Results 1  10
of
14
Improved Security for a RingBased Fully Homomorphic Encryption Scheme
"... Abstract. In 1996, Hoffstein, Pipher and Silverman introduced an efficient lattice based encryption scheme dubbed NTRUEncrypt. Unfortunately, this scheme lacks a proof of security. However, in 2011, Stehlé and Steinfeld showed how to modify NTRUEncrypt to reduce security to standard problems in idea ..."
Abstract

Cited by 26 (6 self)
 Add to MetaCart
Abstract. In 1996, Hoffstein, Pipher and Silverman introduced an efficient lattice based encryption scheme dubbed NTRUEncrypt. Unfortunately, this scheme lacks a proof of security. However, in 2011, Stehlé and Steinfeld showed how to modify NTRUEncrypt to reduce security to standard problems in ideal lattices. At STOC 2012, LópezAlt, Tromer and Vaikuntanathan proposed a fully homomorphic scheme based on this modified system. However, to allow homomorphic operations and prove security, a nonstandard assumption is required in their scheme. In this paper, we show how to remove this nonstandard assumption via techniques introduced by Brakerski at CRYPTO 2012 and construct a new fully homomorphic encryption scheme from the Stehlé and Steinfeld version based on standard lattice assumptions and a circular security assumption. The scheme is scaleinvariant and therefore avoids modulus switching, it eliminates ciphertext expansion in homomorphic multiplication, and the size of ciphertexts is one ring element. Moreover, we present a practical variant of our scheme, which is secure under stronger assumptions, along with parameter recommendations and promising implementation results. Finally, we present a novel approach for encrypting larger input sizes by applying a CRT approach on the input space.
Private computation on encrypted genomic data
, 2014
"... A number of databases around the world currently host a wealth of genomic data that is invaluable to researchers conducting a variety of genomic studies. However, patients who volunteer their genomic data run the risk of privacy invasion. In this work, we give a cryptographic solution to this proble ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
A number of databases around the world currently host a wealth of genomic data that is invaluable to researchers conducting a variety of genomic studies. However, patients who volunteer their genomic data run the risk of privacy invasion. In this work, we give a cryptographic solution to this problem: to maintain patient privacy, we propose encrypting all genomic data in the database. To allow meaningful computation on the encrypted data, we propose using a homomorphic encryption scheme. Specifically, we take basic genomic algorithms which are commonly used in genetic association studies and show how they can be made to work on encrypted genotype and phenotype data. In particular, we consider the Pearson GoodnessofFit test, the D ′ and r2measures of linkage disequilibrium, the Estimation Maximization (EM) algorithm for haplotyping, and the CochranArmitage Test for Trend. We also provide performance numbers for running these algorithms on encrypted data. 1
Hardness of decision (R)LWE for any modulus
, 2012
"... Abstract. The decision Learning With Errors problem has proven an extremely flexible foundation for devising provably secure cryptographic primitives. LWE can be expressed in terms of linear algebra over Z/qZ. This modulus q is the subject of study of the present work. When q is prime and small, or ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The decision Learning With Errors problem has proven an extremely flexible foundation for devising provably secure cryptographic primitives. LWE can be expressed in terms of linear algebra over Z/qZ. This modulus q is the subject of study of the present work. When q is prime and small, or when it is exponential and composite with small factors, LWE is known to be at least as hard as standard worstcase problems over euclidean lattices (sometimes using quantum reductions). The Ring Learning With Errors problem is a structured variant of LWE allowing for more compact keys and more efficient primitives. It is known to be at least as hard as standard worstcase problems restricted to socalled ideal lattices, but under even more restrictive arithmetic conditions on q. In this work, we prove that the arithmetic form of the modulus q is irrelevant to the computational hardness of LWE and RLWE. More precisely, we show that these problems are at least as hard as standard worstcase problems on lattices, under the unique condition that q is of polynomial bitsize. This result is most useful for adapting LWEbased cryptographic constructions to the RLWE setting. Among others, this allows us to derive the first IdentityBased Encryption scheme of quasioptimal performance proven secure under standard worstcase lattice assumptions, in the standard model. Other applications include authentication, functional encryption and traitor tracing.
