Homomorphic encryption allows computations to be performed on encrypted data without decrypting it first. This document discusses homomorphic encryption techniques including partially homomorphic encryptions that support either addition or multiplication operations, and fully homomorphic encryption introduced by Craig Gentry that supports both types of operations. It also covers the use of ideal lattices in lattice-based cryptosystems and the bootstrapping technique used to "refresh" ciphertexts and prevent noise from accumulating during homomorphic computations.
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Apresentação sobre Criptografia baseada em reticulados (lattices), realizada no contexto da disciplina de Post-Quantum Cryptography do PPGCC da UFSC.
Versão odp: http://coenc.td.utfpr.edu.br/~giron/presentations/aula_lattice.odp
Homomorphic encryption is the conversion of data into cipher text that can be analyzed and worked with as if it were still in its original form.
Homomorphic encryption enables complex mathematical operations to be performed on encrypted data without compromising the encryption.
We will discuss the following: RSA Key generation , RSA Encryption , RSA Decryption , A Real World Example, RSA Security.
https://www.youtube.com/watch?v=x7QWJ13dgGs&list=PLKYmvyjH53q13_6aS4VwgXU0Nb_4sjwuf&index=7
This Presentation Elliptical Curve Cryptography give a brief explain about this topic, it will use to enrich your knowledge on this topic. Use this ppt for your reference purpose and if you have any queries you'll ask questions.
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
Elliptic Curve Cryptography and Zero Knowledge Proof
Presentation by Nimish Joseph, at College of Engineering Cherthala, Kerala, India, during Faculty Development Program, on 06-Nov-2013
Public Key Cryptography and RSA algorithmIndra97065
Public Key Cryptography and RSA algorithm.Explanation and proof of RSA algorithm in details.it also describer the mathematics behind the RSA. Few mathematics theorem are given which are use in the RSA algorithm.
An introduction to asymmetric cryptography with an in-depth look at RSA, Diffie-Hellman, the FREAK and LOGJAM attacks on TLS/SSL, and the "Mining your P's and Q's attack".
Apresentação sobre Criptografia baseada em reticulados (lattices), realizada no contexto da disciplina de Post-Quantum Cryptography do PPGCC da UFSC.
Versão odp: http://coenc.td.utfpr.edu.br/~giron/presentations/aula_lattice.odp
Homomorphic encryption is the conversion of data into cipher text that can be analyzed and worked with as if it were still in its original form.
Homomorphic encryption enables complex mathematical operations to be performed on encrypted data without compromising the encryption.
We will discuss the following: RSA Key generation , RSA Encryption , RSA Decryption , A Real World Example, RSA Security.
https://www.youtube.com/watch?v=x7QWJ13dgGs&list=PLKYmvyjH53q13_6aS4VwgXU0Nb_4sjwuf&index=7
This Presentation Elliptical Curve Cryptography give a brief explain about this topic, it will use to enrich your knowledge on this topic. Use this ppt for your reference purpose and if you have any queries you'll ask questions.
Elliptic Curve Cryptography and Zero Knowledge ProofArunanand Ta
Elliptic Curve Cryptography and Zero Knowledge Proof
Presentation by Nimish Joseph, at College of Engineering Cherthala, Kerala, India, during Faculty Development Program, on 06-Nov-2013
Public Key Cryptography and RSA algorithmIndra97065
Public Key Cryptography and RSA algorithm.Explanation and proof of RSA algorithm in details.it also describer the mathematics behind the RSA. Few mathematics theorem are given which are use in the RSA algorithm.
An introduction to asymmetric cryptography with an in-depth look at RSA, Diffie-Hellman, the FREAK and LOGJAM attacks on TLS/SSL, and the "Mining your P's and Q's attack".
