Homomorphic Encryption For Cluster in Cloud
Homomorphic Encryption For Cluster in Cloud
Homomorphic Encryption For Cluster in Cloud
1. Introduction
Since the prevalence of cloud computing as predicted by Gartners Hype cycle [1] for
the emerging technology. Cloud storage have become the predominant methodology for
storing the data by utilizing the network interconnection. Although cloud storage have
been a major game changer for our data storage, still there is a need to secure sensitive
data (dynamic and static) such as tax records, social security number and other personal
data related contents so as to ensure privacy. The cloud service as a mean for outsourcing
data for storage purpose and manipulation of the data which is achieved by having high
computational resources depending on the need of the cloud service based on selfdemand, have been in scrutiny and it have arisen the fear of satisfactory privacy
provision, as data will not be effectively secured enough to quench the qualms of the
service utilizers.
This problem has awaken many viable solutions to curtail the existing problem.
Encryptions of data before sending it to the cloud for storage have been a good technique
adopted for several users of cloud service. Depending on cryptographic algorithms there
are two types of algorithms based on key distribution namely symmetric key and
asymmetric key cryptography. In the symmetric/convectional key cryptography the
sender and the recipient share a key which is known to the parties involved in the given
cryptosystem, both the sender and the receiver. They are further subdivided into stream
and block ciphers [16]. A stream cipher deals with bit by bit encryption while a block
cipher deals with group or specific fixed length bits of the data. Usually this kind of
cryptography algorithms is relatively fast because there is a less burden for the system to
evaluate the encrypted and decrypted content. Despite of the advantages it is still not
preferable to utilize them as most of the cryptanalysis has opted for use of asymmetric
key. Examples of such algorithms include RC4, 3DES, DES, AES, blowfish and so forth.
While asymmetric/Public-key cryptography involves the use of separate keys, which are
not the same for both sender and recipient, thus for this kind of key cryptography different
keys will be used for decryption and encryption contrary to the symmetric key algorithm.
Thus there arise a need to specify more keys in which a public key will be universally
known to all the parties confined in the crypto-system and a private/secret key will be
known only to a single user. This in turn helps to preserve confidentiality provided that
the cryptosystem used is less vulnerable to attacks. For asymmetric/public-key
cryptography a sender can encrypt with public key and the receiver can decrypt with
private key or a sender can encrypt with private key and receiver can decrypt with public
key. Several encryption techniques and methodology have been adopted but we will give
in a nutshell preview of the encryption techniques used. Proxy based re-encryption [2]
which was presented by Mambo and Okamoto [3] aimed at improving the traditional
cryptosystem. This allowed the proxies to transfer the decryption rights from source to
destination target, without giving out the private keys of the concerned parties. It can be
utilized for file system security and email for the purpose of spam filtering. Identity Based
Encryption, IBE [4] was a notion brought forward by Adi Shamir in 1984 and further
developed in 2001 arose the first operational IBE scheme [5]. IBE is a public key based
encryption in which a feasible public key can be whichever string; this was developed to
help in managing the certificates in electronic mailing system.
There are two profound types [15] of encryption based on the characteristics of
homomorphism, which are partially and fully homomorphic encryption. Partial
homomorphic encryption enables the user to perform only a limited single operation on
cipher text such as additive and multiplicative homomorphic operations at a time. And the
real life application of it is electronic voting [14]. Examples of partial homomorphic
schemes are El-Gamal and RSA which is unpadded. While full homomorphic encryption
enables several operations to be performed on encrypted data without knowing the secret
key, example of such schemes is DGHV scheme, Gentry full homomorphic scheme and
BGH [15] scheme.
Below we will give overview for homomorphic encryption in further details.
Thereafter we will describe DGHV [6] by van Dijk M., Gentry C., et al., and GEN10 [79] by Craig Gentry. Imagine the possibility of being able for a third party to work on data
and perform some simple computation on the data which is in encrypted format without
disclosing the data, this promotes privacy in turn, and that is in short homomorphic
encryption.
In homomorphic cryptosystem, both sets of all possible plaintexts and cipher texts are
groups such that for any and any two cipher texts c1 = e(m1), c2 = e(m2), the
following condition holds:
d(c1 c2) = m1 m2
(1.1)
d(c1 + c2) = m1 + m2
(1.2)
In which and + symbolizes the group operations in the given cipher texts, C and
messages, M respectively for multiplication and additional.
Homomorphic cryptosystem can be regarded as an arbitrary box in which an operation
can be done over two cipher texts and the result will be as follows:
d(e((m1)(e(m2)) = m1 m2
(1.3)
d(e(m1)(e(m2)) = m1 + m2
(1.4)
Where and denotes operations on cipher texts to obtain encrypted product or sum
respectively for the given two messages in the plaintext.
320
2. Existing System
2.1. DGHV Scheme
In this scheme the message, is a composition of bit such that {0, 1} and the
shared key, k is an integer which is positive and odd. p and q are random integers selected
in such a manner that in the given interval hold this relation, |2r |<k/2.
The plaintext messages during encryption can be attained by computational of the
following parameters
c = + kq + 2r
(2.1.1)
The crypto message during decryption can be obtained by evaluation of the following
(c mod p) mod 2 =
(2.1.2)
Observe the following properties for homomorphic operation possible in the DGHV
scheme [6, 9]
Consider ci = i+ qik + 2ri, for i=1 and 2 then
c1 = 1 + q1k +2r1
(2.1.3)
c2=2 + q2k + 2r2
(2.1..4)
The possible homomorphic operations are addition and product that is c1 + c2 and c1
c2 respectively.
