A Multi-Key Based Lightweight Additive
2021 International Conference on Artificial Intelligence for Cyber Security Systems and Privacy (AI-CSP) | 978-1-6654-6714-8/21/$31.00 ©2021 IEEE | DOI: 10.1109/AI-CSP52968.2021.9671216
Homomorphic Encryption Scheme
1st Khaled Chait
LIAP Laboratory, El Oued University,
PO Box 789, El Oued 39000,
El Oued, Algeria
[email protected]
[email protected]
3rd Lamri Laouamer
Department of Management Information Systems,
Qassim University, 51452, Al Melaydah,
Al Qassim, Kingdom of Saudi Arabia
[email protected]
[email protected]
Abstract—Usually, IoT devices have low power. Merging IoT
and cloud computing provides the IoT environment with data
management flexibility, such as data scalability, enhanced de-
vices capacity, economies of scale, etc. But solutions based on
cloud computing can put privacy at risk when operating an
unreliable provider. The introduction of the homomorph allows
a third party to perform operations on the data without having
access to it. In this paper, we propose a partially homomorphic
lightweight asymmetric encryption technique, which allows to
encrypt decimal digits of the message separately, by multiplying
each by a different key. There are many encryption techniques
in the literature, most of them suffer from size and slowness
in terms of execution time. In our proposed technique, the
size of the ciphertext is close to the size of the original one.
Moreover, we obtained a time complexity equal to O(n). Thus,
the proposed scheme is suitable for devices and networks with
limited resources, while offering high security.
Index Terms—Multi-Key Based technique, Lightweight tech-
nique, Encryption, Homomorphic scheme, Security, Privacy.
I. I NTRODUCTION
Security is the aspect that worries data owners. Homo-
morphic encryption is a very promising solution to guarantee
privacy in many sectors, this encryption makes it possible to
effectively secure data. Among its applications, there is the
security of data stored in the cloud in order to make operations
on it. Similarly, the cryptocurrency [1], which is a currency
issued from peer to peer without needing a central tier. There
are two commonly used types of encryption: symmetric and
asymmetric encryption. In the first category basing on key
exchange protocol [2], the same key is used to encrypt and
decrypt messages [3], [4], [5], [6], [7], [8]. The second allows
the user to distribute the encryption key [9], [10], [11], [12].
Unfortunately, if the adversary finds the secret key of the
symmetric cipher, he can decrypt all messages encrypted with
this key. In asymmetric encryption, if the adversary finds the
private key of one party, they can decrypt the data encrypted
978-1-6654-6714-8/21/$31.00 ©2021 IEEE
Authorized licensed use limited to: Birla Inst of Technology and Science Pilani Dubai. Downloaded on May 04,2024 at 14:21:23 UTC from IEEE Xplore. Restrictions apply.
2nd Abdelkader Laouid
LIAP Laboratory, El Oued University,
PO Box 789, El Oued 39000,
El Oued, Algeria
4th Mostefa Kara
LIAP Laboratory, El Oued University,
PO Box 789, El Oued 39000,
El Oued, Algeria
by that party only. Homomorphic encryption schemes include
three types: partially homomorphic (PHE), fully homomorphic
level (LFHE), and fully homomorphic (FHE). PHE only allows
one type of operation (only addition or only multiplication)
with an unlimited number of times that can be performed
on encrypted messages [9], [10]. LFHE schemes cover both
addition and multiplication but a limited number of operations,
this type supports finite operations on encrypted messages
primarily from the circuit depth point of view. The first FHE
schema is presented by Gentry 2009 [13]. This type of homo-
morphic encryption allows both addition and multiplication
with an unlimited number of operations.
The remainder of the paper is as following: Section II
presents the related work. In Section III, we show the proposed
technique. In Section IV, we presents the robustness of our
cryptosystem. Section V shows the time execution results.
Finally, Section VI concludes the paper.
II. R ELATED WORK
In order to guarantee the security of user data, many
techniques are proposed. We will present some encryption
schemes. For data mining preserving confidentiality in a multi-
key environment, the authors of [14] proposed an additive
homomorphic technique with a double decryption mechanism.