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsNIT Sikkim
ECC was developed in 1985 independently by Neal Koblitz and Victor Miller. Both men saw the application of the elliptic curve discrete log problem (ECDLP) as a replacement for the conventional discrete log problem (DLP) which is used in DSA, and the integer factorization problem found in RSA. For both problems, sub-exponential solutions have been generated; the
same which cannot be said for ECDLP . In addition to offering increased security for a smaller key size, operations of adding and doubling can be optimized successfully on a mobile
platform . ECC offers a viable replacement to the most common public-key cryptography algorithms on mobile devices.
Slides from the presentation "Modern Cryptography" delivered at Deovxx UK 2013. See Parleys.com for the full video https://www.parleys.com/speaker/5148920c0364bc17fc5697a5
Information and network security 33 rsa algorithmVaibhav Khanna
RSA algorithm is asymmetric cryptography algorithm. Asymmetric actually means that it works on two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is given to everyone and Private key is kept private
Professional air quality monitoring systems provide immediate, on-site data for analysis, compliance, and decision-making.
Monitor common gases, weather parameters, particulates.
BREEDING METHODS FOR DISEASE RESISTANCE.pptxRASHMI M G
Plant breeding for disease resistance is a strategy to reduce crop losses caused by disease. Plants have an innate immune system that allows them to recognize pathogens and provide resistance. However, breeding for long-lasting resistance often involves combining multiple resistance genes
hematic appreciation test is a psychological assessment tool used to measure an individual's appreciation and understanding of specific themes or topics. This test helps to evaluate an individual's ability to connect different ideas and concepts within a given theme, as well as their overall comprehension and interpretation skills. The results of the test can provide valuable insights into an individual's cognitive abilities, creativity, and critical thinking skills
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...Travis Hills MN
Travis Hills of Minnesota developed a method to convert waste into high-value dry fertilizer, significantly enriching soil quality. By providing farmers with a valuable resource derived from waste, Travis Hills helps enhance farm profitability while promoting environmental stewardship. Travis Hills' sustainable practices lead to cost savings and increased revenue for farmers by improving resource efficiency and reducing waste.
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Sérgio Sacani
Since volcanic activity was first discovered on Io from Voyager images in 1979, changes
on Io’s surface have been monitored from both spacecraft and ground-based telescopes.
Here, we present the highest spatial resolution images of Io ever obtained from a groundbased telescope. These images, acquired by the SHARK-VIS instrument on the Large
Binocular Telescope, show evidence of a major resurfacing event on Io’s trailing hemisphere. When compared to the most recent spacecraft images, the SHARK-VIS images
show that a plume deposit from a powerful eruption at Pillan Patera has covered part
of the long-lived Pele plume deposit. Although this type of resurfacing event may be common on Io, few have been detected due to the rarity of spacecraft visits and the previously low spatial resolution available from Earth-based telescopes. The SHARK-VIS instrument ushers in a new era of high resolution imaging of Io’s surface using adaptive
optics at visible wavelengths.
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptxMAGOTI ERNEST
Although Artemia has been known to man for centuries, its use as a food for the culture of larval organisms apparently began only in the 1930s, when several investigators found that it made an excellent food for newly hatched fish larvae (Litvinenko et al., 2023). As aquaculture developed in the 1960s and ‘70s, the use of Artemia also became more widespread, due both to its convenience and to its nutritional value for larval organisms (Arenas-Pardo et al., 2024). The fact that Artemia dormant cysts can be stored for long periods in cans, and then used as an off-the-shelf food requiring only 24 h of incubation makes them the most convenient, least labor-intensive, live food available for aquaculture (Sorgeloos & Roubach, 2021). The nutritional value of Artemia, especially for marine organisms, is not constant, but varies both geographically and temporally. During the last decade, however, both the causes of Artemia nutritional variability and methods to improve poorquality Artemia have been identified (Loufi et al., 2024).
Brine shrimp (Artemia spp.) are used in marine aquaculture worldwide. Annually, more than 2,000 metric tons of dry cysts are used for cultivation of fish, crustacean, and shellfish larva. Brine shrimp are important to aquaculture because newly hatched brine shrimp nauplii (larvae) provide a food source for many fish fry (Mozanzadeh et al., 2021). Culture and harvesting of brine shrimp eggs represents another aspect of the aquaculture industry. Nauplii and metanauplii of Artemia, commonly known as brine shrimp, play a crucial role in aquaculture due to their nutritional value and suitability as live feed for many aquatic species, particularly in larval stages (Sorgeloos & Roubach, 2021).
