Homomorphic Cryptography
Homomorphic Cryptography
Homomorphic Cryptography
April 4, 2014
B ASICS PARTIAL H OMOMORPHISM B OOTSTRAPPING C OMPLETE H OMOMORPHISM D EMO T HANK Y OU
S UMMARY
B ASICS
Homomorphic Encryption
Applications in Cloud Computing
More Definitions
Simple Schemes can be Homomorphic
PARTIAL H OMOMORPHISM
A Partial Homomorphic Scheme
Parameters
B OOTSTRAPPING
Bootsrappable Encryption
C OMPLETE H OMOMORPHISM
Basics
Keys
Cipher
Parameters
Functions
D EMO
B ASICS PARTIAL H OMOMORPHISM B OOTSTRAPPING C OMPLETE H OMOMORPHISM D EMO T HANK Y OU
H OMOMORPHIC E NCRYPTION
Definition
Homomorphic encryption is a form of encryption which allows specific types
of computations to be carried out on ciphertext and generate an encrypted re-
sult which, when decrypted, matches the result of operations performed on the
plaintext.
In simple words!!
Pi Plain text
f an ’n-ary’ function
B ASICS PARTIAL H OMOMORPHISM B OOTSTRAPPING C OMPLETE H OMOMORPHISM D EMO T HANK Y OU
F UNCTIONS
Homomorphic Cryptography
Normal Cryptography
KeyGen(λ)
KeyGen(λ)
Encrypt(p, pk)
Encrypt(p, pk)
Decrypt(c, sk)
Decrypt(c, sk)
Evaluate(< c1, ..cn >, f , pk)
I λ is the security parameter. It determines other
cryptographic parameters
I Evaluate takes a set of inputs, a circuit and the public key
and produces another cipher text.
I For correctness, Decrypt(Evaluate(< c1, ..cn >, f , pk))
should match f (< c1, ..cn >)
B ASICS PARTIAL H OMOMORPHISM B OOTSTRAPPING C OMPLETE H OMOMORPHISM D EMO T HANK Y OU
PARAMETERS
A LGORITHMS
Partial Homomorphic Scheme (simplified)
E VALUATE
Figure shows evaluation of boolean circuits with integer values
B ASICS PARTIAL H OMOMORPHISM B OOTSTRAPPING C OMPLETE H OMOMORPHISM D EMO T HANK Y OU
C ORRECTNESS
B OOTSRAPPABLE E NCRYPTION
G ENTRY ’ S C ONSTRUCTION
I As the cipher text grows up, noise increases.
I The only way, we can reduce noise is to decrypt, then
encrypt again.
G ENTRY ’ S C ONSTRUCTION
Let D be the decryption circuit. Wired with AND and XOR
gates.
Key Idea!
D takes Secret Key bits and Cipher Text bits, and produces the decrypted bit.
‘If instead of secret key and cipher text bits, an encrypted version of those are
provided, still the decryption is correct‘. But the output bit is still in encrypted
form.
B ASICS PARTIAL H OMOMORPHISM B OOTSTRAPPING C OMPLETE H OMOMORPHISM D EMO T HANK Y OU
R ECRYPT F UNCTION
So we have a function Recrypt, that performs the bootstrap.
Recrypt
C HALLENGES
I The Recrypt is an expensive operation, since it has to
encrypt each bit in the cipher text.
K EYS
Keys
I Keys are different now. 1/p is divided into some (θ) fractions (p1 , ..pθ ) such that
their sum is 1/p
I Private key is a vector s of large length (say Θ) but of hamming weight θ.
I With the public key, append vector Y of length Θ, it contains pi , in place of ith 1 in
s vector. All other positions of Y contains some random value.
B ASICS PARTIAL H OMOMORPHISM B OOTSTRAPPING C OMPLETE H OMOMORPHISM D EMO T HANK Y OU
C IPHER
Cipher
PARAMETERS
F UNCTIONS
Functions (Simplified)