In [15], the authors presented a lightweight block cipher
using a leveled fully homomorphic cipher scheme based on
NTRU. Using a public key k, the one-bit encryption function
is represented by a linear equation. To retrieve the plaintext
from the ciphertext using the private key f , the decryption
function is: m = c × f mod 2. The multiplication in this
scheme introduces a significant increase in noise. The authors
of [3] presented a fully homomorphic encryption scheme based
on a symmetric key. Fully homomorphic targeted encryption
has been proposed by [16]. Based on the modified El-Gamal
cryptosystem, the authors represented the ciphertext in three
parts. The third part has been added to ensure the addition
 User Untrusted Provider
F
αοβ =?
α F α'
β β' α' ο β’ = λ’
ο untrusted channel
F -1
λ λ’

αοβ =λ

ο : operation, F : encryption, F -1 : decryption

Fig. 1. Homomorphic encryption with an unsecured provider

of two encrypted messages. A fully homomorphic encryption
technique was presented by [17]. The encryption function
consists in adding the clear message with a random number
multiplied by the secret key, the clear message is included in
the calculation of this random number. In order to preserve
order, Yagoub et al. used a simple linear expression. A
new fully homomorphic encryption technique based on error
learning (LWE) is proposed by [18], in order to avoid complex
matrix operations, Ding et al. modified the re-linearization
method developed by Brakerski et al. [19] and improved a
new method called non-matrix key switching. Most techniques
suffer from the size or run time. For example, the Gentry and
Halevi FHE [20] scheme require a public key of 70 megabytes.
The time required to perform a boot operation varies from 30
seconds. The technique took over 900 seconds to add two 32-
bit integers. This paper proposes an asymmetric multi-keys
PHE scheme (MK-PHE) on integers taking into account the
feasibility in an IoT environment.
III. P ROPOSED SCHEME
Against an untrusted cloud, the user tries to get the result of
αoβ (Figure 1). For this, we increase the security level of the
technique represented in Equation 1 where ψ is the ciphertext,
π is the original message, k denotes the private key, and r is
a random number.
ψ = (π × k + r × p) mod n
where n = p × q, p and q are two large prime numbers. This
technique is leveled fully homomorphic and it is easily broken.
Our idea is to consider the message m as a concatenation of
decimal digits, and to treat each digit mi separately (0 <=
mi <= 9). Instead of multiplying m by k, we multiply each
mi by a secret key ki . We consider the primitives M , C, K,
Enc(), Dec() where:
• M denotes the plaintext space, with M << p.
• C denotes the ciphertext space.
• K denotes the public keys (pki ) and private keys (ski )
space.
• Enc() denotes the encryption function Encpk0 ,pk1 ,...pki :
P −→ C with pki ∈ K.
• Dec() denotes the decryption function given by:
Decsk0 ,sk1 ,...ski : C −→ P with ski ∈ K.
The proposed technique can be defined as follows :
• KeyGen: Given a private and public keys ski and pki ,
respectively, for any random variable ri , (ski , pki ) =
((ki , p), (ki + ri × p, n))
• Enc(m) : The message m is encrypted using the public
keys pki , c = m0 × pk0 + m1 × pk1 + . . . mi × pki , with
pkx < pky if x < y
• Dec(c): The P0ciphertext is decrypted using the private keys
sk, m = i=l ( kci ) × 10i , c ← c − c × ki , where ( kci ) is
the quotient of c ÷ ki .
This scheme is based on the separate processing of each
decimal digit that makes up the message.
Key function We use s keys, where s is the number of
(1) digits that form the longest plaintext m. The natural case is
the optimal case of keys ki , where m is written in decimal.
The ki in the decimal writing are 1, 10, 100, 1000, 10000,
etc. We notice that these ki check the condition: 100 > 9 ×
(1 + 10) = 99, 1000 > 9 × (1 + 10 + 100) = 999, 10000 >
9 × (1 + 10 + 100 + 1000) = 9999, etc. We put the following
proposition :

Authorized licensed use limited to: Birla Inst of Technology and Science Pilani Dubai. Downloaded on May 04,2024 at 14:21:23 UTC from IEEE Xplore. Restrictions apply.