Toxic effects of heavy metals : Lead and Arsenicsanjana502982
Heavy metals are naturally occuring metallic chemical elements that have relatively high density, and are toxic at even low concentrations. All toxic metals are termed as heavy metals irrespective of their atomic mass and density, eg. arsenic, lead, mercury, cadmium, thallium, chromium, etc.
Nucleophilic Addition of carbonyl compounds.pptxSSR02
Nucleophilic addition is the most important reaction of carbonyls. Not just aldehydes and ketones, but also carboxylic acid derivatives in general.
Carbonyls undergo addition reactions with a large range of nucleophiles.
Comparing the relative basicity of the nucleophile and the product is extremely helpful in determining how reversible the addition reaction is. Reactions with Grignards and hydrides are irreversible. Reactions with weak bases like halides and carboxylates generally don’t happen.
Electronic effects (inductive effects, electron donation) have a large impact on reactivity.
Large groups adjacent to the carbonyl will slow the rate of reaction.
Neutral nucleophiles can also add to carbonyls, although their additions are generally slower and more reversible. Acid catalysis is sometimes employed to increase the rate of addition.
Remote Sensing and Computational, Evolutionary, Supercomputing, and Intellige...University of Maribor
Slides from talk:
Aleš Zamuda: Remote Sensing and Computational, Evolutionary, Supercomputing, and Intelligent Systems.
11th International Conference on Electrical, Electronics and Computer Engineering (IcETRAN), Niš, 3-6 June 2024
Inter-Society Networking Panel GRSS/MTT-S/CIS Panel Session: Promoting Connection and Cooperation
https://www.etran.rs/2024/en/home-english/
DERIVATION OF MODIFIED BERNOULLI EQUATION WITH VISCOUS EFFECTS AND TERMINAL V...Wasswaderrick3
In this book, we use conservation of energy techniques on a fluid element to derive the Modified Bernoulli equation of flow with viscous or friction effects. We derive the general equation of flow/ velocity and then from this we derive the Pouiselle flow equation, the transition flow equation and the turbulent flow equation. In the situations where there are no viscous effects , the equation reduces to the Bernoulli equation. From experimental results, we are able to include other terms in the Bernoulli equation. We also look at cases where pressure gradients exist. We use the Modified Bernoulli equation to derive equations of flow rate for pipes of different cross sectional areas connected together. We also extend our techniques of energy conservation to a sphere falling in a viscous medium under the effect of gravity. We demonstrate Stokes equation of terminal velocity and turbulent flow equation. We look at a way of calculating the time taken for a body to fall in a viscous medium. We also look at the general equation of terminal velocity.
The ability to recreate computational results with minimal effort and actionable metrics provides a solid foundation for scientific research and software development. When people can replicate an analysis at the touch of a button using open-source software, open data, and methods to assess and compare proposals, it significantly eases verification of results, engagement with a diverse range of contributors, and progress. However, we have yet to fully achieve this; there are still many sociotechnical frictions.
Inspired by David Donoho's vision, this talk aims to revisit the three crucial pillars of frictionless reproducibility (data sharing, code sharing, and competitive challenges) with the perspective of deep software variability.
Our observation is that multiple layers — hardware, operating systems, third-party libraries, software versions, input data, compile-time options, and parameters — are subject to variability that exacerbates frictions but is also essential for achieving robust, generalizable results and fostering innovation. I will first review the literature, providing evidence of how the complex variability interactions across these layers affect qualitative and quantitative software properties, thereby complicating the reproduction and replication of scientific studies in various fields.
I will then present some software engineering and AI techniques that can support the strategic exploration of variability spaces. These include the use of abstractions and models (e.g., feature models), sampling strategies (e.g., uniform, random), cost-effective measurements (e.g., incremental build of software configurations), and dimensionality reduction methods (e.g., transfer learning, feature selection, software debloating).
