In this work, we develop a methodology for determining the communication required to implement various two-party functionalities noninteractively. In the particular setting on which we focus, the protocols are based upon somewhat homomorphic encryption, and furthermore, they treat the homomorphic properties as a black box. In this setting, we develop lower bounds which give a smooth trade-off between the communication complexity and the “expressiveness” of the cryptosystem---the latter being measured in terms of the depth of the arithmetic circuits that can be evaluated on ciphertext. Given the current state of the art in homomorphic encryption, this trade-off may also be viewed as one between communication and computation, since at present, more expressive cryptosystems are markedly less efficient. We then apply this methodology to place lower bounds on a number of cryptographic protocols including private information retrieval writing and private keyword search. Our work provides a useful “litmus test” of feasibility for use by other cryptographic researchers attempting to develop new protocols that use somewhat homomorphic encryption in a black-box way and require certain levels of communication efficiency. We also answer an open question from the thesis of Doerte K. Rappe [Homomorphic Cryptosystems and Their Applications, Universität Dortmund, Germany, 2006] regarding the construction of fully homomorphic encryption from group homomorphic encryption.


  1. homomorphic encryption
  2. private information retrieval
  3. communication complexity

MSC codes

  1. 68R
  2. 68Q
  3. 94A
  4. 94C

Get full access to this article

View all available purchase options and get full access to this article.