 Decryption In a first step, we calculate the modulo c
j−1
X mod p to eliminate the last part (r × p). Then, we divide
k0 > 10, kj > 9 × ki ∀j > 0 (2)
successively (with decreasing i) c on ki where ki > ki−1 . In
i=0
Pj−1 a last step, we multiply successively (with decreasing i) the
According to proposition 2, we have kj = hj +9× i=0 ki digits obtained by 10i .
where hj are small random numbers, we put hi = 1 ∀i > 1. c
Pj−1
hj = 1 ⇒ kj = 1 + 9 × i=0 ki = (1 + 9 × k0 ) + 9 × k1 + Lemma 1. if ki = mi ⇒ Dec(c) = m
. . . 9 × kj−1 . Proof. It suffices to showthat m0 ×k0 +m1 ×k1 +. . . mj−1 ×
We put (1 + 9 × k0 ) = k1 ⇒ kj = k1 + 9 × k1 + . . . 9 × kj−1 . kj−1 < mj × kj ∀mi ∈ 0, .., 9 ,
We put k1 + 9 × k1 = k2 ⇒ kj = k2 + 9 × k2 + . . . 9 × kj−1 m ×k +m ×k +...mj−1 ×kj−1
i.e., 0 0 1 k1j = 0. In the worst case, mi =
and so on. 
9 ∀i ∈ 0, .., j − 1 and mi = 1 for i = j ⇒ 9 × k0 +
Finally, we will obtain kj = 10 × kj−1 . In general: 9 × k1 + . . . 9 × kj−1 < kj . 9 × (k0 + k1 + . . . kj−1 ) <
Pj−1
k0 > 10, k1 = 1 + 9 × k0 , kj = 10j−1 × k1 (3) kj ⇒ 9 × i=0 ki < kj . According to Proposition 2, kcj =
Let c = m0 × k0 + m1 × k1 + . . . ms−1 × ks−1 where mj . After that, we calculate the subtraction : c ← c − c ×
c
s = size(M ). According to proposition 2, we have c < ks = k j ⇒ c = m0 × k0 + . . . mj−1 × kj−1 ⇒ kj−1 = mj−1 .
10s × k0 . And so on, we will obtain m0 , m1 , . . . mj , then we calculate
Let d be the number of addition operation. For addition, C = m = m0 × 100 + m1 × 101 + . . . mj × 10j .
P d
ci , the coefficient of ki must be less than ki ⇒ k0 > To ensure the recovery of m, we starts the division on k j
Pi=1
d Pd
i=1 mi , we have max(mi = 9) ⇒ k0 > i=1 9 ⇒ k0 > where j = size(c). If i = size(m), we have j > i because
Pd
9 × d. We have i=1 ci < p and c < 10s × k0 ⇒ d × (10s × c > m. Likewise, the decryption is correct for mj < k0 .
k0 ) > d×c ⇒ p > d×(10s ×k0 ), where k0 > 9×d ⇒ p > The decryption function could be defined by the following
9 × d2 × 10s . algorithm :
We can summarize the parameter conditions of the proposed
cryptosystem as follows: Algorithm 2 Decryption algorithm
• Let : m ∈ M, s = size(M ), d is addition depth and h is Require: c, (k0 , k1 , . . . kj ), p
a small random number. Ensure: m = Dec(c)
Pj−1
• Kyes : k0 > 10, kj = hj + 9 × i=0 ki .
′ s−1 function D EC
• For addition : k0 = h + 9 × d, p = h + d × (10 × k1 ). 1:
Encryption For the encryption function, let 2: c ← c mod p
m = m j mj−1 . . . m0 where m0 is the coefficient of 3: l ← size(c)
100 , mi ∈ 0, .., 9 ∀i ∈ 0, .., j and mj ̸= 0. 4: m←0
We multiply each mi by pki where pkx < pky if x < y. 5: for i ← 0 to l do
c
c = m0 × pk0 + m1 × pk1 + . . . mj × pkj ⇒ 6: x ← kl−i−1
c = m0 ×(k0 +r0 ×p)+m1 ×(k1 +r1 ×p)+. . . mi ×(kj +rj ×p) 7: c ← c − x × kl−i−1
8: m ← m + x × 10l−i−1
We obtain : 9: end for
10: return m
c = (m0 × k0 + m1 × k1 + . . . mj × kj + r × p) mod n (4)
11: end function
where r is random, r = m0 × r0 + m1 × r1 + . . . mi × rj
and : m0 × k0 + m1 × k1 + . . . mj × kj < p. The encryption Homomorphic property To ensure the additive property of
function could be defined by the following algorithm: the homomorphic which is : Dec(m1 + m2 ) = Dec(m1 ) +
Dec(m2 ), let x < y, c1 = m01 ×k0 +m11 ×k1 +. . . mx1 ×kx +
Algorithm 1 Encryption algorithm
r1 × p and c2 = m02 × k0 + m12 × k1 + . . . my2 × ky + r2 × p
Require: m, (pk0 , pk1 , . . . pkj ), n that implies Enc(m1 ) + Enc(m2 ) = (m01 + m02 ) × k0 +
Ensure: c = Enc(m) (m11 + m12 ) × k1 + . . . (mx1 + mx2 ) × kx +. . . my2 ) × ky .