I will finally argue that deep variability is both the problem and solution of frictionless reproducibility, calling the software science community to develop new methods and tools to manage variability and foster reproducibility in software systems.
Exposé invité Journées Nationales du GDR GPL 2024
2. Computations on the Encrypted Data
• The user can be able to make operations his/her encrypted data
without decrypting it.
• The user can also encrypt the queries that send to the encrypted
data.
3. Usage of Homomorphic Encryption
• Secure Voting Systems
• Cloud Security
• Private Information Retrieval (PIR)
• Collision Resistant Hash-Functions
• Hybrid Wireless Network
5. People currently working on Homomorphic
Encryption
• Craig Gentry, the creator of first homomorphic scheme
• Shai Halevi
• Zvika Brakerski
• Vinod Vaikuntanathan
• Marten van Dijk
• Eleanor Rieffel
• Nigel Smart
• Victor Shoup
7. What is the term ‘Homomorphism’
• In ancient Greek it is translated into the ‘Same Form’
• Subtypes of Homomorphism
• Isomorphism
• Automorphism
• Endomorphism
8. Groups (recall from previous lecture)
• A group is a pair (G,●) consisting of a nonempty set G and a binary
operation ●, (closed) on G, such that (∀ P,Q,R ∈ G)
• Binary operation is associative; (P ● Q) ● R = P ● (Q ● R)
• A unique identity exists; 0 ● P = P ● 0 = P
• Every element has a unique inverse; P ● Q = Q ● P = 0
• Furthermore, (G,+) is abelian if P ● Q = Q ● P ∀ P,Q ∈ G
9. Group Homomorphism
Let (G1 ,●) and (G2 , ●) be groups, and let f : G1 -> G2 be a function. Then
f is said to be a group homomorphism if
f(a ● b) = f(a) ● f(b)
for all a,b in G1.
Every isomorphism is an one-to-one and onto homomorpism.
14. Raw RSA MAGMA code
p:=NextPrime(Random([1..2^124]));
q:=NextPrime(Random([1..2^124]));
n:=p*q;
phi:=(p-1)*(q-1);
repeat
e:=Random([1..phi]);
until GCD(e,phi) eq 1;
g,x,y:=XGCD(e,phi);
d:=x mod phi;
//ENCRYPTION
m:=Random([0..n]);
c:=Modexp(m,e,n);
m;
//DECRYPTION
Modexp(c,d,n);
15. Partially Homomorphism of Raw RSA MAGMA code
p:=NextPrime(Random([1..2^124]));
q:=NextPrime(Random([1..2^124]));
n:=p*q;
phi:=(p-1)*(q-1);
repeat
e:=Random([1..phi]);
until GCD(e,phi) eq 1;
g,x,y:=XGCD(e,phi);
d:=x mod phi;
//ENCRYPTION
m1:=Random([0..n]);
m2:=10;
c:=Modexp(m1*m2,e,n);
(Modexp(m1,e,n)*Modexp(m2,e,n)) mod n;
c;
//DECRYPTION
Modexp(c,d,n);
(m1*m2) mod n;
20. Fully Homomorphic Encryption
Plaintext and Ciphertext are both in 𝑧2 ring
Function E in homomorphic for both addition and multipication if;
E(x) + E(y) = E(x + y)
E(x) * E(y) = E(x * y)
21. Fully Homomorphic Encryption
• Is there an encryption function (E) such that both E(x + y) and E(x.y)
are easy to compute from E(x) and E(y)? (Rivest 1978)
22. What is ‘Fully Homomorphic’?
• Function ‘Evaluate’ must output a ciphertext which can be efficiently
computed without any loss.
23. Craig Gentry’s Fully Homomorphic Encryption
Scheme
An additional ‘Evaluate’ function on encrypted data.
