: https://doi.org/10.1016/j.tcs.2023.114067

IF: 1.002

2023-07-18

Theoretical Computer Science

Abstract:Quantum homomorphic encryption (QHE) which allows to perform operations on encrypted data is very useful for delegated quantum computing in quantum cloud environments. But most of current QHE schemes only consider the single-user and single-server model. To be more practical and suitable for quantum networks, multi-party QHE based on quantum voting is considered in this paper. Firstly, an improved quantum voting scheme is proposed to facilitate anonymous broadcast. Secondly, a multi-party QHE scheme is proposed based on the improved quantum voting scheme. The proposed QHE scheme becomes more practical and flexible due to the reduction of the cost of delegated quantum computation, which significantly contribute to broadening the applicability of QHE in quantum networks.

computer science, theory & methods

Renke He,Lingli Chen,Qin Li,Xiaoqing Tan,Lv Chen

DOI: https://doi.org/10.1088/2058-9565/ad7a9c

IF: 6.568

2024-09-14

Quantum Science and Technology

Abstract:Quantum homomorphic encryption (QHE) can allow directly computation on the encrypted data without need to decrypt it in advance. It is also necessary to provide another property of verifiability that the client should verify whether the evaluation result is correct. However, most existing QHE schemes do not consider it and only assume servers to be honest. In this paper, we propose a verifiable QHE (vQHE) scheme by using different types of circuits indistinguishable to the server, where the client can detect whether the server is honest or not by verifying the results of test circuits. Furthermore, by designing the gadgets to implement and test T gates and H gates in a non-interactive way for the used circuits, the proposed vQHE scheme does not require interaction during the process of evaluation. Thus the proposed vQHE scheme has the potential to make clients prefer to use it for protecting their private data in future quantum cloud environments.

physics, multidisciplinary,quantum science & technology

Alexander Viand,Anwar Hithnawi,C. Knabenhans

DOI: https://doi.org/10.48550/arXiv.2301.07041

2023-01-17

Abstract:Fully Homomorphic Encryption (FHE) is seeing increasing real-world deployment to protect data in use by allowing computation over encrypted data. However, the same malleability that enables homomorphic computations also raises integrity issues, which have so far been mostly overlooked. While FHEs lack of integrity has obvious implications for correctness, it also has severe implications for confidentiality: a malicious server can leverage the lack of integrity to carry out interactive key-recovery attacks. As a result, virtually all FHE schemes and applications assume an honest-but-curious server who does not deviate from the protocol. In practice, however, this assumption is insufficient for a wide range of deployment scenarios. While there has been work that aims to address this gap, these have remained isolated efforts considering only aspects of the overall problem and fail to fully address the needs and characteristics of modern FHE schemes and applications. In this paper, we analyze existing FHE integrity approaches, present attacks that exploit gaps in prior work, and propose a new notion for maliciously-secure verifiable FHE. We then instantiate this new notion with a range of techniques, analyzing them and evaluating their performance in a range of different settings. We highlight their potential but also show where future work on tailored integrity solutions for FHE is still required.

Xiaoliang Che,Longfei Liu,Baocang Wang,Yiliang Han,Xu An Wang,Xiaoyuan Yang,Tanping Zhou