Knowing that : (mi1 + mj2 ) < ks ∀i ∈ 0, .., x , j ∈
function E NC   Enc(m1 )+Enc(m2 )
2: l ← size(m) 0, .., y , s ∈ 0, .., y , kv = mv ∀v ∈
c←0 0, .., y ⇒ Dec(c1 + c2 ) = m1 + m2 .
4: for i ← 0 to l do IV. P ERFORMANCE AND SECURITY ANALYSIS
x ← digit(m, [l − i − 1 : l − i]) The proposed asymmetric technique contains two types of
6: c ← (c + x × (pki )) mod n secret keys, the first is the ki , the second is the trapdoor p
end for which is hidden in n with n = p × q (p and q are two large
8: return c prime numbers). If an adversary discovered p, he will be able
end function to extract the all private keys ki from the public keys where

Authorized licensed use limited to: Birla Inst of Technology and Science Pilani Dubai. Downloaded on May 04,2024 at 14:21:23 UTC from IEEE Xplore. Restrictions apply.
 pki = ki +ri ×p. However, to get the trapdoor p, the adversary
has to solve a factorization problem. The integer factorization
problem is to find p and q, Q more generally, to find primes
j
p1 , p2 , . . . , pj such that n = i=1 pi , this particular problem
cannot be solved in polynomial time until this day. Let λ is the
security parameter and 2λ < p < 2λ+1 , a security parameter
λ asserts that cryptanalysis requires 2λ operations to find the
trapdoor p.
Known-plaintext attack: where the adversary has
access to both the plaintext and its encrypted version
(the ciphertext). These can be used to reveal the private
keys. If this known-plaintext m0 is the size of 1 digit, the
adversary cannot reveal anything because c = m0 × pk0
with c, m0 and pk0 are known. If the adversary tries
to multiply by the inverse of the public key, then
c × pk0−1 = m0 × pk0 × pk0−1 ⇒ α = m0 + β × n ⇒ α
mod n = (m0 + β × n) mod n ⇒ m0 = m0 where
β is independent of k0 ; so, the adversary cannot reveal
anything. Assuming now the size of m is j > 1,
c = m0 × pk0 + m1 × pk1 , if the adversary multiplies
by pk0−1 or pk1−1 , the same thing, he will get c × pk0−1 =
m0 +m1 ×pk1 ×pk0−1 ⇒ α+β1 ×n = α+β2 ×n ⇒ α = α
where β1 and β2 are independent of k0 and k1 ; so,
the adversary cannot reveal anything. Assuming now
that the adversary knows two plaintext m and m′ , if
size(m) = size(m′ ) = 1, then it is not useful. If
size(m) > 1 and size(m′ ) > 1, then let pk11 = k1 + r1 × p.