𝐶∗ ← Evaluate (pk, C, 𝐶∗
1, . . . , 𝐶∗
𝑡)
26. Noise Parameter
• The multipication and addition is done by
attached «noise parameter» in ciphertext
which is smaller than N.
27. Somewhat Homomorphism
• Encryption outputs a ciphertext with small noise less than n.
• But, decryption works as long as the noise is less than some threshold
N ≫ n.
• Depth of circuits roughly is; log log N − log log n
28. Suppose we have ‘Recrypt’ function which has;
• Input: ciphertext E(a) with noise 𝑁′ < 𝑁 .
• Output: «fresh» ciphertext E(a) with noise 𝑁′′ < 𝑁.
(Also encrypts ‘a’ again)
This operation is done recursively.
Then, we can constract a fully homomorphic scheme for ‘Recrypt’
function out of somewhat homomorphic scheme for addition and
multipication.
The term ‘Fully Homomorphic’
29. Somewhat Homomorphic Scheme Example
using Integers
• KeyGen = Odd(p) > 2N
• Plaintext is b = {0,1}
• x = Random(-n/2, n/2)
• k ∈ ℤ
• Ciphertext is c = b + 2x + k*p which b + 2x ∈ −𝑁, 𝑁 ⊂ (−p/2, p/2)
• Noise is c mod p
• Decryption is b = (Noise) mod 2
30. Somewhat Homomorphic Scheme
• To add two ciphertexts;
𝑐 = 𝑐1 + 𝑐2 = 𝑏1 + 𝑏2 + 2 𝑥1 + 𝑥2 + 𝑘1 + 𝑘2 𝑝 = 𝑏1⨁ 𝑏2 + 2𝑥 + 𝑘𝑝
Decryption recovers the 𝑏1⨁ 𝑏2 as long as (𝑏1 + 2𝑥1) + (𝑏2 + 2𝑥2) ∈ [-N,N]
• To multiplicate two ciphertexts;
𝑐 = 𝑐1 ∗ 𝑐2 = 𝑏1 ∗ 𝑏2 + 2 𝑏1 𝑥2 + 𝑏2 𝑥1 + 2𝑥1 𝑥2 + 𝑘𝑝 = 𝑏1 ∗ 𝑏2 + 2x +𝑘𝑝
Decryption recovers the 𝑏1 ∗ 𝑏2 as long as (𝑏1 + 2𝑥1) * (𝑏2 + 2𝑥2) ∈ [-N,N]
31. Lattice Based Cryptosystems
• Cryptosystems based on computational hardness of several lattice
problems which are;
• Shortest Vector Problem (SVP)
• Closest Vector Problem (CVP)
• Shortest Independent Vector Problem (SIVP)
• Bounded Distance Decoding Problem (BDDP)
• Ideal Coset Problem (ICP)
32. Rings and Ideals
• A ring is a set which are closed under addition, multiplication and
have an addivite identitiy ‘0’ and multiplicative identitiy ‘1’
• An ideal I of a ring R is a subset 𝐼 ⊆ 𝑅 such that 𝑗=1
𝑡
𝑖𝑗 ∗ 𝑟𝑗 ∈ 𝐼 for
any 𝑖1, … , 𝑖 𝑡 ∈ 𝐼 and 𝑟, … , 𝑟𝑡 ∈ 𝑅
E.g. 2 is an ideal of ℤ consisting of the set of even numbers.
33. • An ideal lattice, is simply an ideal in ℤ[x]/(f(x)).
• f(x) of degree n; each such ideal can be represented by a lattice
generated by the columns of a lattice basis 𝐵𝚤 , an n × n matrix.
Ideal Lattices
34. Ideal Lattices
• Ideal lattices gives the public key scheme of the somewhat
homomorhpic encryption.
• «Good» representation of an ideal lattice can be used as secret key.
• «Bad» representation of an ideal lattice can be used as public key.
• Where is the security of it?
35. Ideal Coset Problem (ICP)
This problem is close to the decision problem of Closest Vector
Problem.
R is a ring,
I and J are relatively prime ideals if I + J = R.