Armadillo: a compilation chain for privacy preserving applications
"... In this work we present Armadillo a compilation chain used for compiling applications written in a highlevel language (C++) to work on encrypted data. The backend of the compilation chain is based on homomorphic encryption. The toolchain further automatically handle a huge amount of parallelism ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
In this work we present Armadillo a compilation chain used for compiling applications written in a highlevel language (C++) to work on encrypted data. The backend of the compilation chain is based on homomorphic encryption. The toolchain further automatically handle a huge amount of parallelism so as to mitigate the performance overhead of using homomorphic encryption. 1
Compilation techniques for efficient encrypted computation. Cryptology ePrint Archive, Report 2012/266
, 2012
"... Fully homomorphic encryption (FHE) techniques are capable of performing encrypted computation on Boolean circuits, i.e., the user specifies encrypted inputs to the program, and the server computes on the encrypted inputs. Applying these techniques to general programs with recursive procedures and da ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Fully homomorphic encryption (FHE) techniques are capable of performing encrypted computation on Boolean circuits, i.e., the user specifies encrypted inputs to the program, and the server computes on the encrypted inputs. Applying these techniques to general programs with recursive procedures and datadependent loops has not been a focus of attention. In this paper, we take a first step toward building a compiler that, given programs with complex control flow, generates efficient code suitable for the application of FHE schemes. We first describe how programs written in a small Turingcomplete instruction set can be executed with encrypted data and point out inefficiencies in this methodology. We then provide examples of transforming (a) the greatest common divisor (GCD) problem using Euclid’s algorithm and (b) the 3Satisfiability (3SAT) problem using a recursive backtracking algorithm into a pathlevelized form to which FHE can be applied. We describe how path levelization reduces control flow ambiguity and improves encrypted computation efficiency. Using these techniques and datadependent loops as a starting point, we then build support for hierarchical programs made up of phases, where each phase corresponds to a fixed point computation that can be used to further improve the efficiency of encrypted computation. In our setting, the adversary learns an estimate of the number of steps required to complete the computation, which we show is the least amount of leakage possible. 1.
I.: Modular hardware architecture for somewhat homomorphic function evaluation
 IACR Cryptology ePrint Archive 2015, 337 (2015), http: //eprint.iacr.org/2015/337
"... Abstract. We present a hardware architecture for all building blocks required in polynomial ring based fully homomorphic schemes and use it to instantiate the somewhat homomorphic encryption scheme YASHE. Our implementation is the first FPGA implementation that is designed for evaluating functions ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We present a hardware architecture for all building blocks required in polynomial ring based fully homomorphic schemes and use it to instantiate the somewhat homomorphic encryption scheme YASHE. Our implementation is the first FPGA implementation that is designed for evaluating functions on homomorphically encrypted data (up to a certain multiplicative depth) and we illustrate this capability by evaluating the SIMON64/128 block cipher in the encrypted domain. Our implementation provides a fast polynomial operations unit using CRT and NTT for multiplication combined with an optimized memory access scheme; a fast Barrett like polynomial reduction method; an efficient divide and round unit required in the multiplication of ciphertexts and an efficient CRT unit. These building blocks are integrated in an instructionset coprocessor to execute YASHE, which can be controlled by a computer for evaluating arbitrary functions (up to the multiplicative depth 44 and 128bit security level). Our architecture was compiled for a single Virtex7 XC7V1140T FPGA, where it consumes 23 % of registers, 53 % of LUTs, 53 % of DSP slices, and 38 % of BlockRAM memory. The implementation evaluates SIMON64/128 in approximately 171.3 s (at 143 MHz) and it processes 2048 ciphertexts at once giving a relative time of only 83.6 ms per block. This is 24.5 times faster than the leading software implementation on a 4core Intel Corei7 processor running at 3.4 GHz.