DOI: https://doi.org/10.1016/j.jksuci.2023.101794

IF: 9.006

2023-10-12

Journal of King Saud University - Computer and Information Sciences

Abstract:Most previous RLWE-based multi-key homomorphic encryptions (MKHEs) need to perform complex relinearization operations on ciphertext products to complete the evaluation of circuits of bounded polynomial depth. In this process, many intermediate ciphertexts or keys are needed for computing, resulting in inefficient computing and redundant storage. We propose a more efficient RLWE-based MKHE without relinearization operations to squeeze the storage space provided for homomorphic computation. Firstly, a controllable factor is introduced into the party's ciphertexts, delineating the ciphertext as a component-like factor in preparation for concatenate operations. Secondly, we construct a tightened RGSW ciphertext extension algorithm that can be directly applied to the party's original ciphertext. The extended ciphertext no longer needs to be converted, so any conversion keys are no longer required. Again, by combining the concatenate and bit decomposition techniques, we construct new matching homomorphic computation algorithms, which ensure that the ciphertext product or sum is consistent in morphology with the extended ciphertext. The homomorphic multiplication algorithm allows the resultant ciphertext to directly participate in the next round of homomorphic operations without relinearization. Finally, we propose a specific RLWE-based MKHE scheme and provide the decryption process. Our analysis shows that our scheme guarantees IND-CPA security and performs efficient homomorphic computations correctly without relinearization operations.

computer science, information systems

Joohee Lee,Sangrae Cho,Soohyung Kim,Saerom Park

DOI: https://doi.org/10.1007/s10207-024-00941-w

2024-11-28

International Journal of Information Security

Abstract:In the current landscape of cloud-based data storage and analysis, concerns about data privacy and integrity have become more and more prevalent. Homomorphic encryption is a promising technology for preserving privacy by enabling computations on encrypted data while maintaining the confidentiality of sensitive information. However, relying solely on HE may pose challenges in ensuring the integrity of data and computation, which necessitates the verification of outsourced computations for users. In this paper, we propose a generic solution for verifiable computation over encrypted data. Our solution is based on a lattice-based approximate homomorphic encryption scheme with an MPC-in-the-Head style zero-knowledge proof system. We demonstrate that a user provided with a third party's certification of the computed function can verify the homomorphic evaluation over encrypted data. In the experiment, we provide a proof-of-concept implementation of our algorithms for privacy-preserving machine learning including regression, classification and validation. Our solution is post-quantum and can be extended to various scenarios such as privacy-preserving machine learning.

computer science, information systems, theory & methods, software engineering

Sylvain Chatel,Christian Knabenhans,Apostolos Pyrgelis,Carmela Troncoso,Jean-Pierre Hubaux

2024-06-04

Abstract:Homomorphic encryption, which enables the execution of arithmetic operations directly on ciphertexts, is a promising solution for protecting privacy of cloud-delegated computations on sensitive data. However, the correctness of the computation result is not ensured. We propose two error detection encodings and build authenticators that enable practical client-verification of cloud-based homomorphic computations under different trade-offs and without compromising on the features of the encryption algorithm. Our authenticators operate on top of trending ring learning with errors based fully homomorphic encryption schemes over the integers. We implement our solution in VERITAS, a ready-to-use system for verification of outsourced computations executed over encrypted data. We show that contrary to prior work VERITAS supports verification of any homomorphic operation and we demonstrate its practicality for various applications, such as ride-hailing, genomic-data analysis, encrypted search, and machine-learning training and inference.

Cryptography and Security

Fucai Luo,Haiyan Wang,Al-Kuwari Saif,Weihong Han

DOI: https://doi.org/10.1016/j.csi.2023.103742

2023-03-29

Abstract:Fully Homomorphic Encryption (FHE) is a powerful encryption system in cloud computing that allows homomorphic computations on encrypted data without decrypting them. Multi-key fully homomorphic encryption (MFHE), as an extension to FHE, allows homomorphic computations on ciphertexts encrypted under different keys. However, most MFHE schemes require a Common Random/Reference String (CRS), while the few that do not are based on the Learning With Errors (LWE) problem, which means that they can only deal with single bit plaintext. Consequently, MFHE schemes based on the Ring Learning With Errors (RLWE) problem are more desirable, as they can handle polynomial plaintext. Requiring the CRS seems to weaken the semantic definition of MFHE, where all users generate their own keys independently. In this paper, we study the RLWE-based MFHE in the CRS model and propose the first RLWE-based MFHE without a CRS. To this end, we remove the CRS by designing a relinearization algorithm without a CRS. Like previous MFHE schemes, our RLWE-based MFHE without CRS has a simple 1-round threshold decryption, which implies a 3-round secure MPC protocol in the plain model from the RLWE assumption.