𝐵𝚤 is the basis of the given lattice L
Fix R, 𝐵𝚤, algorithm IdealGen, and an algorithm Samp1 that efficiently
samples R.
36. The challenger sets b ← 𝑅
{0, 1} and (𝐵J
sk 𝐵J
pk
) ← 𝑅
IdealGen(R, 𝐵𝚤).
If b = 0, it sets r ← 𝑅
Samp1(R) and t ← r mod 𝐵J
pk
.
If b = 1, it samples t uniformly from R mod 𝐵J
pk
.
The problem: guess b given (t, 𝐵J
pk
).
Ideal Coset Problem (ICP)
37. Subset Sum problem
Gives security against recovering secret key from additional data due to
squashing the decryption circuit.
38. • Let J is an ideal lattice in ring R
• j ∈ J
• Plaintext is b = {0,1}
• x = Random(-n/2, n/2)
• k ∈ ℤ
• Ciphertext is c = b + 2x + J which b + 2x ∈ −𝑁, 𝑁 ⊂ (−p/2, p/2)
• Decryption is b = (Noise) mod 2
Back to Somewhat Homomorphic Scheme
39. Noise Problem
• While addition and multipication operations are being occured, the
«noise» increases.
• If «noise» ∉ −𝑛, 𝑛 then decryption will be wrong.
• An extra operation needed for «refreshing» the cyphertext if the
secret key is unknown.
40. • A self-sustaining process without requiring any external help.
Bootstrapping
41. Bootstrapping
• The noise parameter increases every computation on encrypted data.
• A «Refresh» is needed for the ciphertext every once in a while.
42. • If the bootstrapping can be made, than we can refresh ciphertext via
recryption.
• Suppose we have two public-secret key pairs;
• (𝑠𝑘1, 𝑝𝑘1) = (𝑠𝑘2, 𝑝𝑘2)
• Then;
• Decrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑠𝑘1, Encrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑝𝑘1,m)) = m
• Decrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑠𝑘2, Encrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑝𝑘2,m)) = m
for any message.
Bootstrapping
43. • Take an encryption of 𝑠𝑘1 under the public key 𝑝𝑘2
• Encrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑝𝑘2, 𝑠𝑘1) = 𝐸1
• Take an encryption of the initial ciphertext under the public key pk2
• Encrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑝𝑘2, Encrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑝𝑘1,m)) = 𝐸2
Bootstrapping
44. • Consider;
• Decrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝐸1,𝐸2) = Encrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑝𝑘2,m)
The inner encryption is removed
• Assume the scheme «Evaluate» can homomorphically evaluate;
• Decrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑠𝑘,𝑐1) + Decrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑠𝑘,𝑐2)
• Decrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑠𝑘,𝑐1) * Decrypt 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒(𝑠𝑘,𝑐2)
Then the «Evaluate» is bootstrappable
Bootstrapping
45. Advantages of using Ideal Lattices
• Very low circuit complexity compared to RSA or ElGamal.
• Security can be based on standard problems over ideal lattices, that
seem to be as hard as standard well-studied problems over general
lattices.
46. Inefficiency of Craig Gentry ’s scheme
• Computation time increases sharply with the security level of the
homomorphic scheme.
• The computation time and ciphertext size in Craig Gentry’s scheme
are high-degree polynomials.
• Decryption circuit depth is larger than what EvaluateE function can
handle.
47. Second Homomorphic Encryption Scheme
An additional secret key is added into ciphertext scheme,
c * s = b + 2e
Security is based on the hardness of Learning with Errors problem.
• Improved noise behavior
• Improved security reductions
• Significant efficiency improvements using “batching”
48. Implementations
• Using Homomorphic Encryption for Large Scale Statistical Analysis
• Private Database Queries using Somewhat Homomorphic Encryption
• HElib library, the implementation of Brakerski-Gentry-
Vaikuntanathan (BGV) scheme focusing;
• Effective use of the Smart-Vercauteren ciphertext packing techniques
• Gentry-Halevi-Smart optimizations
49. HElib
https://github.com/shaih/HElib
• Has been developed in C++ and NTL Number Theory math library by
Victor Shoup and Shai Halevi
• Provides low level operations for multipication, addition etc.