 Reduced size: In the symmetric version, the proposed
c = m0 × pk0 + m1 × pk1
⇒
c′ = m′0 × pk0 + m′1 × pk1
 ′
m0 × c = m′0 × m0 × pk0 + m′0 × m1 × pk1
⇒
m0 × c′ = m′0 × m0 × pk0 + m0 × m′1 × pk1
To eliminate one of the public keys by multiplication and
substraction, the coefficients of the public key pk1 in the two
equations must be different. In our example, m′0 × m1 must
be different to m0 × m′1 . The adversary will get another value
of pk1 (pk1′ ) by substraction, pk1 − pk1′ = (k1 + r1 × p) −
(k1 + r1′ × p) = r1′′ × p, it suffices factorize or to do the
modular division with n (n = p × q) to obtain the private key
p. To reveal secret information, it is not sufficient to have two
message m and m′ and its ciphertext. Moreover, m and m′
must verify the following equality m′0 ×m1 ̸= m0 ×m′1 (where
m = m0 m1 and m′ = m′0 m′1 ). For size of known-plaintext
equal to 3 digits, the adversary must know three known-
plaintext to reveal secret information, and so on. Brut force
attack (BFA): In many types of attacks, there is one main
difference that influences the hardness between asymmetric
and symmetric techniques. In the first family, it is easy to get
m and c because the adversary uses the public key to create
a peer (m, c), then he starts the search (F −1 (c, sk) = m). On
the other hand, in symmetrical schemes, the adversary must
first capture the peer (m, c). In the BFA with the symmetric
encryption, the adversary will do an exhaustive search to
retrieve the private key. In a simple example, comparing by
RSA, the adversary must make 2d operations with cd = m.
Authorized licensed use limited to: Birla Inst of Technology and Science Pilani Dubai. Downloaded on May 04,2024 at 14:21:23 UTC from IEEE Xplore. Restrictions apply.
In the proposed technique, where we have s secret keys, there
are at least (2k0 )s operations that the adversary must do them,
where k0 is the smallest size of keys and s = size(M ). So,
in the BFA with symmetric encryption we have two layers of
security, one: find the peer (m, c), two: find the sk. In the BFA
with the asymmetric encryption, there is not an exhaustive
search directly on the secret keys ki because they are hidden
in r × p (c = F (m, k) + r × p ), so there is only one layer,
where we have 2p operations to find the private key p.
Computational complexity: Let j be the size of the
message m, the algorithm 1 shows that the complexity
C(j + 1) = C(j) + χ where χ is a constant, we have
max(j) = M , this means that the time complexity is a
linear T (M ) = O(M ). Table I shows the performance of
the proposed technique in terms of complexity compared with
other techniques under the same parameters (security level,
key length).
Technique Enc Dec
MK-PHE O(λ) O(λ)
[21] O(λ4 ) O(λ4 )
[3] O(λ5 ) O(λ4.8 )
[22] O(λ6 ) O(λ5 )
[23] O(λ6 ) O(λ5 )
[24] O(λ13 ) O(λ12 )
TABLE I
E NCRYPTION AND DECRYPTION COMPLEXITY COMPARISON
simplified formula shown in Equation 3 provides a fairly small
size of the ciphertext.
Lemma 2. size(Enc(m)) = size(m) + χ where χ is a
constant.
 size(m) = j, 0
Proof. Let
m = m0 × 10 + m1 × 101 + . . . mj × 10j
we have
Enc(m) = m0 × k0 + m1 × k1 + . . . mj × kj
According to proposition 2, we can put k1 = 10 × k0 , we
will obtain :
Enc(m) = m0 × 100 × k0 + m1 × 101 × k0 + . . . mj × 10j ×
k0 ⇒ Enc(m) = k0 ×(m0 ×100 +m1 ×101 +. . . mj ×10j ) =
k0 × m ⇒ Enc(m) = k0 × m
We can deduce that χ = size(k0 ) − 1, for example, if
size(k0 ) = 11, then size(Enc(m)) = size(m) + 1.
V. I MPLEMENTATION RESULTS
The implementation of the proposed technique has been
done in Python program language running on a PC with
Processor Intel(R) Core(TM) i3-3110M CPU 2.40 GHz, 2
Core(s), 4 Logical Processor(s), 4 Go RAM. Encrypting a
message of 16 bits. The results in Table II shows how much the
execution time in the proposed technique is reduced compared
to four techniques.
We conducted several experiments to determine the time
spent in the encryption and decryption operations. Putting
size(m) = 16 bits and size(n) = 360 bits (n = p × q), these
 Technique Enc Dec
MK-PHE 0.036 0.041
[11] 0.07 11.95
[14] 11.91 17.67
[25] 47 15
[26] 50 10
[27] 255 493
[28] 899 785
TABLE II
E XECUTION TIME ( MS )
experiments has shown that the decryption time increases at a
much higher speed than the encryption time. This is due to two
reasons, the first is that the decryption contains five processes
(Alg 2), while the encryption contains three processes (Alg 1).