computer science, software engineering, hardware & architecture

Yuzhu Wang,Xingbo Wang,Mingwu Zhang

DOI: https://doi.org/10.1002/nem.2303

2024-09-22

International Journal of Network Management

Abstract:We proposed and constructed homomorphic witness encryption, which allows evaluating functions over ciphertexts of the same instance without decryption. Furthermore, we show its interesting applications, such as homomorphic time‐lock encryption, multi‐party contract signing, and e‐voting. In witness encryption (WE), an instance x of an NP problem is allowed to be used to encrypt a message, and who holding a witness of the problem can efficiently decrypt the ciphertext. In this work, we put forth the concept of homomorphic witness encryption (HWE), where one can evaluate functions over ciphertexts of the same instance without decrypting them, that is, one can manipulate a set of ciphertexts with messages (M1,⋯,Mn) to obtain the evaluation of f(M1,⋯,Mn) , for any function f . We declare that such homomorphic witness encryption schemes can be generically constructed from indistinguishable obfuscation (iO ) for any classes of functions. Then we propose the instantiate of multiplicatively homomorphic witness encryption (MHWE) and linearly homomorphic witness encryption (LHWE) using an iO , homomorphic encryption for NP problems such as Subset‐Sum and a batch‐processed GS‐proof system, which enables us to evaluate multiplication operations and linear operations over ciphertext. Furthermore, we show the practicality of homomorphic witness encryption by proposing new protocols for applications of interest, such as homomorphic time‐lock encryption, multi‐party contract signing, and e‐voting.

computer science, information systems,telecommunications

Shimin Li,Xin Wang,Rui Zhang

DOI: https://doi.org/10.1007/978-3-319-94289-6_7

2018-01-01

Abstract:Homomorphic Message Authentication Code (MAC) allows a user to outsource data to an untrusted server and verify that results of computation on the data returned by the server are correct. Recently, much effort has been independently focused on whether a homomorphic MAC scheme supports data confidentiality or the authenticators can be efficiently verified. In this paper, we address the question of whether it is possible for homomorphic MAC to simultaneously achieve both the privacy and the efficiency . The answer is affirmative and we propose a new cryptographic primitive, privacy-preserving homomorphic MACs with efficient verification that can guarantee the authenticator can not reveal the underlying message. More precisely, our contributions are three-fold: ( i ) we introduce the primitive of privacy-preserving homomorphic MAC (PHMAC) that provides both data confidentiality and efficient verification, ( ii ) We provide a PHMAC construction which supports homogeneous polynomials, and demonstrate it shows high efficiency, ( iii ) We investigate how our PHMAC primitive with efficient verification can be employed to homomorphic authenticator-encryption and verifiable computation.

Jiachen Shen,Yekang Zhao,Shitao Huang,Yongjun Ren

DOI: https://doi.org/10.3390/electronics13224478

IF: 2.9

2024-11-20

Electronics

Abstract:Federated learning avoids centralizing data in a central server by distributing the model training process across devices, thus protecting privacy to some extent. However, existing research shows that model updates (e.g., gradients or weights) exchanged during federated learning may still indirectly leak sensitive information about the original data. Currently, single-key homomorphic encryption methods applied in federated learning cannot solve the problem of privacy leakage that may be caused by the collusion between the participant and the federated learning server, whereas existing privacy-preserving federated learning schemes based on multi-key homomorphic encryption in semi-honest environments have deficiencies and limitations in terms of security and application conditions. To this end, this paper proposes a privacy-preserving federated learning scheme based on multi-key fully homomorphic encryption to cope with the potential risk of privacy leakage in traditional federated learning. We designed a multi-key fully homomorphic encryption scheme, mMFHE, that encrypts by aggregating public keys and requires all participants to jointly participate in decryption sharing, thus ensuring data security and privacy. The proposed privacy-preserving federated learning scheme encrypts the model updates through multi-key fully homomorphic encryption, ensuring confidentiality under the CRS model and in a semi-honest environment. As a fully homomorphic encryption scheme, mMFHE supports homomorphic addition and homomorphic multiplication for more flexible applications. Our security analysis proves that the scheme can withstand collusive attacks by up to N−1 users and servers, where N is the total number of users. Performance analysis and experimental results show that our scheme reduces the complexity of the NAND gate, which reduces the computational load and improves the efficiency while ensuring the accuracy of the model.