H. Abelson, Lower bounds on information transfer in distributed computations, J. ACM, 27 (1980), pp. 384--392.
D. A. M. Barrington, Bounded-width polynomial-size branching programs recognize exactly those languages in nc$^1$, in proceedings of STOC, 1986, pp. 1--5.
N. Bitansky, A. Chiesa, Y. Ishai, R. Ostrovsky, and O. Paneth, Succinct non-interactive arguments via linear interactive proofs, in TCC, 2013, pp. 315--333.
D. Beaver, Minimal-latency secure function evaluation, in proceedings of EUROCRYPT, 2000, pp. 335--350.
D. Boneh, E-J. Goh, and K. Nissim, Evaluating 2-DNF formulas on ciphertexts, in proceedings of TCC'05, 2005, pp. 325--341.
Z. Brakerski, C. Gentry, and V. Vaikuntanathan, Fully homomorphic encryption without bootstrapping, IACR Cryptology ePrint Archive, 2011:277, 2011.
D. Boneh, E. Kushilevitz, R. Ostrovsky, and W. E. Skeith, Public key encryption that allows PIR queries, in proceedings of CRYPTO'07, 2007, pp. 50--67.
D. Boneh and R. J. Lipton, Algorithms for black-box fields and their application to cryptography (extended abstract), in proceedings of CRYPTO, 1996, pp. 283--297.
M. Ben-Or and R. Cleve, Computing algebraic formulas using a constant number of registers, SIAM J. Comput., 21 (1992), pp. 54--58.
Z. Brakerski, Fully homomorphic encryption without modulus switching from classical gapsvp, \newblock IACR Cryptology ePrint Archive, 2012:78, 2012.
Z. Brakerski and V. Vaikuntanathan, Efficient fully homomorphic encryption from (standard) LWE, SIAM J. Comput., 43 (2014), pp. 831--871.
Z. Brakerski and V. Vaikuntanathan, Lattice-based FHE as secure as PKE, IACR Cryptology ePrint Archive, 2013:541, 2013.
Y. C. Chang, Single database private information retrieval with logarithmic communication, in proceedings of the Australian Conference on Information Security and Privacy, 2004.
I. Damg\aard and M. Jurik, A length-flexible threshold cryptosystem with applications, in proceedings of ACISP, 2003, pp. 350--364.
P. Freyd, Abelian Categories, Harper & Row, New York, 1964.
W. Feit and J. G. Thompson, Solvability of groups of odd order, Pacific J. Math., 13 (1963), pp. 775--1029.
T. El Gamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, 31 (1985), pp. 469--472.
C. Gentry, Fully homomorphic encryption using ideal lattices, in Proceedings of the 41st Annual ACM Symposium on Theory of Computing, New York, 2009, pp. 169--178.
C. Gentry, Fully homomorphic encryption without bootstrapping, Cryptology ePrint Archive, 2011: 277, 2011.
C. Gentry and S. Halevi, Implementing Gentry's fully-homomorphic encryption scheme, Cryptology ePrint Archive, 2010: 520, 2010.
C. Gentry and S. Halevi, Fully homomorphic encryption without squashing using depth-3 arithmetic circuits, Cryptology ePrint Archive, 2011: 279, 2011.
C. Gentry, S. Halevi, and V. Vaikuntanathan, A simple BGN-type cryptosystem from LWE, Cryptology ePrint Archive, 2010: 182, 2010.
S. Goldwasser and S. Micali, Probabilistic encryption, J. compute. System Sci., 28 (1984), pp. 270--299.
O. Goldreich, Foundations of Cryptography: Volume II. Basic Applications. Cambridge University Press, New York, 2000.
C. Gentry, A. Sahai, and B. Waters, Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, IACR Cryptology ePrint Archive, 2013:340, 2013.
Y. Ishai, E. Kushilevitz, and R. Ostrovsky, Sufficient conditions for collision-resistant hashing, in proceedings of TCC, 2005, pp. 445--456.
K. Krohn, W.D. Maurer, and J. Rhodes, Realizing complex boolean functions with simple groups, Inform. Control, 9 (1966), pp. 190--195.
E. Kushilevitz and N. Nisan, Communication Complexity, Cambridge University Press, New Yorks, 2006.
E. Kushilevitz and R. Ostrovsky, Replication is not needed: Single database, computationally-private information retrieval, in proceedings of FOCS, 1997, pp. 364--373.
E. Kushilevitz and R. Ostrovsky, One-way trapdoor permutations are sufficient for non-trivial single-server private information retrieval, in proceedings of EUROCRYPT 2000, Springer, New York, 2000, pp. 104--121.
V. Kolesnikov, A. R. Sadeghi, and T. Schneider, How to combine homomorphic encryption and garbled circuits, in proceedings of the Signal Processing in the Encrypted Domain--First SPEED Workshop, Lausanne, 2009, p. 100.
A. Kawachi, K. Tanaka, and K. Xagawa Multi-bit cryptosystems based on lattice problems, in Public Key Cryptography, Lecture Notes in Comput. Sci. 4450, Springer, Berlin, 2007, pp. 315--329.
C. A. Melchor, P. Gaborit, and J. Herranz, Additively homomorphic encryption with d-operand multiplications, Cryptology ePrint Archive, 2008: 378, 2008.
S. MacLane, Categories for the Working Mathematician, Grad. Texts in Math., Springer, New York, 1998.
W. D. Maurer and J. L. Rhodes, A property of finite simple non-abelian groups, Proc. Amer. Math. Soc., 16 (1965).
U. M. Maurer and S. Wolf, Lower bounds on generic algorithms in groups, in proceedings of EUROCRYPT, 1998, pp. 72--84.
M. Naehrig, K. Lauter, and V. Vaikuntanathan, Can homomorphic encryption be practical? In Proceedings of the 3rd ACM workshop on Cloud computing security workshop, ACM, 2011, pp. 113--124.
R. Ostrovsky and W. E. Skeith, Private searching on streaming data, Journal of Cryptology, 20 (2007), pp. 397--430.
Pascal Paillier, Public-key cryptosystems based on composite degree residuosity classes, In EUROCRYPT, 1999, pp. 223--238.
Doerte K. Rappe, Homomorphic Cryptosystems and Their Applications, Universität Dortmund, Germany, 2006; available online from ŭlhttp://eprint.iacr.org/ 2006/001.
R. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM, 21 (1978), pp. 120--126.
V. Shoup, Lower bounds for discrete logarithms and related problems, in proceedings of EUROCRYPT, 1997, pp. 256--266.
N. P. Smart and F. Vercauteren, Fully homomorphic encryption with relatively small key and ciphertext sizes, in proceedings of the 13th International Conference on practice and Theory Public Key Cryptography, 2010, pp. 420--443.
T. Sander, A. Young, and M. Yung, Non-interactive cryptocomputing for $\mathrm{NC}^{1}$, in proceedings of FOCS, 1999, pp. 554--567.
M. van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, Fully homomorphic encryption over the integers, in proceedings of EUROCRYPT, 2010, pp. 24--43.
A C.-C. Yao, Some complexity questions related to distributive computing (preliminary report), in Proceedings of the 11th Annual ACM Symposium on Theory of Computing, 1979, pp. 209--213.

Information & Authors


Published In

cover image SIAM Journal on Discrete Mathematics
SIAM Journal on Discrete Mathematics
Pages: 266 - 295
ISSN (online): 1095-7146


Submitted: 13 December 2011
Accepted: 10 December 2015
Published online: 16 February 2016


  1. homomorphic encryption
  2. private information retrieval
  3. communication complexity

MSC codes

  1. 68R
  2. 68Q
  3. 94A
  4. 94C



Metrics & Citations



If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

Cited By

View Options

View options


View PDF







Copy the content Link

Share with email

Email a colleague

Share on social media