Addition
c1 = 1 + q1k +2r1
(2.1.5)
c2 = 2 + q2k + 2r2
(2.1.6)
Thus c1 + c2 +kq +2r
Where
= 1+2, q = q1+q2 and r = r1+r2
Multiplication
c1 = 1 + q1k + 2r1
(2.1.7)
c2 = 2 + q2k + 2r2
(2.1.8)
Thus c1 c2 + kq + 2r
Where = 1 2, q = 1q2 + 2q1 + kq1q2 + 2q1r2 + 2r1q2 and, r = 1r2 +2r1 +4r1r2
The problem with this scheme, DGHV [11] is that after several manipulations for both
addition and multiplication operations are carried out, it causes escalation of noises
through which it will be hard to obtain the plaintext as the cipher text will tremendously
grow in size.
2.2. Gentry Scheme (GEN 10)
Craig Gentry in 2010 proposed this scheme, hence termed as GEN10 [9]. In this
scheme message, is a composition of N-bits such {0, 1}.
The ciphertext carries the following general format, c= kq + where; c depicts a
ciphertext, k assumes a shared key, q is a random integer with odd bits and m represent
plaintext message.
The decryption for the given ciphertext can be obtained by evaluation of c mod q
Upon assuming that c i = i + kq i for i=1 and 2 this follows that,
c1= 1 +kq1
(2.2.1)
c2= 2 +kq2
(2.2.2)
This scheme, GEN10 [7-10] have the following possible operations addition,
subtraction and multiplication which are c1 +c 2, c1 c2 and c1 c 2 respectively.
Addition
c1= 1 +kq1
(2.2.3)
c2= 2 +kq2
(2.2.4)
Thus c1 + c2 + kq
Where = 1+2 and, q = q1 + q2
321
Subtraction
c1 = 1 +kq1
c2 = 2 +kq2
(2.2.5)
(2.2.6)
Thus c1 - c2 + kq
Where = 1 2 and, q = q 1 - q2
Multiplication
c1= 1 +kq1
(2.2.7)
c2= 2 +kq2
(2.2.8)
Thus c1 c2 = + kq
Where = 12 and, q = 1q2 + 2q1
For the GEN10 [11] scheme to be utilized the noises should be negligible enough such
that the following relation should hold
|12 |<k/2.
(2.2.9)
Where assumes algebraic operations which are addition (+), subtraction (-) and
multiplication ().
2.3. SDC Scheme
This scheme, SDC [11] was derived by taking into consideration of the Gentrys
cryptosystem [6-10]. It helps in recovery of cipher text by modification of the cipher text
recovery algorithm. This enables to prevent exposing of the plaintext hence it is more
secure.
Key-generation (k): The key is a random k-bit odd integer k.
Encryption (k, m): The cipher text carries the following general format
C= m + k+ r * k* q,
(2.3.1)
Where r is a random number, q is a constant big integer, m is the plaintext message,
and c is the cipher text.
Consider the possible homomorphic operation for addition and multiplication that is c1
+ c2 and c1 c2 respectively.
Upon taking ci = mi + k+ ri * k* q for i=1 and i=2 thus
c1 = m1 + k+ r1 * k* q
c2 = m2 + k+ r2 * k* q
Addition
c1 + c2 + 2k + r*k*q,
(2.3.2)
(2.3.3)
(2.3.4)
where = m1 + m2 and, r= r1 + r2
Multiplication
c1 c2 = + k + z*k*q,
(2.3.5)
Where = m1 m2, k= (m1
+ m2 + k )k
z= r1(k+ m2 + r2) + r2(k+ m1)
(2.3.6)
Decryption: c mod k
Retrieval: C mod q where C is equal to the difference between ci and c index.
In order for a client to retrieve the message contents of a specific index that is m index,
then he delivers c index to the required server by using the encryption formula described
322
above and upon submitting the cipher text to the server, it computes C mod q if it is
equivalent to zero. Then retrieval for the given cipher text is successful attained.
3. Proposed System
As referred to the below Figure every single node, di in a cluster, C have its own public
key and private key. For all the available nodes d1, d2, .. di must have a session key
which is utilized for a particular instant of accessing the nodes in the cluster. When the
user uploads the file (plaintext, m1) into the cloud it will be encrypted using RSA which
makes use of the public key appended with session key to get the cipher text, c1,
Furthermore the plaintext m1 is encrypted by changing the parameters in public key and
appending it again with session key, in turn we will get another cipher text, c11. Thus
arithmetic operations based on homomorphic properties can be applied to both the cipher
texts c1 and c11 to obtain a new cipher text, say, . If a particular user want to download
the data which is encrypted he must have a private key through which will be used for
decryption.
323
If we have two cipher texts ci and cii for cii = mi mod n and cii = mii mod n
4. Conclusion
Although there have been success in implementation of simple homomorphic
encryption full homomorphic encryption remains a great challenge to deploy and
implement it in the cloud. Provided that, fully homomorphic encryption will be given
much emphasis and then effectively utilized, cloud data will be much more secured from
encroachment as during the traditional methodology data was to be decrypted before
doing operations on it this made the data to be vulnerable for particular time instant before
decrypting it again. For, there is a need to adopt and implement a new security approach
to enhance security for cloud service. With regards to the properties of the homomorphic
encryption the possible operations that can be performed on the cipher texts can help to
guarantee security for the data submitted to cloud.
References
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
324