engineering, electrical & electronic,computer science, information systems,physics, applied

Sajjad Akherati,Yok Jye Tang,Xinmiao Zhang

2024-10-17

Abstract:Homomorphic encryption (HE) allows computations to be directly carried out on ciphertexts and is essential to privacy-preserving computing, such as neural network inference, medical diagnosis, and financial data analysis. Only addition and 2-input multiplication are defined over ciphertexts in popular HE schemes. However, many HE applications involve non-linear functions and they need to be approximated using high-order polynomials to maintain precision. To reduce the complexity of these computations, this paper proposes 3-input ciphertext multiplication. One extra evaluation key is introduced to carry out the relinearization step of ciphertext multiplication, and new formulas are proposed to combine computations and share intermediate results. Compared to using two consecutive 2- input multiplications, computing the product of three ciphertexts utilizing the proposed scheme leads to almost a half of the latency, 29% smaller silicon area, and lower noise without scarifying the throughput.

Cryptography and Security,Hardware Architecture

Guowen Xu,Guanlin Li,Shangwei Guo,Tianwei Zhang,Hongwei Li

DOI: https://doi.org/10.48550/arXiv.2207.04604

2022-07-11

Abstract:Decentralized deep learning plays a key role in collaborative model training due to its attractive properties, including tolerating high network latency and less prone to single-point failures. Unfortunately, such a training mode is more vulnerable to data privacy leaks compared to other distributed training frameworks. Existing efforts exclusively use differential privacy as the cornerstone to alleviate the data privacy threat. However, it is still not clear whether differential privacy can provide a satisfactory utility-privacy trade-off for model training, due to its inherent contradictions. To address this problem, we propose D-MHE, the first secure and efficient decentralized training framework with lossless precision. Inspired by the latest developments in the homomorphic encryption technology, we design a multiparty version of Brakerski-Fan-Vercauteren (BFV), one of the most advanced cryptosystems, and use it to implement private gradient updates of users'local models. D-MHE can reduce the communication complexity of general Secure Multiparty Computation (MPC) tasks from quadratic to linear in the number of users, making it very suitable and scalable for large-scale decentralized learning systems. Moreover, D-MHE provides strict semantic security protection even if the majority of users are dishonest with collusion. We conduct extensive experiments on MNIST and CIFAR-10 datasets to demonstrate the superiority of D-MHE in terms of model accuracy, computation and communication cost compared with existing schemes.

Cryptography and Security

Jun Zhang,Zoe L.Jiang,Ping Li,Siu Ming Yiu

DOI: https://doi.org/10.1016/j.ins.2021.06.017

IF: 8.1

2021-10-01

Information Sciences

Abstract:<p>Preparing large amounts of training data is the key to the success of machine learning. Due to the public's concern about individual privacy, different techniques are proposed to achieve privacy preserving machine learning. Homomorphic encryption enables calculation on encrypted data in the cloud. However, current schemes either focus on single key or a specific algorithm. Cooperation between different institutions is quite common in this era of big data. Encrypting data from different institutions under one single key is a risk to data privacy. Moreover, constructing secure scheme for a specific machine learning algorithm lacks universality. Based on an additively homomorphic encryption supporting one multiplication, we propose a general multikey computing framework to execute common arithmetic operations on encrypted data such as addition, multiplication, comparison, sorting, division and etc. Our scheme can be used to run different machine learning algorithms. Our scheme is proven to be secure against semi-honest attackers and the experimental evaluations demonstrate the practicality of our computing framework.</p>