“Are we close? ” – Secure Proximity Computation in Geosocial Networks
"... Abstract—With the growing popularity of mobile devices that have sophisticated localization capability, it becomes more convenient and tempting to give away location data in exchange for recognition and status in the social networks. Geosocial networks, as an example, offer the ability to notify a ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—With the growing popularity of mobile devices that have sophisticated localization capability, it becomes more convenient and tempting to give away location data in exchange for recognition and status in the social networks. Geosocial networks, as an example, offer the ability to notify a user or trigger a service when a friend is within geographical proximity. To achieve this, users ’ devices need to periodically send location updates to the service provider, which then computes the geographical distance in an unencrypted form. Existing privacy preserving mechanisms focus on the storage or release of coordinate data by means of classical encryption and differential privacy. These techniques limit the utility of the encrypted or synthesized data if further computations are needed. In this paper, we present two methods to support secure distance computation on encrypted location data; that is, computing distance functions without knowing the actual coordinates of users. The underlying security is ensured by the homomorphic encryption scheme which supports computation on encrypted data. We demonstrate feasibility of the proposed approaches by conducting various performance evaluations on platforms with different specifications. We argue that the novelty of this work enables a new breed of pervasive and mobile computing concepts, which was previously not possible due to the lack of feasible mechanisms that support computation on encrypted location data. I.
Towards an Interpreter for Efficient Encrypted Computation
"... Fully homomorphic encryption (FHE) techniques are capable of performing encrypted computation on Boolean circuits, i.e., the user specifies encrypted inputs to the program, and the server computes on the encrypted inputs. Applying these techniques to general programs with recursive procedures and da ..."
Abstract
 Add to MetaCart
(Show Context)
Fully homomorphic encryption (FHE) techniques are capable of performing encrypted computation on Boolean circuits, i.e., the user specifies encrypted inputs to the program, and the server computes on the encrypted inputs. Applying these techniques to general programs with recursive procedures and datadependent loops has not been a focus of attention. In this paper, we take a first step toward building an interpreter that, given programs with complex control flow, schedules efficient code suitable for the application of FHE schemes. We first describe how programs written in a small Turingcomplete instruction set can be executed with encrypted data and point out inefficiencies in this methodology. We then provide examples of scheduling (a) the greatest common divisor (GCD) problem using Euclid’s algorithm and (b) the 3Satisfiability (3SAT) problem using a recursive backtracking algorithm into pathlevelized FHE computations. We describe how path levelization reduces control flow ambiguity and improves encrypted computation efficiency. Using these techniques and datadependent loops as a starting point, we then build support for hierarchical programs made up of phases, where each phase corresponds to a fixed point computation that can be used to further improve the efficiency of encrypted computation. In our setting, the adversary learns an estimate of the number of steps required to complete the computation, which we show is the least amount of leakage possible.
A masked ringLWE implementation?
"... Abstract. Latticebased cryptography has been proposed as a postquantum publickey cryptosystem. In this paper, we present a masked ringLWE decryption implementation resistant to firstorder sidechannel attacks. Our solution has the peculiarity that the entire computation is performed in the mask ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Latticebased cryptography has been proposed as a postquantum publickey cryptosystem. In this paper, we present a masked ringLWE decryption implementation resistant to firstorder sidechannel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ringLWE decryption are Boolean shares suitable for derivation of a symmetric key. We have implemented a hardware architecture of the masked ringLWE processor on a VirtexII FPGA, and have performed side channel analysis to confirm the soundness of our approach. The area of the protected architecture is around 2000 LUTs, a 20 % increase with respect to the unprotected architecture. The protected implementation takes 7478 cycles to compute, which is only a factor ×2.6 larger than the unprotected implementation. 1
Cryptographic Algorithms for the Secure Delegation of Multiparty Computation
, 2014
"... “It never ceased to amaze me, until suddenly one day I felt beautiful and holy for having had the courage to hold on to my sanity after all I’d seen and been through, body and soul, in too loud a solitude, and slowly I came to the realization that my work was hurtling me headlong into an infinite fi ..."
Abstract
 Add to MetaCart
(Show Context)
“It never ceased to amaze me, until suddenly one day I felt beautiful and holy for having had the courage to hold on to my sanity after all I’d seen and been through, body and soul, in too loud a solitude, and slowly I came to the realization that my work was hurtling me headlong into an infinite field of omnipotence.”