The second reason, which is the most important, the size of
the ciphertext increases faster than the size of the plaintext.
The decryption process is based on processing each digit
separately, this will create a difference influenced by the size
of ciphertext.
VI. C ONCLUSION
In this paper, we have proposed a novel lightweight tech-
nique with additive homomorphic encryption property. Our
technique is applied to integer numbers, their hardness is
based on factorization problems and polynomial reconstruction
problems. In which, we obtained a time complexity T (n)
equal to O(n). For each digit mi of the message m to
be encrypted, we applied the simplest encryption technique,
which is c = m × k. We have defined the formulas of the
private key k0 and p which determine the depth of the addition.
The symmetric encryption of our technique is compared with
the asymmetric encryption, and we demonstrated their order-
preserving. The security analysis of the proposed MK-PHE
scheme showed a high level of hardness. The implementation
has further proved their performance particularly in terms of
data processing rapidity compared to other techniques. The
obtained results show that the operations can be performed by
low computing capacity devices for real applications.
R EFERENCES
[1] M. Kara, A. Laouid, M. AlShaikh, M. Hammoudeh, A. Bounceur,
R. Euler, A. Amamra, and B. Laouid, “A compute and wait in pow (cw-
pow) consensus algorithm for preserving energy consumption,” Applied
Sciences, vol. 11, no. 15, p. 6750, 2021.
[2] M. Kara, A. Laouid, M. AlShaikh, A. Bounceur, and M. Hammoudeh,
“Secure key exchange against man-in-the-middle attack: Modified
diffie-hellman protocol,” Jurnal Ilmiah Teknik Elektro Komputer dan
Informatika, vol. 7, no. 3, pp. 380–387, 2021. [Online]. Available:
http://journal.uad.ac.id/index.php/JITEKI/article/view/22210
[3] V. Biksham and D. Vasumathi, “A lightweight fully homomorphic en-
cryption scheme for cloud security,” International Journal of Information
and Computer Security, vol. 13, no. 3-4, pp. 357–371, 2020.
[4] M. van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, “Fully
homomorphic encryption over the integers,” in Advances in Cryptology
– EUROCRYPT 2010, H. Gilbert, Ed. Berlin, Heidelberg: Springer
Berlin Heidelberg, 2010, pp. 24–43.
[5] S. Medileh, A. Laouid, E. Nagoudi, R. Euler, A. Bounceur, M. Ham-
moudeh, M. AlShaikh, A. Eleyan, and O. A. Khashan, “A flexible
encryption technique for the internet of things environment,” Ad Hoc
Networks, p. 102240, 2020.
Authorized licensed use limited to: Birla Inst of Technology and Science Pilani Dubai. Downloaded on May 04,2024 at 14:21:23 UTC from IEEE Xplore. Restrictions apply.
[6] N. Aggarwal, C. Gupta, and I. Sharma, “Fully homomorphic symmetric
scheme without bootstrapping,” in Proceedings of 2014 International
Conference on Cloud Computing and Internet of Things. IEEE, 2014,
pp. 14–17.
[7] J. Daemen and V. Rijmen, “The block cipher rijndael,” in Interna-
tional Conference on Smart Card Research and Advanced Applications.
Springer, 1998, pp. 277–284.
[8] P. Ekdahl and T. Johansson, “A new version of the stream cipher snow,”
in International Workshop on Selected Areas in Cryptography. Springer,
2002, pp. 47–61.
[9] R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital
signatures and public-key cryptosystems,” Communications of the ACM,
vol. 21, pp. 120–126, 1978.
[10] T. Elgamal, “A public key cryptosystem and a signature scheme based on
discrete logarithms,” IEEE Transactions on Information Theory, vol. 31,
no. 4, pp. 469–472, 1985.
[11] M. Kara, A. Laouid, R. Euler, M. A. Yagoub, A. Bounceur, M. Ham-
moudeh, and S. Medileh, “A homomorphic digit fragmentation encryp-
tion scheme based on the polynomial reconstruction problem,” in The 4th
International Conference on Future Networks and Distributed Systems
(ICFNDS), 2020, pp. 1–6.