computer science, information systems

Zengpeng Li,Chunguang Ma,Eduardo Morais,Gang Du

DOI: https://doi.org/10.1007/978-3-319-54705-3_14

2016-01-01

Abstract:Fully Homomorphic Encryption (\(\mathsf {FHE}\)) is a cryptographic primitive that allows computing over encrypted data without decrypting the corresponding ciphertexts. In general, existing \(\mathsf {FHE}\) schemes can be achieved using standard Learning with Errors (\(\mathsf {LWE}\)) assumption and most of the schemes are single-bit encryption. Hence, the construction of multi-bit \(\mathsf {FHE}\) with high efficiency remains an open problem in cryptography. In this paper, we propose multi-bit versions of Public Key Encryption (\(\mathsf {PKE}\)) via the dual \(\mathsf {LWE}\)-based firstly proposed by Gentry, Peikert, and Vaikuntanathan at STOC 2008. We initially develop an universal construction derived from a general structure of the underlying combined public matrix for constructing the multi-bit version which increases the size of ciphertexts linearly. Then, utilizing multi-bit \(\mathsf {PKE}\) scheme as building block, we propose a new multi-bit \(\mathsf {FHE}\) scheme under the assumption of decisional \(\mathsf {LWE}\) is hard and prove the scheme is \(\textsc {IND-CPA}\)-secure.

Sinan Wang,Changgen Peng,Xinxin Deng,Zongfeng Peng,Qihong Chen

DOI: https://doi.org/10.3390/electronics13122378

IF: 2.9

2024-06-19

Electronics

Abstract:(n,m,t)-Homomorphic Secret Sharing (HSS) allows n clients to share data secretly to m servers, which compute a function f homomorphically on the received secretly shared data while restricting the input data acquired by a collection of t servers to private ones. In Verifiable Homomorphic Secret Sharing (VHSS), if there are partially colluding malicious servers submitting erroneous computation results to the client, such erroneous computation results will be rejected by the client. In traditional static homomorphic secret sharing schemes, once a secret share of raw data is assigned to a group of servers, then all servers in the group must participate in the computation, which means that the computation has to be restarted once some servers fail to perform the task. In order to solve the above problem, we propose the first dynamic homomorphic secret sharing scheme for additive computation in this paper. In our scheme, once some servers fail, there is no need to recalculate the secret sharing but only the need to reissue the index set of servers that perform the computation, Our structure assigns more computation to the servers, which is very useful in real scenarios. In addition, we propose dynamic verifiable homomorphic secret sharing schemes based on the above schemes, which have less computational overhead compared to the existing schemes, although we sacrifice the public verifiability property. Finally, we give a detailed correctness, security, and verifiability analysis of the two proposed schemes and provide the theoretical and experimental evaluation results of the computational overhead.

engineering, electrical & electronic,computer science, information systems,physics, applied

Michael Naehrig,Kristin Lauter,Vinod Vaikuntanathan

DOI: https://doi.org/10.1145/2046660.2046682

2011-01-01

Abstract:The prospect of outsourcing an increasing amount of data storage and management to cloud services raises many new privacy concerns for individuals and businesses alike. The privacy concerns can be satisfactorily addressed if users encrypt the data they send to the cloud. If the encryption scheme is homomorphic, the cloud can still perform meaningful computations on the data, even though it is encrypted. In fact, we now know a number of constructions of fully homomorphic encryption schemes that allow arbitrary computation on encrypted data. In the last two years, solutions for fully homomorphic encryption have been proposed and improved upon, but it is hard to ignore the elephant in the room, namely efficiency -- can homomorphic encryption ever be efficient enough to be practical? Certainly, it seems that all known fully homomorphic encryption schemes have a long way to go before they can be used in practice. Given this state of affairs, our contribution is two-fold. First, we exhibit a number of real-world applications, in the medical, financial, and the advertising domains, which require only that the encryption scheme is &quot;somewhat&quot; homomorphic. Somewhat homomorphic encryption schemes, which support a limited number of homomorphic operations, can be much faster, and more compact than fully homomorphic encryption schemes. Secondly, we show a proof-of-concept implementation of the recent somewhat homomorphic encryption scheme of Brakerski and Vaikuntanathan, whose security relies on the &quot;ring learning with errors&quot; (Ring LWE) problem. The scheme is very efficient, and has reasonably short ciphertexts. Our unoptimized implementation in magma enjoys comparable efficiency to even optimized pairing-based schemes with the same level of security and homomorphic capacity. We also show a number of application-specific optimizations to the encryption scheme, most notably the ability to convert between different message encodings in a ciphertext.

