Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
cwit-poster_logo
1. Database Query Privacy Using Homomorphic Encryptions
Sudharaka Palamakumbura and Hamid Usefi
{sudharakap, usefi} @ mun.ca
Memorial University of Newfoundland
Database Query Privacy Using Homomorphic Encryptions
Sudharaka Palamakumbura and Hamid Usefi
{sudharakap, usefi} @ mun.ca
Memorial University of Newfoundland
Usefulness of Fully Homomorhpic Encryption
• Suppose Alice wants to give her data to Bob to perform a certain calculation.
• Alice does not trust Bob but has a Fully Homomorphic Encryption scheme with private
key sk and public key pk.
c1 = Encpk
(x1),
c2 = Encpk
(x2),
c3 = Encpk
(x3)
c1 × (c2 + c3)
Decsk
(c1 × (c2 + c3)) = x1 × (x2 + x3)
Alice
Bob
c1 × (c2 + c3)
DGVH Scheme
Let λ be the security parameter and set, N = λ, P = λ2
and Q = λ5
. The scheme is
based on the following algorithms;
• KeyGen(λ): The key generation algorithm which randomly chooses a P-bit integer p
as the secret key.
• Enc(m, p): The bit m ∈ {0, 1} is encrypted by
c ← m + pq
where m = m (mod 2) and q, m are random Q-bit and N-bit numbers respectively.
Gahi’s Method for Query Privacy
• Bob now has a list of sequences.
r Database Records Ir Sr
1 (1, 1, 0, 0, 0) Enc(p, 1) Enc(p, 1)
2 (1, 0, 1, 0, 0) Enc(p, 0) Enc(p, 1)
3 (1, 1, 0, 0, 0) Enc(p, 1) Enc(p, 2)
4 (1, 1, 0, 1, 0) Enc(p, 0) Enc(p, 2)
5 (1, 0, 0, 0, 0) Enc(p, 0) Enc(p, 2)
5
i=1
(1 + vi + ci)
Sr =
i≤r
Ir
Ir,j = Ir
5
i=1
(1 + ji + Sr,i)
(I1) = (Enc(p, 1))
(I2) = (Enc(p, 0), Enc(p, 0))
(I3) = (Enc(p, 0), Enc(p, 1), Enc(p, 0))
(I4) = (Enc(p, 0), Enc(p, 0), Enc(p, 0), Enc(p, 0))
(I5) = (Enc(p, 0), Enc(p, 0), Enc(p, 0), Enc(p, 0), Enc(p, 0))
Generalization of Gahi’s Method
• Recall that in Gahi’s method we used the expression,
5
i=1
(1 + vi + ci)
to calculate the Ir values corresponding to each record.
• We replace this expression by,
Fi =
j=i Enc(h, m − Rj)
k=i Enc(h, Ri − Rk)
where Rj denotes the j-th record in the database, m is the plaintext message and h is
the public key.
• Bob calculates the sequence (Fi,k)5
k=1 corresponding to each record as follows.
Fr,k = Fr
j=k (Sr − Enc(h, j))
Enc(h, j=k(k − j))
for all k ≤ r
• Therefore,
Fr,k =
Enc(h, 1) if Fr = Enc(h, 1) and Sr = Enc(h, k),
Enc(h, 0) Otherwise.
Fully Homomorphic Encryption
• Homomorphic with respect to two operations (ex: Addition and Multiplication).
• The idea was first proposed by Ronald Rivest, Len Adleman and Michael Dertouzos in
1978.
• A scheme E with an efficient algorithm EvaluateE such that, for any valid public key pk,
any circuit C, and any ciphertexts ψi ← EncryptE(pk, πi) outputs
ψ ← EvaluateE(pk, C, ψ1, . . . , ψt)
where ψ is a valid encryption of C(ψ1, . . . , ψt) under pk.
Gahi’s Method for Query Privacy
• By calculating the multiplication,
5
i=1
(1 + vi + ci) =
Enc(1) if c = Enc(v),
Enc(0) Otherwise.
(c1, c2, c3, c4, c5)
“Query”→ (m1, m2, m3, m4, m5)
Alice
Bob
(v1, v2, v3, v4, v5)
(m1, m2, m3, m4, m5)
DGHV
−−−−→ (c1, c2, c3, c4, c5)
Calculates
5
i=1
(1 + vi + ci)
Finally.....
Finally Alice can decrypt the results to get the exact records that she searched for.
(c1, c2, c3, c4, c5)
“Query”→ (1, 1, 0, 0, 0)
Alice
Bob
(1, 1, 0, 0, 0)
DGHV
−−−−→ (c1, c2, c3, c4, c5)
r
Ir
Dec
r
Ir, sk = 2
(Enc(R1), Enc(R3))
Generalization of Gahi’s Method
Bob now has a list of sequences as before.
Sr =
i≤r
Fi
(F1) = (Enc(h, 0))
(F2) = (Enc(h, 0), Enc(h, 0))
(F3) = (Enc(h, 0), Enc(h, 1), Enc(h, 0))
(F4) = (Enc(h, 0), Enc(h, 0), Enc(h, 0), Enc(h, 0))
(F5) = (Enc(h, 0), Enc(p, 0), Enc(h, 0), Enc(h, 0), Enc(h, 0))
Fi =
j=i (Enc(h, m) − Enc(h, Rj))
Enc(h, k=i (Ri − Rk))
Fr,k = Fr
j=k (Sr − Enc(h, j))
Enc(h, j=k(k − j))
r Database Records Fi Sr
1 R1 = m Enc(h, 1) Enc(h, 1)
2 R2 = m Enc(h, 0) Enc(h, 1)
3 R3 = m Enc(h, 1) Enc(h, 2)
4 R4 = m Enc(h, 0) Enc(h, 2)
5 R5 = m Enc(h, 0) Enc(h, 2)
Drawbacks
• Enormous number of operations due to DGHV
schemes inherent bitwise nature.
• Restricted to DGHV scheme and it’s underlying
structure. The protocol cannot be directly used
with any other fully homomorphic encryption
scheme.
• Thereby we propose an alternative method which
improves (or generalizes) Gahi’s method and
could be used with any fully homomorphic en-
cryption scheme.
Advantages and Disadvantages
• Not restricted to DGHV scheme. Can be used with other fully homomorphic encryption schemes.
• Not dependent upon bitwise encryption. Can be used with block based fully homomorphic encryption schemes.
– Zvika Brakerski’s Fully Homomorphic Encryption Scheme based on the Ring LWE problem,
– Jean Coron’s Batch Fully Homomorphic Encryption Scheme over the Integers.
• Our scheme involves homomorphic division which might not be practical.