[12] M. Kara, A. Laouid, M. A. Yagoub, R. Euler, S. Medileh, M. Ham-
moudeh, A. Eleyan, and A. Bounceur, “A fully homomorphic encryption
based on magic number fragmentation and el-gamal encryption: Smart
healthcare use case,” Expert Systems, pp. 1–10, 2021.
[13] C. Gentry, “Fully homomorphic encryption using ideal lattices,” in
Proceedings of the forty-first annual ACM symposium on Theory of
computing, 2009, pp. 169–178.
[14] H. Pang and B. Wang, “Privacy-preserving association rule mining using
homomorphic encryption in a multikey environment,” IEEE Systems
Journal, 2020.
[15] Y. Doröz, A. Shahverdi, T. Eisenbarth, and B. Sunar, “Toward practical
homomorphic evaluation of block ciphers using prince,” vol. 8438, 03
2014, pp. 208–220.
[16] Y. Yang, S. Zhang, J. Yang, J. Li, and Z. Li, “Targeted fully ho-
momorphic encryption based on a double decryption algorithm for
polynomials,” Tsinghua science and technology, vol. 19, no. 5, pp. 478–
485, 2014.
[17] M. A. Yagoub, L. Abdelkader, O. Kazar, A. Bounceur, R. Euler, and
M. AlShaikh, “An adaptive and efficient fully homomorphic encryption
technique,” 06 2018, pp. 1–6.
[18] Y. Ding, X. Li, H. Lü, and X. Li, “A novel fully homomorphic encryption
scheme bsed on lwe,” Wuhan University Journal of Natural Sciences,
vol. 21, no. 1, pp. 84–92, 2016.
[19] Z. Brakerski and V. Vaikuntanathan, “Efficient fully homomorphic
encryption from (standard) lwe,” SIAM Journal on Computing, vol. 43,
no. 2, pp. 831–871, 2014.
[20] C. Gentry and S. Halevi, “Implementing gentry’s fully-homomorphic
encryption scheme,” in Annual international conference on the theory
and applications of cryptographic techniques. Springer, 2011, pp. 129–
148.
[21] K. Gai, M. Qiu, Y. Li, and X.-Y. Liu, “Advanced fully homomorphic
encryption scheme over real numbers,” in 2017 IEEE 4th international
conference on cyber security and cloud computing (CSCloud). IEEE,
2017, pp. 64–69.
[22] H.-M. Yang, Q. Xia, X.-f. Wang, and D.-h. Tang, “A new somewhat
homomorphic encryption scheme over integers,” in 2012 International
Conference on Computer Distributed Control and Intelligent Environ-
mental Monitoring. IEEE, 2012, pp. 61–64.
[23] Y. G. Ramaiah and G. V. Kumari, “Towards practical homomorphic
encryption with efficient public key generation,” International Journal
on Network Security, vol. 3, no. 4, p. 10, 2012.
[24] J. H. Cheon, J.-S. Coron, J. Kim, M. S. Lee, T. Lepoint, M. Tibouchi,
and A. Yun, “Batch fully homomorphic encryption over the integers,”
in Annual International Conference on the Theory and Applications of
Cryptographic Techniques. Springer, 2013, pp. 315–335.
[25] M. Thangavel and P. Varalakshmi, “Enhanced dna and elgamal cryp-
tosystem for secure data storage and retrieval in cloud,” Cluster Com-
puting, vol. 21, no. 2, pp. 1411–1437, 2018.
[26] J.-S. Coron, A. Mandal, D. Naccache, and M. Tibouchi, “Fully ho-
momorphic encryption over the integers with shorter public keys,” in
Advances in Cryptology – CRYPTO 2011, P. Rogaway, Ed. Berlin,
Heidelberg: Springer Berlin Heidelberg, 2011, pp. 487–504.
 [27] S. Dasgupta and S. Pal, “Design of a polynomial ring based symmetric
homomorphic encryption scheme,” Perspectives in Science, vol. 8, 07
2016.
[28] D. Boer and S. Kramer, “Secure sum outperforms homomorphic encryp-
tion in (current) collaborative deep learning,” 06 2020.

Authorized licensed use limited to: Birla Inst of Technology and Science Pilani Dubai. Downloaded on May 04,2024 at 14:21:23 UTC from IEEE Xplore. Restrictions apply.