Oumaima Chakir,Yousra Belfaik,Yassine Sadqi

DOI: https://doi.org/10.1080/07366981.2023.2301832

2024-01-16

EDPACS

Abstract:Despite the need for data from multiple sources in machine learning, privacy constraints limit data sharing. Federated Learning (FL) addresses this by allowing clients to share locally trained model parameters without disclosing sensitive data, however, recent research highlights data leakage risks. This paper investigates multi-key fully homomorphic encryption, specifically MK-CKKS, to enhance data privacy in FL. The study demonstrates MK-CKKS's effectiveness in protecting model parameters transmission and preventing external access to private information. Nonetheless, precautions are needed during decryption, as vulnerabilities may allow the aggregator server and external adversaries to infer personal data from shared partial descriptions, impacting the client's data privacy and security.

Xin Chen,Liang Feng Zhang

DOI: https://doi.org/10.1109/tifs.2023.3298258

IF: 7.231

2023-08-05

IEEE Transactions on Information Forensics and Security

Abstract:There are two main security concerns in outsourcing computations. One is how to protect the privacy of the outsourced data, and the other is how to ensure the correctness of the outsourced computations. Homomorphic secret sharing (HSS) schemes allow a client to store a set of private data on two servers and then offload a computation on the data to servers. Such schemes ensure that each individual server learns no information about the data. While HSS schemes that allow the client to use a secret key to verify the correctness of the computation results exist and relieve both security concerns, the current literature lacks a publicly verifiable HSS scheme for polynomial evaluations. In this paper, we consider a two-server publicly verifiable HSS (PVHSS) model, where any third party can use a public key to perform verifications. We propose both a basic construction and an improved construction of PVHSS for evaluating polynomials. Our PVHSS ensures that no single server is able to learn any information about the outsourced data or persuade the verifier to accept a wrong result. We also implement the proposed scheme. For polynomials of degree , our experiments show that: 1) the proposed PVHSS is - faster than the existing non-verifiable or privately verifiable HSS on the server-side; 2) the proposed PVHSS is friendly to resource-restricted clients and takes less than to reconstruct and verify the results.

computer science, theory & methods,engineering, electrical & electronic

Gang Xu,Fan Yun,Xiu-Bo Chen,Shiyuan Xu,Jingzhong Wang,Tao Shang,Yan Chang,Mianxiong Dong

DOI: https://doi.org/10.32604/iasc.2022.028264

2022-01-01

Abstract:Secure multi-party computation has been playing a fundamental role in terms of classical cryptography. Quantum homomorphic encryption (QHE) could compute the encrypted data without decryption. At present, most protocols use a semi-honest third party (TP) to protect participants’ secrets. We use a quantum homomorphic encryption scheme instead of TP to protect the privacy of parties. Based on quantum homomorphic encryption, a secure multi-party quantum summation scheme is proposed in which N participants can delegate a server with strong quantum computing power to assist computation. By delegating the computation and key update processes to a server and a semi-honest key center, participants encrypt their private information data using Pauli operators to get the sum. Besides, the server can design and optimize the summation lines itself, and the correct results can be obtained even if the secret information is negative. The correctness analysis showed that the participants could correctly obtain the results of the calculation. The security analysis proves the scheme is resistant to both outside attack and participant’s attack, and is secure against collusive attack by up to N-2 participants. From the theoretical point of view, our protocol can extend to other secure multi-party computing problems.

automation & control systems,computer science, artificial intelligence