• Suppors multi-threading
50. Implementation of Somewhat Homomorphic
Encryption over Integers on MAGMA
//SOMEWHAT HOMOMORPHIC ENCRYPTION using RSA
//
//
//Rüstem Göktuğ SEREZ
//
//
//Referenced by
//Computing Arbitrary Functions of Encrypted Data, Craig
Gentry
//http://crypto.stanford.edu/craig/easy-fhe.pdf
51. //lambda is the security parameter
init := function(lambda)
l := lambda;
N := 2^lambda;
P := 2^(lambda^2);
Q := 2^(lambda^5);
return l,N,P,Q;
end function;
l,N,P,Q := init(3);
Implementation of Somewhat Homomorphic
Encryption over Integers on MAGMA
52. //randomly select odd number of P bits with base 2
keygen := function()
p := Random([1,P-1]);
if (p mod 2) eq 0 then
p := p + Random([1,2]);
end if;
return p;
end function;
p := keygen();
Implementation of Somewhat Homomorphic
Encryption over Integers on MAGMA
53. //compute m' = m mod 2, c = m' + pq
encrypt := function(m)
mprime := Random([1,N-1]);
mprime := mprime - mprime mod 2 + m mod 2;
q := Random([1,Q-1]);
return mprime + p*q;
end function;
//compute m = (c mod p) mod 2
decrypt := function(c)
return (c mod p) mod 2;
end function;
Implementation of Somewhat Homomorphic
Encryption over Integers on MAGMA
55. //RSA ENCRYPTION
m1:=Random([1..n1]);
c1:=Modexp(m1,e,n1);
printf "Plaintext: %on",m1;
printf "Ciphertext: %on",c1;
//value that we will add to ciphertext
op := 128;
//binary conversions
mbin := IntegerToSequence(m1,2);
opbin := IntegerToSequence(op,2);
cbin := IntegerToSequence(c1,2);
Implementation of Somewhat Homomorphic
Encryption over Integers on MAGMA
56. //noise parameter must be smaller than b
//HOMOMORPHIC ENCRYPTION
for i in [1..#opbin] do
cbin[i] := encrypt(cbin[i]) + encrypt(opbin[i]);
end for;
//HOMOMORPHIC DECRYPTION
for i in [1..#cbin] do
cbin[i] := decrypt(cbin[i]);
end for;
//decimal conversion
c2 := SequenceToInteger(cbin,2);
printf "Summed Ciphertext: %on",c2;
printf "Addend value to Ciphertext: %on",AbsoluteValue(c2 - c1);
printf "Noise: %o",c2 mod 2;
Implementation of Somewhat Homomorphic
Encryption over Integers on MAGMA
57. References
• http://blog.cryptographyengineering.com/2012/01/very-casual-introduction-to-fully.html
• http://en.wikipedia.org/wiki/Homomorphic_encryption
• http://en.wikipedia.org/wiki/Homomorphism
• https://github.com/shaih/HElib
• https://martinralbrecht.wordpress.com/2010/08/19/somewhat-homomorphic-encryption/
• http://crypto.stanford.edu/craig/easy-fhe.pdf
• C. Gentry, A FULLY HOMOMORPHIC ENCRYPTION SCHEME, September 2009
• Homomorphic Encryption and Applications, By Xun Yi, Russell Paulet, Elisa Bertino.
• Homomorphic Cryptosystems, Edlyn Teske-Wilson, University of Waterloo, University of Waterloo
• 5 years of FHE, Zvika Brakerski, Weizmann Institute of Science, Aarhus MPC Workshop, May 2014
• Open problems in lattice-based cryptography, Steven Galbraith
• Public Key Ciphers, Hüseyin HIŞIL, Spring, 2014-2015
• Homomorphic Encryption, Shai Halevi, Crypto 2011